We are recruiting an Information Security Manager who will be a key member of the Healix Risk Department. You will be working across Healix International Group to manage all areas of data & information security compliance including the oversight and management of the firm’s control framework relating to these speciality areas. As the Information Security Manager you will design, implement & maintain the Information Security Management System (ISMS) in accordance with ISO27001, Cyber Essential Plus & SOC2 and other relevant standards. In a travel risk management environment this role is critical for safeguarding sensitive traveller data, real-time location tracking and operational systems that support crisis response and duty of care obligations for clients worldwide. In addition you will support the firm’s governance, RFP requests, addressing areas of risk and supporting plans to address these risks including the compilation of business continuity plans (BCP). You will work very closely with colleagues in IT to enhance the technology & control frameworks regarding information security compliance & cyber threat security. About Healix Healix safeguard’s people’s health and wellbeing in every corner of the world. We offer international risk management and assistance services around the globe and employee healthcare benefits within the UK. Our purpose is to help people in difficult situations – whether that’s a cancer diagnosis, a need for medical assistance when they’re far from home or being caught up in conflict or natural disaster. We talk to them, support them, and make sure they get the help they need. As a result, we have an impressive list of clients – ranging from governments, broadcasters, NGOs to international corporations, major insurers and more. Person Specification We are looking for someone who brings both technical expertise and a collaborative mindset: Professional certifications such as CISM, CISSP, or ISO 27001 Lead Implementer/Auditor (or equivalent). Hands-on experience with ISO 27001:2022, Cyber Essentials Plus, and enterprise risk management. Strong background in information security governance, compliance, and risk assessment. Experience in travel risk, security, or medical assistance sectors is a plus. Excellent communication skills – both written and verbal – with the ability to influence and educate. A proactive, solution-focused approach with strong problem-solving skills. High attention to detail and a customer-centric mindset. Comfortable working in a fast-paced, dynamic environment. Committed to continuous personal and professional development.If you're ready to make a meaningful impact and help shape the future of information security at Healix, we’d love to hear from you. As we are expecting a high number of applications, we may close the role before the advertised date. About The Role Key Responsibilities for the Information Security Manager: Risk & Compliance Lead the development, implementation, and continuous improvement of our Information Security Management System (ISMS) in line with ISO 27001 and other regulatory standards. Assess security posture, identify vulnerabilities, and develop mitigation strategies to manage enterprise-wide information security risks. Maintain and enhance the organisation’s risk register and heat map, ensuring risks are scored, tracked, and treated effectively. Oversee the implementation and management of security systems including firewalls, encryption, and data protection controls. Investigate and respond to security incidents, policy breaches, and regulatory findings. Collaborate with internal teams to close audit actions and ensure documentation meets compliance standards. Engage external experts when necessary and monitor the effectiveness of their services. Policy & Training Develop and maintain global information security and cyber policies. Deliver engaging training and awareness programmes to foster a strong security culture. Promote a positive risk and compliance mindset across the organisation. Ensure lessons from audits, incidents, and inspections are embedded into practice. Incident & Breach Management Lead the response to cyber and information security incidents, including investigation, containment, and escalation. Maintain and test business continuity and disaster recovery plans. Coordinate incident response efforts across IT, operations, and client-facing teams. Risk & Control Management Identify and manage risks related to mobile travel apps, tracking systems, and third-party data processors. Develop risk treatment plans and support the implementation of appropriate controls. Work closely with Governance and Data Protection teams to ensure alignment. Vendor & System Assurance Conduct third-party security assessments and manage security clauses in supplier contracts and SLAs. Oversee penetration testing and vulnerability scanning of core systems, including client portals and emergency response platforms. People Management Lead and mentor a team of Analysts, ensuring high-quality output and continuous development. Create and support individual training and development plans.Required Criteria Excellent communication skills both verbal and written CISM/CISSP, a certified ISO 27001 Lead Implementer/Auditor or equivalent Experience implementing or working towards ISO 27001 – 2022 & Cyber Essentials Plus Desired Criteria Experience in Risk Resilience Management and/or International Medical Assistance Skills Needed About The Company We offer UK employee healthcare benefits, and travel, medical and security assistance in every corner of the globe. Our purpose is to help people in difficult situations – whether that’s a cancer diagnosis, a need for medical assistance when they’re far from home, or being caught up in conflict or natural disaster. We talk to them, support them, and make sure they get the help they need. If necessary, we’ll pull them out and bring them home. We’re co-ordinators and problem-solvers: experts at navigating the global health and security landscape. Our teams of doctors, nurses, travel and medical co-ordinators and security experts make sure that your people will be looked after, whatever happens supported by technology designed help individuals, not slot them into a predetermined solution. We work with governments, broadcasters, NGOs, international corporations, major insurers and more. No two clients are the same: we adapt our services to their needs. More importantly, we adapt to the practical and human needs of the individuals we protect. Most of us are on the front line; we keep our back office lean. We don’t use scripts, and we don’t time calls. We never lose sight of the fact that we’re dealing with real people. Company Culture Instead, we focus on ensuring our highly trained specialists have the space and time they need to be effective. We let them use their initiative to get the job done, because the situations they face often throw up unexpected challenges – and no protocol survives contact with the real world. Our clients have thousands of employees and customers, at home and abroad, so they need a business big enough to handle any situation. But they chose Healix because they also need an organisation that’s personal enough to care. Our people are driven to do things in the best way, not the way they have always been done. We work hard, and our efforts are rewarded with great development opportunities and a supportive team spirit. We want to nurture this friendly and dynamic company culture so that we can continue to attract diverse talent with a breadth of knowledge and world-class skills. As a part of Healix, you can expect a range of excellent benefits and an environment where people really do care. Company Benefits Commitment to career development We are committed to helping our people build and develop successful careers. Our employees are given direct responsibility and opportunity to develop and grow whilst working on challenging and worthwhile projects in a rewarding and supportive environment. We invest in the continuous development of our team, offering on-going training and professional enhancement opportunities for those wishing to diversify or take additional responsibilities. Health insurance, Vacation, Paid time off, Retirement plan and/or pension, Office perks, Employee development programs, Employee discounts, Gym membership or wellness programs, Opportunity to travel, Casual dress, Cycle to work, Free work laptop, Referral bonus, Open office, Competitive salary, Life insurance, Employee Assistance Scheme, Wellbeing Scheme, Social Opportunities, Progression opportunities Salary £50,000.00 per year