1,849 Vulnerability Assessment jobs in the United Kingdom

Information Security Manager

Location: London, Hybrid
Salary: Up to 75,000

Reports to: Head of Cyber Security

A well regarded Managed Service Provider is seeking an experienced Information Security Manager to join its team on a permanent basis. This role offers the opportunity to lead and deliver strategic security initiatives across a varied client base, with a strong focus on governance, risk, and compliance.

The successful candidate will have a proven background within an MSP or MSSP environment, hold CISSP certification, and demonstrate deep expertise in GRC frameworks, particularly ISO27001. Experience acting as a virtual Chief Information Security Officer (vCISO) is essential.

This business has made significant investment into its SOC-as-a-Service offering, positioning itself at the forefront of managed security solutions and enabling clients to benefit from cutting-edge threat detection and response capabilities.

Key Responsibilities:

• Serve as a vCISO for clients, providing strategic guidance on security posture and compliance
• Lead the development and implementation of security policies, procedures, and controls
• Manage ISO27001 compliance, including internal and external audits
• Conduct risk assessments and oversee incident response planning
• Collaborate with technical teams to ensure security is embedded across services
• Advise on regulatory requirements and emerging threats

Candidate Profile:

• Extensive experience in information security within an MSP or MSSP
• CISSP certified
• Strong working knowledge of GRC frameworks, including ISO27001
• Demonstrated experience in a vCISO capacity
• Excellent stakeholder engagement and communication skills
• Ability to lead complex security programmes across multiple environments

This role offers flexible working arrangements (hybrid), exposure to a wide range of industries and technologies, and the chance to join a collaborative team within a forward-thinking MSP committed to professional development.

Only candidates with the right to work in the UK will be considered .

London - Hybrid

Paying up to 75,000, depending on experience.

Information Security Manager

70,000- 75,000 PA

Central London

Well-established construction engineering business is seeking an experienced Information Security Manager to join them on a permanent basis. You'll be joining at a critical time where they are expanding their technical team with an ambitious growth plan with multiple acquisitions planned over the coming years.

The Information Security Manager will be a crucial component in ensuring the effective management of both the technical cyber security environment and wider information security management piece for the business. This role is responsible for ensuring robust cyber security controls with a strong emphasis on ISO 27001 readiness. You'll liaise with assessors and internal teams, drive ISO-related strategies and use prior experience to ensure certification plans stay on track. Working with external teams to align processes, you'll also oversee InfoSec/Cyber services, conduct risk assessments and recommend security improvements.

Responsibilities:

• Ownership and maintenance of all security related policies and procedures, implementing Security by Design and driving a culture of cyber security awareness in the business
• Liaise with external ISO27001 assessors and internal teams to ensure smooth assessments
• Actively contribute to ISO processes, strategies and problem-solving
• Use prior ISO experience to support certification readiness
• Working closely with stakeholders across the business in relation to Information Security Strategy and the creation, delivery and maintenance of a robust Cyber Security roadmap
• Handle varied and complex security challenges, from system reviews to high-level risk assessments
• Work closely with third-party suppliers in relation to audits, forensic analysis and pen testing

Requirements:

• Experience with ISO 27001 is essential
• Strong background in cyber security management
• Proven experience in identifying and mitigating security risks#
• Ability to make actionable recommendations for security improvements
• Experience with GDPR and data protection, together with knowledge of IS standards
• Security assessment frameworks (threat modelling, controls assessment, risk assessment)
• Relevant qualifications; CISSP, CISM or similar would be beneficial.

Based in Central London, 4 days per week onsite initially dropping to 3 once passed probation.

Information Security Manager

Location: London, Hybrid
Salary: Up to 75,000

Reports to: Head of Cyber Security

A well regarded Managed Service Provider is seeking an experienced Information Security Manager to join its team on a permanent basis. This role offers the opportunity to lead and deliver strategic security initiatives across a varied client base, with a strong focus on governance, risk, and compliance.

The successful candidate will have a proven background within an MSP or MSSP environment, hold CISSP certification, and demonstrate deep expertise in GRC frameworks, particularly ISO27001. Experience acting as a virtual Chief Information Security Officer (vCISO) is essential.

This business has made significant investment into its SOC-as-a-Service offering, positioning itself at the forefront of managed security solutions and enabling clients to benefit from cutting-edge threat detection and response capabilities.

Key Responsibilities:

• Serve as a vCISO for clients, providing strategic guidance on security posture and compliance
• Lead the development and implementation of security policies, procedures, and controls
• Manage ISO27001 compliance, including internal and external audits
• Conduct risk assessments and oversee incident response planning
• Collaborate with technical teams to ensure security is embedded across services
• Advise on regulatory requirements and emerging threats

Candidate Profile:

• Extensive experience in information security within an MSP or MSSP
• CISSP certified
• Strong working knowledge of GRC frameworks, including ISO27001
• Demonstrated experience in a vCISO capacity
• Excellent stakeholder engagement and communication skills
• Ability to lead complex security programmes across multiple environments

This role offers flexible working arrangements (hybrid), exposure to a wide range of industries and technologies, and the chance to join a collaborative team within a forward-thinking MSP committed to professional development.

Only candidates with the right to work in the UK will be considered .

London - Hybrid

Paying up to 75,000, depending on experience.

Information Security Manager

70,000- 75,000 PA

Central London

Well-established construction engineering business is seeking an experienced Information Security Manager to join them on a permanent basis. You'll be joining at a critical time where they are expanding their technical team with an ambitious growth plan with multiple acquisitions planned over the coming years.

The Information Security Manager will be a crucial component in ensuring the effective management of both the technical cyber security environment and wider information security management piece for the business. This role is responsible for ensuring robust cyber security controls with a strong emphasis on ISO 27001 readiness. You'll liaise with assessors and internal teams, drive ISO-related strategies and use prior experience to ensure certification plans stay on track. Working with external teams to align processes, you'll also oversee InfoSec/Cyber services, conduct risk assessments and recommend security improvements.

Responsibilities:

• Ownership and maintenance of all security related policies and procedures, implementing Security by Design and driving a culture of cyber security awareness in the business
• Liaise with external ISO27001 assessors and internal teams to ensure smooth assessments
• Actively contribute to ISO processes, strategies and problem-solving
• Use prior ISO experience to support certification readiness
• Working closely with stakeholders across the business in relation to Information Security Strategy and the creation, delivery and maintenance of a robust Cyber Security roadmap
• Handle varied and complex security challenges, from system reviews to high-level risk assessments
• Work closely with third-party suppliers in relation to audits, forensic analysis and pen testing

Requirements:

• Experience with ISO 27001 is essential
• Strong background in cyber security management
• Proven experience in identifying and mitigating security risks#
• Ability to make actionable recommendations for security improvements
• Experience with GDPR and data protection, together with knowledge of IS standards
• Security assessment frameworks (threat modelling, controls assessment, risk assessment)
• Relevant qualifications; CISSP, CISM or similar would be beneficial.

Based in Central London, 4 days per week onsite initially dropping to 3 once passed probation.

**The team you'll be working with:**
**Job Title:** Information Security Manager
**Location:** London, UK or Birmingham hybrid Variable
**Department:** Information Security
**About Us:**
NTT Data is a leading Managed Service Provider (MSP) with a global reach empowering local team, undertaking hugely exciting work and is genuinely changing the world.
We specialise in delivering cutting-edge IT and cybersecurity solutions to our diverse client base. We provide expert-managed services to help clients protect their data, comply with regulations, and manage evolving cyber threats. We are looking for a skilled Information Security Manager to join our team and be billed out to a key client to enhance their information security posture.
**What you'll be doing:**
**What you will be doing;**
We are seeking an experienced Information Security Manager to play a critical role in ensuring the security and resilience of our client's IT systems and data. As a client-facing professional, you will act as the pivotal point of contact for all matters relating to information and cybersecurity. You will collaborate closely with multiple teams to develop, implement, and manage robust information security frameworks, policies, and protocols.
This role combines both strategic leadership and technical expertise, enabling you to influence decision-making, advise on best practices, and ensure continuous improvement in the security posture. You will lead efforts in risk management, regulatory compliance, incident response, and security awareness training, while ensuring the client remains aligned with industry standards and legal requirements (e.g., ISO 27001, GDPR, Cyber Essentials). Your expertise will help mitigate risks, defend against cyber threats, and maintain the highest level of security across the client's infrastructure, all while maintaining a clear focus on delivering outstanding service and value.
Key to your success will be your ability to manage complex security challenges, foster strong relationships with teams, and drive a proactive security culture within their organisation.
**Core responsibilities;**
+ Act as the primary information security point of contact for relevant teams, developing a trusted relationship and advising on all aspects of cybersecurity.
+ Develop, implement, and maintain information security policies, procedures, and frameworks, ensuring alignment with industry standards (e.g., ISO 27001, NIST) and legal requirements (e.g., GDPR, Cyber Essentials).
+ Conduct security risk assessments and vulnerability management for the client, providing actionable recommendations to mitigate risks.
+ Lead incident detection, investigation, and response efforts, ensuring minimal impact to the client's business operations.
+ Collaborate with the client's IT and business teams to integrate security solutions and processes that align with their goals.
+ Deliver regular reporting to the client on security status, incidents, risks, and compliance with agreed SLAs and KPIs.
+ Provide guidance and support for the client in meeting their regulatory obligations (e.g., GDPR compliance, data protection).
+ Oversee and lead security audits, penetration testing, and vulnerability assessments for the client.
+ Manage security awareness training programs for the client's staff, fostering a culture of cybersecurity awareness.
+ Provide ongoing advice on emerging threats, vulnerabilities, and security best practices, helping the client stay ahead of the curve.
+ Ensure that the client's information security posture is continuously improved through proactive security measures, monitoring, and reporting.
**What experience you'll bring:**
**What you will bring;**
Proven experience (typically 5+ years) in information security management or a related role, preferably within an MSP or client-facing environment.
+ Strong understanding of UK and international cybersecurity regulations, including GDPR, Cyber Essentials, and ISO 27001.
+ Experience managing and leading security operations, incident response, and risk assessments.
+ Understanding and knowledge of security technologies (SIEM, firewalls, endpoint protection, encryption, etc.) and practices (vulnerability management, penetration testing).
+ Experience working in a service delivery or consultancy capacity with external clients.
+ Excellent communication skills, able to convey technical security information to non-technical stakeholders at all levels.
+ Relevant certifications such as CISSP, CISM, CISA, or equivalent are highly desirable.
**Desirable Attributes:**
+ Strong stakeholder engagement experiences.
+ Ability to work independently, take initiative, and work in a dynamic environment.
+ Proactive approach to identifying and solving problems before they escalate.
+ Strong leadership and mentoring skills to support junior staff and teams.
+ Ability to translate business needs into security solutions.
**Who we are:**
We're a business with a global reach that empowers local teams, and we undertake hugely exciting work that is genuinely changing the world. Our advanced portfolio of consulting, applications, business process, cloud, and infrastructure services will allow you to achieve great things by working with brilliant colleagues, and clients, on exciting projects.
Our inclusive work environment prioritises mutual respect, accountability, and continuous learning for all our people. This approach fosters collaboration, well-being, growth, and agility, leading to a more diverse, innovative, and competitive organisation. We are also proud to share that we have a range of Inclusion Networks such as: the Women's Business Network, Cultural and Ethnicity Network, LGBTQ+ & Allies Network, Neurodiversity Network and the Parent Network.
For more information on Diversity, Equity and Inclusion please click here: Creating Inclusion Together at NTT DATA UK | NTT DATA ( we'll offer you:**
We offer a range of tailored benefits that support your physical, emotional, and financial wellbeing. Our Learning and Development team ensure that there are continuous growth and development opportunities for our people. We also offer the opportunity to have flexible work options.
You can find more information about NTT DATA UK & Ireland here: are an equal opportunities employer. We believe in the fair treatment of all our employees and commit to promoting equity and diversity in our employment practices. We are also a proud Disability Confident Committed Employer - we are committed to creating a diverse and inclusive workforce. We actively collaborate with individuals who have disabilities and long-term health conditions which have an effect on their ability to do normal daily activities, ensuring that barriers are eliminated when it comes to employment opportunities. In line with our commitment, we guarantee an interview to applicants who declare to us, during the application process, that they have a disability and meet the minimum requirements for the role. If you require any reasonable adjustments during the recruitment process, please let us know. Join us in building a truly diverse and empowered team.
Back to search Email to a friend Apply now

**Job Description**
At Boeing, we innovate and collaborate to make the world a better place. We're committed to fostering an environment for every teammate that's welcoming, respectful and inclusive, with great opportunity for professional growth. Find your future with us.
Boeing delivers leading-edge platforms, technology, services, and capabilities to bring the best value to the Ministry of Defence and UK national security services.
Employing more than 2,100 people, Boeing Defence UK provides long-term support for more than 120 Boeing military rotary-wing and fixed-wing aircrafts in the UK. For example, the Chinook and Apache helicopters, and the Poseidon and C-17 airplanes. Our support ranges from mission critical Logistics Information Services, next generation in-flight digital tools, to aircraft and operational modelling and simulation methodology.
Leveraging our established defence business in the UK, and blending our local expertise with our 'One Boeing' global approach, Boeing Defence UK is well positioned to support the UK with its current and future defence and security challenges.
An exciting opportunity has arisen for an **Information Security Adviser** to join **Boeing Defence UK** in the support of the Defence Equipment Engineering and Asset Management System (DEEAMS) programme.
Due to continued business growth there is an opportunity to join a multi-skilled security team that delivers all aspects of protective security to Boeing Defence UK (BDUK), including information security and assurance, personnel security, business continuity and counter threat support and risk advice. The successful candidate would be a part of a supportive team of around 26, with access to varied work and opportunities to progress their career alongside the growth of the business. At Boeing we're committed to rewarding excellence and fostering an inclusive environment where team members are seen, heard, valued, respected and fully engaged.
The successful candidate will work alongside other Boeing Security Advisers to deliver the security aspects of bringing a new information services solution into service whilst working with both the UK customer and collaborating with external suppliers and other agencies. The role will be expected to: produce security artefacts associated with implementing and maintaining the new solution, preparing security assurance evidence, liaise with the customer and other agencies as required and deliver other programme contractual deliverables as required.
The post holder will also have experience of information security, defence security management and defence cyber protection partnership processes. Post initial operating capability the role will be supportive in maintaining the continued authority to operate by maintaining the Information Security Management System throughout the Sustainment phase of the programme.
**Please note: this role is subject to successful Contract Award. This is an on-site role based in Bristol, with flexibility for occasional remote working at the discretion of the management team.**
**Position Responsibilities:**
+ Identifying security risks within complex information systems and developing for implementation, effective and risk balanced security measures
+ Supporting Supply Chain Security Assurance through application of the Defence Cyber Protection Partnership (DCPP) and other relevant standards and policies
+ Providing security documentation and evidence to meet HMG (MOD) security assurance requirements
+ Liaison with customers, Delivery Team Security Leads, and technical authorities, including attendance at Security Working Groups
+ Supporting security analysis of operational environments, threats, vulnerabilities and internal interfaces to define and assess compliance to accepted industry and government standards
+ Contributing to the development of information governance and risk management structures and processes
+ Assisting in the integration of information assurance activities with the system engineering, design and manufacturing elements of new business ventures and programmes
+ Engaging with stakeholders, the engineering team and sub-contractors to provide direction, guidance and support on acceptable and balanced information security solutions
+ Supporting the creation of business and user focused security policies, procedures, processes and operational guidance for the compliant delivery of customer information security requirements
+ Maintaining knowledge of technology development (both hardware and software), threat actors, tools and techniques and the risk implications for information security
+ Deliver programme security onboarding training to the Boeing programme team
+ Provide ad hoc security advice to the Boeing DEEAMS delivery team
+ Preferred Qualifications/Education
+ Ideally qualified to degree level (or equivalent) OR with substantial relevant information security experience, particularly within a similar role in UK Government or Defence
+ Relevant industry security certifications would be advantageous (e.g. SC2 Certified in Cyber Security (CC), CISMP, CCP (Ex-CLAS), CISSP, CISM).
+ Knowledge/Competences
**Basic Qualifications (Required Skills/Experience):**
+ Knowledge and understanding of MOD and Government information security policy, standards and guidance.
+ Experience of assuring IT systems in a secure government environment (MOD)
+ Understanding of systems and security verification, validation, testing and evaluation approaches.
+ Experience in generation of information security Risk Assessments, Risk Treatment Plans.
+ Experience in the specification and development of effective and balanced information assurance solutions or approaches.
+ Ability to analyse the security aspects of business risks
+ Pragmatic approach to the recommendation of security controls.
+ Ability to plan, prioritise and manage own workload with limited day-to-day supervision, but know when to seek assistance/escalate.
**Preferred Qualifications (Desired Skills/Experience):**
+ Experience of working within a multinational matrix management environment/ structure and a large-scale, complex international organization, but also within small teams, would be highly advantageous.
+ Experience of working with and assurance/gaining authority to operate information system related platforms and communication networks
+ Information assurance experience across Cloud services and Systems Engineering, Development Lifecycle would be preferred.
+ Experience of participating in developing security solutions in response to customer requirements.
+ Experience of SAP or other Enterprise Resource Planning systems.
+ Experience of systems rollout and hyper care activities.
+ Detailed understanding of data protection controls and practices.
+ Knowledge of computer security audit and investigative techniques is desirable.
+ General:
+ Effective written and verbal communication skills with ability to adapt depending on audience; ability to explain technical issues in simple language to non-technical consumers is essential.
+ Ability to contribute to cost, schedule adherence, and technical performance trade-offs.
+ Clear task focus with ability to separate out and communicate key elements from extraneous detail.
+ Team player with a collaborative working mindsets, especially with cross functional teams.
+ An independent self-starter with a proactive mindset.
**Work Authorisation:**
This requisition is for a locally hired position in the UK. Candidates must have current legal authorisation to work immediately in the United Kingdom. Boeing will not attempt to obtain Immigration and labour sponsorship for any applicants.
Benefits and pay are determined at the local level and are not part of Boeing U.S. based payroll.
Applications for this position will be accepted until **Sept. 06, 2025**
**Export Control Requirements:** This is not an Export Control position.
**Relocation**
Relocation assistance is not a negotiable benefit for this position.
**Security Clearance**
This position requires the ability to acquire a UK security Clearance for which the UK Government requires UK residency. The successful candidate will hold, or have the ability to acquire, Security Clearance (SC).
**Visa Sponsorship**
Employer will not sponsor applicants for employment visa status.
**Shift**
Not a Shift Worker (United Kingdom)
**Contingent Upon Program Reward**
The position is contingent upon program award
**Equal Opportunity Employer:**
We are an equal opportunity employer. We do not accept unlawful discrimination in our recruitment or employment practices on any grounds including but not limited to; race, color, ethnicity, religion, national origin, gender, sexual orientation, gender identity, age, physical or mental disability, genetic factors, military and veteran status, or other characteristics covered by applicable law.
We have teams in more than 65 countries, and each person plays a role in helping us become one of the world's most innovative, diverse and inclusive companies. We are a Disability Confident Committed employer and welcome applications from candidates with disabilities. Applicants are encouraged to share with our recruitment team any accommodations required during the recruitment process. Accommodations may include but are not limited to: conducting interviews in accessible locations that accommodate mobility needs, encouraging candidates to bring and use any existing assistive technology such as screen readers and offering flexible interview formats such as virtual or phone interviews.
Boeing is an Equal Opportunity Employer. Employment decisions are made without regard to race, color, religion, national origin, gender, sexual orientation, gender identity, age, physical or mental disability, genetic factors, military/veteran status or other characteristics protected by law.

Information Security Analyst – NIST Implementation

Rate - £500 Inside IR35 (Total to umbrella)

Duration – 6 months

Location – twice a week on site into London

Role Description:

As a Senior Information Security Analyst, you will be instrumental in executing the company's Information Security strategies and initiatives, focusing on supporting the Governance, Risk, and Compliance (GRC) function and implementing the NIST Cyber Security Framework (CSF) throughout the organization. You will lead day-to-day GRC activities, including designing security controls, enforcing requirements from the Group Information Security Framework, and proactively managing non-compliance issues and mitigating Information Security risks.

About You :

• You will be developing and implementing an information security controls catalogue, policies, and procedures aligned with the NIST Cyber Security Framework (CSF).
• Conducting assessments to identify material gaps, analyzing potential risks, and monitoring progress on maturity uplifting across security functions.
• Supporting compliance activities with the Group Information Security Framework, Cyber Essentials, and PCI DSS attestation.
• Collaborating with the wider organization to integrate control testing and risk management activities into the existing governance framework.
• Assisting cross-functional teams and business units in integrating security measures into business operations.
• Facilitating regular reviews and updates of control and risk management processes to remain effective and responsive to emerging threats and changes in the organizational landscape.
• Documenting and visualizing reports for governance forums, providing insights and recommendations to inform decision-making and risk management strategy across the business.

Essential Skills:

• Minimum of 4 years of experience in information security with a solid understanding of Information Security control and governance frameworks.
• Practical experience of implementing NIST CSF in the financial services sector is highly desirable.
• Proven track record of security transformation and delivery of security projects, particularly within a federated organisation.
• Strong knowledge of Information Security and compliance frameworks, including NIST CSF, ISO 27001, Cyber Essentials, PCI DSS, and DORA, and the ability to design controls that align with these standards.
• Ability to analyse data and generate reports using tools like Excel and Power BI, and experience with data visualisation and interpretation.
• Skills in creating and maintaining comprehensive documentation, including control matrices, design process flows, and standard operating procedures.
• Strong communication and interpersonal skills, with the ability to convey complex security concepts to non-technical stakeholders.
• Bachelor’s degree in Information Security, Computer Science, or a related field. A Master’s degree is a plus.
• Relevant certifications such as CISSP, CCSP, CRISC, CISM, or ISO 27001 Lead Implementer are highly desirable.

Information Security Analyst – NIST Implementation

Rate - £500 Inside IR35 (Total to umbrella)

Duration – 6 months

Location – twice a week on site into London

Role Description:

As a Senior Information Security Analyst, you will be instrumental in executing the company's Information Security strategies and initiatives, focusing on supporting the Governance, Risk, and Compliance (GRC) function and implementing the NIST Cyber Security Framework (CSF) throughout the organization. You will lead day-to-day GRC activities, including designing security controls, enforcing requirements from the Group Information Security Framework, and proactively managing non-compliance issues and mitigating Information Security risks.

About You :

• You will be developing and implementing an information security controls catalogue, policies, and procedures aligned with the NIST Cyber Security Framework (CSF).
• Conducting assessments to identify material gaps, analyzing potential risks, and monitoring progress on maturity uplifting across security functions.
• Supporting compliance activities with the Group Information Security Framework, Cyber Essentials, and PCI DSS attestation.
• Collaborating with the wider organization to integrate control testing and risk management activities into the existing governance framework.
• Assisting cross-functional teams and business units in integrating security measures into business operations.
• Facilitating regular reviews and updates of control and risk management processes to remain effective and responsive to emerging threats and changes in the organizational landscape.
• Documenting and visualizing reports for governance forums, providing insights and recommendations to inform decision-making and risk management strategy across the business.

Essential Skills:

• Minimum of 4 years of experience in information security with a solid understanding of Information Security control and governance frameworks.
• Practical experience of implementing NIST CSF in the financial services sector is highly desirable.
• Proven track record of security transformation and delivery of security projects, particularly within a federated organisation.
• Strong knowledge of Information Security and compliance frameworks, including NIST CSF, ISO 27001, Cyber Essentials, PCI DSS, and DORA, and the ability to design controls that align with these standards.
• Ability to analyse data and generate reports using tools like Excel and Power BI, and experience with data visualisation and interpretation.
• Skills in creating and maintaining comprehensive documentation, including control matrices, design process flows, and standard operating procedures.
• Strong communication and interpersonal skills, with the ability to convey complex security concepts to non-technical stakeholders.
• Bachelor’s degree in Information Security, Computer Science, or a related field. A Master’s degree is a plus.
• Relevant certifications such as CISSP, CCSP, CRISC, CISM, or ISO 27001 Lead Implementer are highly desirable.

INFORMATION SECURITY MANAGER

Our client is one of the largest owner-operator of rapid electric vehicle charging stations across the UK and Europe. They are award winners and are currently short listed for " The Best Place to Work" .

They are growing and expanding at pace, are you up for the ride.

They are seeking a highly skilled and experienced Information Security Manager to join our team.

You will work closely with the clients international IT team to lead the organisation’s cybersecurity and information risk agenda, including oversight of ISO 27001 and broader security governance across the business.

Key Responsibilities :

• Maintain the Information Security Management System (ISMS) in compliance with ISO 27001:2022 standards.
• Establish, maintain and enforce security policies, procedures, and controls to mitigate information security risks and vulnerabilities.
• Conduct regular risk assessments and vulnerability assessments to identify potential threats and weaknesses in our information security infrastructure.
• Collaborate with internal stakeholders to ensure that information security requirements are integrated into business processes and systems.
• Lead internal audits and coordinate external audits and certifications to assess ISMS effectiveness and drive continuous improvement.
• Define and enforce information security policies, standards, and guidelines across the organisation and Monitor compliance with all information security policies, procedures, and standards.
• Management of tabletop/red team exercises and incident response playbooks.
• Assist the incident response process and lead investigations into information security breaches or incidents.
• Provide guidance and support to employees on information security matters and promote a culture of security awareness throughout.
• Stay up to date with the latest information security trends, threats, and best practices, and make recommendations for enhancing the organisation’s security posture.
• Conduct technical assessments of new suppliers, platforms, and software, including security architecture reviews, documentation checks, and evidence of compliance (e.g., ISO, SOC 2, pen test results).
• Collaborate with procurement, legal, and product teams to embed security requirements in onboarding and contract processes.
• Prepare and deliver reports on information security metrics, incidents, and compliance to senior management and relevant stakeholders.

Qualifications and Skills;

• Professional certifications in information security, such as CISSP, CISM, ISO 27001 Lead Auditor/Implementer, or equivalent.
• Extensive experience (5+ years) in information security management, with a focus on ISO 27001 compliance.
• In-depth knowledge of ISO 27001 standards and best practices , as well as other relevant security frameworks (e.g., NIST, COBIT).
• Strong technical understanding of modern IT and cloud environments, including the ability to assess third-party platforms, suppliers, and software for security risks.
• Proven experience in developing and implementing information security policies, procedures, and controls.
• Familiarity with risk assessment methodologies and tools.
• Experience in managing information security incidents and conducting investigations.
• Excellent communication and interpersonal skills, with the ability to effectively collaborate with stakeholders at all levels of the organisation.
• Strong analytical and problem-solving abilities.
• Demonstrated ability to manage multiple priorities and meet deadlines in a fast-paced environment.
• High level of integrity and a commitment to maintaining confidentiality.
• Join our dynamic team and contribute to the protection and security of our organisation’s information assets. Apply your expertise as an ISO 27001 Information Security Manager and help us maintain a robust information security program.

Equal Opportunity Statement :

They an equal opportunity employer. We are committed to equality and diversity, and all applicants will be considered for employment without attention to race, colour, religion, sex, sexual orientation, gender identity, national origin, or disability status.