Job Description: Information Security & Business Continuity Manager
Role Purpose
To lead and manage the organisation’s Information Security and Business Continuity frameworks, ensuring policies, standards, and processes effectively support business strategy, regulatory requirements, and operational resilience. The role is responsible for maintaining a strong security posture, safeguarding information assets, and ensuring the organisation can respond effectively to disruptions.
Key Responsibilities
Information Security
* Develop, maintain, and enhance the organisation’s Information Security Policy to meet evolving business and technology needs.
* Monitor adherence to Information Security policies using appropriate tools, techniques, and risk assessments.
* Produce, maintain, and enforce Information Security standards, guidelines, and operational processes.
* Ensure that access to information systems is appropriately restricted to authorised users.
* Monitor communications and information systems (e.g., email, internet, desktops) to detect misuse, fraud, or potential external threats.
* Lead or coordinate the Security Incident Response Team during major incidents and report security-related issues to internal management and external authorities where legally required.
* Evaluate emerging technologies, tools, and industry trends, recommending suitable solutions for integration into the IT strategy.
* Participate in architectural governance processes and change approval forums to represent Information Security requirements.
* Contribute Information Security needs to the strategic IT planning process.
Business Continuity & Disaster Recovery
* Develop and maintain an organisation-wide Business Continuity Program covering disaster recovery, business recovery, and emergency response.
* Coordinate departmental Business Continuity Plans, ensuring alignment with corporate BCP requirements and organising regular testing.
* Create and maintain documentation such as recovery plans, emergency procedures, call lists, and test reports.
* Analyse functional areas to identify vulnerabilities, single points of failure, and risk mitigation strategies.
* Support crisis management and emergency response activities when a business disruption occurs.
* Ensure Disaster Recovery processes align with Information Security policy requirements.
* Monitor regulatory and industry developments affecting Business Continuity and Disaster Recovery and advise on implications.
Communication & Stakeholder Management
* Raise the profile of Information Security and Business Continuity across the organisation by building relationships, increasing awareness, and gaining business alignment.
* Report on Information Security and Business Continuity matters to senior management as required.
* Work collaboratively with internal stakeholders and external partners, negotiating effectively to support organisational goals.
Regulatory Compliance
* Comply with relevant regulatory requirements and conduct standards applicable to the organisation’s industry.
* Take reasonable steps to prevent breaches of regulatory conduct rules.
Person Specification
Essential Criteria
Experience
* 5+ years of relevant experience in Information Security Management.
* Strong background in developing and implementing information security and business continuity frameworks.
Skills & Knowledge
* Good knowledge of Information Security tools, techniques, and best practices.
* Strong understanding of Business Continuity strategy and planning.
* Excellent knowledge of major IT technologies, including web, client-server, mainframe, and network environments.
* Ability to influence stakeholders across business and IT functions.
* Strong negotiation skills with both internal and external parties.
* Excellent interpersonal, communication, and leadership abilities.
* High levels of initiative, drive, and a proactive “can do” mindset.
Desirable Criteria
* CISSP or equivalent professional certification.