Job Description The Information Security Manager is responsible for establishing, implementing, and maintaining a comprehensive information security management system aligned with ISO27001 standards. This role exists to protect the organisation's information assets, ensure regulatory compliance, manage security risks, and foster a security-conscious culture across the business. The post holder will lead the development of security policies, oversee incident response procedures, and serve as the primary point of escalation for security concerns throughout the organisation. Job Requirements Demonstrable knowledge of ISO27001 requirements and implementation practices Understanding of information security frameworks and best practices Strong understanding of data protection regulations (UK GDPR, Data Protection Act 2018) ISO27001 Lead Implementer certification would be desirable but not essential Certified Information Systems Security Professional (CISSP) or equivalent (CCSK, CEH, OSCP) desirable but not essential Relevant undergraduate degree in Information Security, Cybersecurity, Computer Science, or related discipline desirable but not essential CompTIA Security, Network, or equivalent vendor certification desirable but not essential Job Responsibilities • Develop and maintain the Information Security Management System (ISMS) in accordance with ISO27001 standards, including documentation, policies, and procedures • Lead the ISO27001 certification and audit process, liaising with external auditors and managing remediation of findings • Conduct regular risk assessments and vulnerability management to identify, analyze, and mitigate security threats • Design and delivering information security awareness training and educational programs across the organisation • Establish and monitor security metrics and key performance indicators (KPIs) to measure ISMS effectiveness • Manage security incident response procedures, including investigation, containment, and reporting of breaches • Oversee access control frameworks, user provisioning, and privilege management • Develop and enforce information security policies covering data classification, password management, encryption, and acceptable use • Maintain compliance with relevant regulations including UK Data Protection Act 2018, GDPR, and industry-specific requirements • Conduct security architecture reviews and providing guidance on secure system design and procurement • Manage security budgets and capital expenditure for tools, training, and infrastructure • Prepare regular security reports and dashboards for senior management and board-level presentations • Assist with panel tenders for Banks and other relevant entities Core Outputs: • Approved and implemented Information Security Management System (ISMS) • Achieved ISO27001 certification and maintained through annual audits • Up-to-date risk register with mitigating actions • Monthly security dashboards and incident reports • Documented security policies and procedures • Annual security training completion by 100% of staff • Reduced security incident rate year-on-year