447 Information Security Manager jobs in the United Kingdom

Information Security Manager

70,000- 75,000 PA

Central London

Well-established construction engineering business is seeking an experienced Information Security Manager to join them on a permanent basis. You'll be joining at a critical time where they are expanding their technical team with an ambitious growth plan with multiple acquisitions planned over the coming years.

The Information Security Manager will be a crucial component in ensuring the effective management of both the technical cyber security environment and wider information security management piece for the business. This role is responsible for ensuring robust cyber security controls with a strong emphasis on ISO 27001 readiness. You'll liaise with assessors and internal teams, drive ISO-related strategies and use prior experience to ensure certification plans stay on track. Working with external teams to align processes, you'll also oversee InfoSec/Cyber services, conduct risk assessments and recommend security improvements.

Responsibilities:

• Ownership and maintenance of all security related policies and procedures, implementing Security by Design and driving a culture of cyber security awareness in the business
• Liaise with external ISO27001 assessors and internal teams to ensure smooth assessments
• Actively contribute to ISO processes, strategies and problem-solving
• Use prior ISO experience to support certification readiness
• Working closely with stakeholders across the business in relation to Information Security Strategy and the creation, delivery and maintenance of a robust Cyber Security roadmap
• Handle varied and complex security challenges, from system reviews to high-level risk assessments
• Work closely with third-party suppliers in relation to audits, forensic analysis and pen testing

Requirements:

• Experience with ISO 27001 is essential
• Strong background in cyber security management
• Proven experience in identifying and mitigating security risks#
• Ability to make actionable recommendations for security improvements
• Experience with GDPR and data protection, together with knowledge of IS standards
• Security assessment frameworks (threat modelling, controls assessment, risk assessment)
• Relevant qualifications; CISSP, CISM or similar would be beneficial.

Based in Central London, 4 days per week onsite initially dropping to 3 once passed probation.

Information Security GRC Manager | ISO27001, SOC2, Azure Security | Global Trading Platform

• £70–80k base + 10% bonus
• Hybrid in London
• Training budget for certifications + conference attendance
• Strong emphasis on professional autonomy and ethical leadership

A newly created opportunity to lead and shape the GRC function of a global financial group at a pivotal time, supporting the secure rollout of U.S. banking operations, driving ISO27001 and SOC2 maturity, and mentoring an evolving InfoSec team.

This is a hands-on manager-level role with real scope: oversight of policy, third-party risk, architectural reviews, and cloud compliance. You'll work closely with the Head of InfoSec to maintain audit readiness, improve security posture, and influence business-wide awareness and accountability.

What you’ll bring:

• 5+ years in InfoSec, IT Security or Ops within a regulated environment
• Certification required: CISSP, CISM, CRISC, or equivalent
• Strong knowledge of ISO27001:2022, SOC2 Type II, NIST CSF, PCI DSS, GDPR, DORA
• Confident with security risk assessments, audit responses, and policy governance
• Hands-on cloud security experience: ideally with Azure and the Shared Responsibility Model
• Comfort with complexity: able to analyze architecture, track metrics, and translate acronyms into actionable plans
• Mentorship ability: ready to step up, guide analysts, and model high-integrity InfoSec practice

What you’ll be doing:

• GRC ownership: maintain ISO27001 and SOC2 certifications, policies, and the Information Security Management System
• Third-party risk management: oversee supplier assessments, support junior analysts, and guide reviews via Panorays
• Security awareness & training: manage phishing simulations and content using Proofpoint
• Security architecture reviews: support technical assessments of new systems and services
• Data protection & cloud security: drive governance for Azure, Purview, and shared responsibility models
• Team leadership: mentor two analysts and deputize for the Head of InfoSec when required
• Project support: direct InfoSec involvement in the U.S. banking expansion and business unit reviews

Tech & tools you’ll use:

• Protecht – Enterprise risk and audit management
• Panorays – Third-party risk tooling
• Rapid7 / Armis – Vulnerability management and threat detection
• Proofpoint – Phishing and awareness platform
• Microsoft Purview – Data governance and compliance
• Azure & AWS – Cloud IAM, encryption, monitoring (Sentinel experience valued)

Why this role?

• High-impact GRC project work tied to new market expansion
• Strong internal security culture: backed by a collaborative team and engaged InfoSec leadership
• A clear opportunity to stretch across awareness, compliance, and operational domains

Information Security GRC Manager | ISO27001, SOC2, Azure Security | Global Trading Platform

Information Security GRC Manager | ISO27001, SOC2, Azure Security | Global Trading Platform

• £70–80k base + 10% bonus
• Hybrid in London
• Training budget for certifications + conference attendance
• Strong emphasis on professional autonomy and ethical leadership

A newly created opportunity to lead and shape the GRC function of a global financial group at a pivotal time, supporting the secure rollout of U.S. banking operations, driving ISO27001 and SOC2 maturity, and mentoring an evolving InfoSec team.

This is a hands-on manager-level role with real scope: oversight of policy, third-party risk, architectural reviews, and cloud compliance. You'll work closely with the Head of InfoSec to maintain audit readiness, improve security posture, and influence business-wide awareness and accountability.

What you’ll bring:

• 5+ years in InfoSec, IT Security or Ops within a regulated environment
• Certification required: CISSP, CISM, CRISC, or equivalent
• Strong knowledge of ISO27001:2022, SOC2 Type II, NIST CSF, PCI DSS, GDPR, DORA
• Confident with security risk assessments, audit responses, and policy governance
• Hands-on cloud security experience: ideally with Azure and the Shared Responsibility Model
• Comfort with complexity: able to analyze architecture, track metrics, and translate acronyms into actionable plans
• Mentorship ability: ready to step up, guide analysts, and model high-integrity InfoSec practice

What you’ll be doing:

• GRC ownership: maintain ISO27001 and SOC2 certifications, policies, and the Information Security Management System
• Third-party risk management: oversee supplier assessments, support junior analysts, and guide reviews via Panorays
• Security awareness & training: manage phishing simulations and content using Proofpoint
• Security architecture reviews: support technical assessments of new systems and services
• Data protection & cloud security: drive governance for Azure, Purview, and shared responsibility models
• Team leadership: mentor two analysts and deputize for the Head of InfoSec when required
• Project support: direct InfoSec involvement in the U.S. banking expansion and business unit reviews

Tech & tools you’ll use:

• Protecht – Enterprise risk and audit management
• Panorays – Third-party risk tooling
• Rapid7 / Armis – Vulnerability management and threat detection
• Proofpoint – Phishing and awareness platform
• Microsoft Purview – Data governance and compliance
• Azure & AWS – Cloud IAM, encryption, monitoring (Sentinel experience valued)

Why this role?

• High-impact GRC project work tied to new market expansion
• Strong internal security culture: backed by a collaborative team and engaged InfoSec leadership
• A clear opportunity to stretch across awareness, compliance, and operational domains

Information Security GRC Manager | ISO27001, SOC2, Azure Security | Global Trading Platform

Information Security Manager

Location: Central Bristol
Job Type: Full-time, Hybrid (2 days per week in-office)
Salary: £60,000 - £70,000 + Benefits

We are recruiting an Information Security Manager to lead the operational and strategic security programme for a respected organisation headquartered in central Bristol. This hybrid role offers the opportunity to shape the company's approach to informati.

WHJS1_UKTJ

INSTANDA - pushing the boundaries of Insurance Technology.

About us:

INSTANDA is the world’s first no-code cloud-based platform, we are changing the way Insurers can design and deliver insurance products to market, allowing them to configure new products at speed completely disrupting the legacy norms in the industry.
INSTANDA has grown significantly in recent years, and we are now a team of 180+ employees primarily based in the UK and US, with partnerships that operate worldwide. We're continuing to grow our business, and Client Delivery is at the forefront of our growth plans, with partnerships that operate worldwide.  

Our company was built by looking at the world through a different lens and our culture today reflects that by encouraging you to be yourself, speak your mind, and share your opinions. We want people who want to push themselves, be part of something great, and be prepared to challenge themselves if they think there is a better way. Collaboration sits at the heart of how we operate, it has fuelled our growth enormously and our aim to be ‘world class’. People at INSTANDA not only have a real sense of shared ownership but are granted share options to benefit from our long-term success making everyone an owner of the business.

So if this sounds like the place you can thrive in and grow your career, please keep reading!

Follow us to learn more: Instanda.com  | LinkedIn  | Twitter  | YouTube

About the role:

We’re looking for an experienced Information Security Manager who will lead, plan and execute our InfoSec strategy.  You will play a key role in assuring the activities of INSTANDA and a number of our 3rd Party partners. Competent around technology, security frameworks and the cyber threat environment, you will own assurance processes, contribute to a multitude of projects and be involved in decision making.

Your input will be critical to the maintenance and development of Information Security compliance and assurance across the INSTANDA estate and across 3rd parties. A self-starter, you will be comfortable with ambiguity and a lack of detail and be someone who can develop concepts and work with a broad array of individuals and problems. Playing a leading role within InfoSec, with your reach and activity enabling security as a principal consideration across INSTANDA.

Responsibilities will include:

• Overseeing the INSTANDA information security management system (ISMS) including the implementation and maintenance of the ISMS across the business;
• Be a key member of the ISO27001 Steering Committee;
• Engage with external security service providers to ensure support is at the required standards and in line with our business needs;
• Create and maintain security documentation to support the sales process with our clients, and responding to their questions as a respected SME;
• Design and implement the internal security education and awareness programmes;
• Drive the maturity of existing security controls across multiple teams, and in collaboration with colleagues across INSTANDA;
• Proactively identify opportunities to mentor and develop colleagues on all aspect of InfoSec, and;
• Collaborate effectively within internal colleagues in security critical roles to ensure InfoSec is embedded and understood.

Requirements

You’ll have demonstrable, proven experience within the following areas:

You’ll be a proactive self-starter, with a proven track record of building and owning an InfoSec strategy; running your own projects. You’ll effectively manage stakeholders, demonstrating high levels of resilience as you seek to influence at all levels within our business whilst managing multiple simultaneous workstreams.

Accreditation in at least one of the following:

• Certified Information Systems Security Professional (CISSP)
• Certified Information Systems Auditor (CISA)
• Certified Information Security Manager (CISM)

Security Frameworks: you’ll have experience delivering and/or maintaining the following key frameworks: ISO 27001, Cyber Essentials, PCI DSS and SOC2. You'll have an excellent understanding of InfoSec best practice in these areas.

Audits: You have experience of working with internal and external auditors during audits for relevant frameworks and client audits;

Assurance Principles: y ou will play a central role in the maintenance of 3rd party assurance, providing InfoSec guidance to Project Managers; Account Managers and individuals who are looking to work with external firms to drive INSTANDA business operations forward.

Stakeholder Management: your ability to influence and educate others on InfoSec principals and best practice is fundamental to this role. You’ll be engaging laterally and vertically with multiple internal stakeholders within INSTANDA to Executive level.

Cyber Threats: you will have proven knowledge around industry developments and adjustments to the nature and character of cyber threats.  

Networking Principles: at times, you’ll need to influence decisions on the design and implementation of changes to the INSTANDA networks, based on your understanding of data flows and network principles, as well as your grasp of security frameworks and controls in place.

Benefits

• Competitive salary
• Generous 28 days holiday allowance, in addition to public holidays.
• For every year of service you complete, we’ll give you an additional days holiday (max. 5 days)
• One Dynamic Day per month on top of your holiday allowance to spend time doing the things you want to do or simply catching up with life admin.
• Remote & Hybrid approach varying with the nature of your role.
• Life cover; income protection and participation in the company pension scheme
• £100 per month to put towards wellness activities.
• Annual learning & development allowance of £1,250
• Free access to LinkedIn learning and Microsoft ESI learning platforms

Additional Information:

This is a UK based role, you must be eligible to live and work in the UK without restriction. We are unable to offer sponsorship.

Please apply directly online

We are not working with any agencies or staffing firms for this role - please do not contact us.

At Clarion, our people are at the absolute heart of what we do. We’re proud that our core values of PASSION , CARE , IMAGINATION , and TRUST define the way we carry out our work across all of our exhibitions and conferences.

If you share our values and want to be a part of a successful, dynamic, and creative global business then we want to hear from you.

The Opportunity:

We have an exciting new role for an Information Security Manager who will be responsible for implementing operational cyber security throughout a dynamic, global, commercial organisation. The role will involve collaboration with numerous internal departments and businesses across the Group organisation.

We are looking for a highly experienced Information Security Manager with extensive technical security knowledge and expertise.

Key Responsibilities:

• Lead a team monitoring and responding to cyber incidents.
• Being a subject matter expert on all aspects of operational information security and cyber risk.
• Define, develop, and implement operational information security processes.
• Identify, assess, and make recommendations on emerging security threats and vulnerabilities.
• Develop and oversee Security Operations Centre (SOC) activities, SIEM, IDS/IPS, threat and incident responses.
• Manage the cyber security vulnerability programme.
• Manage and oversee security penetration testing activities.
• Implement information security policies, processes, governance standards and frameworks.
• Advise departments on security requirements and controls, providing information security guidance across IT operations and new projects.
• Coordinate and manage information security activities, implementing solutions to improve information security, IT infrastructure and cyber security.
• Identify breaches in information security architecture, standards, and best practice.
• Manage and complete information security reviews, including due diligence of third parties.
• Monitor the development of relevant industry standards and best practices (NIST CSF, CIS, ISO etc.), assess and advise on compliance with these standards.

Requirements

Knowledge, Skills & Behaviours:

• Expertise and proficiency on information security management.
• A degree in cyber risk would be advantageous.
• Recognised security qualifications such as CISSP/CISM are desirable.
• Track record of achievement and delivery within various operational information security roles.
• Previous experience of SOC operations and management.
• Extensive knowledge of technical security issues and solutions.
• Extensive knowledge of cyber threats, penetration testing and vulnerability assessments.
• Experience of Cyber Essentials, ISO27001 compliance and leveraging NIST CSF and CIS benchmarks.
• Excellent communication skills both verbal and written, articulate, organised and diligent.
• Willing to join a shift-based call-out rota (this will incur an additional bonus payment).

About Clarion Events

Clarion Events is one of the world’s leading event organisers, producing and delivering innovative and market-leading events since 1947. ( )

Clarion Events embrace diversity and equal opportunities in all that we do. We are committed to building a team that represents a variety of backgrounds, perspectives, and skills. The more inclusive we are, the better our work will be.

Clarion is private equity backed and owned by Blackstone. Blackstone is one of the world’s leading global investment funds, investing capital for the long term in order to build successful, resilient businesses. ( )

Our purpose is to deliver exceptional customer outcomes and experiences, by making every connection count.

Our vision is we want every one of our products to be a market leader in customer satisfaction and delight.

Benefits

• 25 days’ holiday plus bank holidays
• End of year wellbeing shutdown (closed for the last week of the year)
• Celebration day off (e.g. birthday, Diwali, Eid, etc)
• Summer Hours in August (3pm finish on Fridays)
• Helping Our World (HOW) Days – one paid day per quarter to carry out charity work
• Pension Scheme
• Private Medical Insurance
• Health Cash Plan
• Wellbeing Library (MYNDUP)
• Mentoring Programme
• Subsidised Café
• Season Ticket Loan
• Cycle to Work Schemes
• Free on-site gym and shower facilities
• Free eyesight tests
• Free flu vaccination – offered on site once a year for all employees

Information Security Manager Information Security, ISO 27001, Data Governance, Data Quality, Data Protection, GDPR, Data Strategy & Architecture, Varonis, Microsoft Purview, Power BI, Stakeholder Management, London (Hybrid)

£65,000 + Benefits

This is a fantastic Information Security Manager opportunity to work with a leading engineering services organisation, to lead the development and execution o.

WHJS1_UKTJ

The Information Security Accreditation Manager will oversee and manage the accreditation processes, ensuring compliance and excellence in standards. This role requires a professional with expertise in technology-related accreditation to lead initiatives and maintain quality benchmarks.

Client Details

An international Cyber Security certification body focusing on advancing standards and certifications. It plays a pivotal role in fostering trust and quality within its field, offering a collaborative and mission-driven environment.

Description

• Lead the development, improvement and execution of Cyber and Information Security accreditation strategy and process
• Lead a team of Information Security Accreditors
• Collaborate with internal teams and external stakeholders to maintain high-quality standards.
• Oversee the evaluation and approval of accreditation applications.
• Monitor changes in industry regulations and update accreditation criteria accordingly.
• Produce detailed reports and recommendations to support strategic decision-making.
• Represent the organisation at relevant industry events and meetings.

Profile

• Proven experience in managing Cyber and Information Security assessment and auditing processes.
• With team leading experience
• Strong understanding of ISO27001.
• Exceptional organisational and analytical skills.
• Ability to communicate effectively with diverse stakeholders.
• Experience in creating and implementing accreditation policies and procedures.
• A proactive approach to problem-solving and attention to detail.

Desirable:

• ISO27001 Lead Auditor is highly desirable
• Experience in ISO17065
• Holder of security certifications like CISM, CISA

Job Offer

• Remote role with occasionally travel
• Annual bonus scheme
• Private Medical Insurance