Job Role: Information Security Manager Reporting to: CTO
Location: Head Office, White City Place, West London
Contract type: Full Time, 37.ME+EM is one of the UK’s fastest-growing luxury fashion brands. As a direct-to-consumer business we operate in a truly omnichannel way, with an extremely successful online store, monthly mailings and stores in London, Edinburgh and concessions in Harrods and Selfridges. At ME+EM we are an entrepreneurial, creative, and passionate group of people. We work hard, are enthusiastic to learn and are not afraid to take risks. Our office and stores are always busy and fast paced, but we work just as hard to make sure it’s fun, with social activities and biannual parties. It takes all these things to build a strong, successful business and our door is always open to new talent ready to contribute to our growth and evolution.
The Information Security Manager (ISM) will be responsible for developing, implementing, and maintaining ME+EM’s information security program. Reporting to the CTO, this role will involve managing risk assessments, monitoring compliance, and embedding a robust security culture throughout the organisation. The ISM will act as the primary subject matter expert on information security, ensuring policies are up-to-date, practical, and enforced, and will communicate security risks and opportunities for improvement directly to senior management.
Cyber Security Strategy & Governance
Implement and refine the organisation’s cyber security strategy, aligned with business objectives and risk appetite.
Lead the development and maintenance of a comprehensive Information Security Management System (ISMS).
Policy Management
Draft, maintain, and enforce all information security policies, procedures, and standards (e.g. access control, data classification, acceptable use).
Ensure policies are communicated, understood, and adhered to across departments.
Review and update policies regularly in line with regulatory changes and business needs.
Risk Management
Conduct and manage regular information security risk assessments across the business.
Identify and evaluate vulnerabilities, threats, and risks to company assets, systems, and data.
Work with internal teams to prioritise, treat, or accept risks and track mitigation progress.
Ensure compliance with relevant security frameworks, data protection laws (e.g. Maintain records of security incidents and lead post-incident reviews and continuous improvements.
Training & Awareness
Deliver targeted training for teams and departments based on their risk profile.
Prepare and present risk summaries, compliance reports, and improvement plans to senior stakeholders.
Champion security at the executive level, influencing key decisions and budgeting.
Proven experience in a similar Information Security Management or Cyber Risk role.
Strong understanding of information security principles, risk management frameworks, and industry best practices (e.g. Demonstrated experience in drafting and implementing security policies and procedures.
Proficiency in conducting security risk assessments and presenting results to senior management.
33 days annual leave for full time employees (25 days holiday + 8 bank holidays).
~ Pension Scheme.
~ Group Life Insurance.
~ Employee Assistance Programme (EAP).
~ Length of Service Award.
~ Refer a Friend Scheme.
~ Generous Staff and Friends and Family Discount.
~ Cycle to Work Scheme.
~ Tech Scheme.
~ Eye Care Vouchers.
~ Social events and biannual parties.
~ ME+EM is an equal opportunities employer committed to fostering and preserving a culture of diversity, equality, and inclusion in our workforce. As an equal opportunities’ employer, we do not discriminate against applicants based on race, colour, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status. We believe that diversity enriches our workforce and strengthens our organisation. Therefore, we encourage minorities, LGBTQ+ candidates, and individuals with disabilities to apply for opportunities within our company.