Information Security Manager

At Nido, we create more than just student accommodation – we build vibrant communities where students can thrive. As a fast-growing student housing provider in Europe, we put people and the planet first, delivering exceptional spaces, conscious communities, and unparalleled experiences.

We are undertaking an ambitious and strategic journey to become Europe’s leading provider of Purpose-Built Student Accommodation (PBSA). With a strong existing portfolio of 12,000 beds across 32 properties in the Iberian Peninsula, and an active expansion into key markets including Germany and Italy, we are building the foundations for long-term, pan-European growth.

As we grow our footprint, we are looking for an experienced Information Security Manager to lead the design, implementation, and continuous improvement of the organisation\'s information security strategy. This role is critical to ensuring the protection of sensitive data, regulatory compliance, and business continuity in a rapidly evolving digital environment.

The Information Security Manager will oversee the governance of information security across all departments, coordinate risk assessments, define internal security policies and procedures, and act as the main point of contact for all matters related to data protection and security.

• Define, implement, and maintain the Information Security Management System (ISMS) in line with standards such as ISO / IEC 27001, NIST, and GDPR.
• Conduct regular risk assessments and manage mitigation plans across the organization.
• Develop and enforce security policies, standards, and procedures.
• Coordinate and support internal and external security audits and ensure follow-up on findings.
• Ensure the implementation of technical and administrative controls to protect the organisation’s information assets.
• Design, implement, and maintain Segregation of Duties (SoD) within Microsoft Dynamics F&O to strengthen internal control and minimize risks associated with access management.
• Develop and manage a comprehensive Business Continuity framework that goes beyond technical disaster recovery, ensuring organisational resilience and effective response to potential disruptions.
• Lead the incident response process, including investigation, documentation, mitigation, and reporting.
• Work closely with IT to ensure systems, networks, and applications meet security requirements.
• Promote security awareness and training across all employees.
• Produce reports and dashboards on security posture, risks, and KPIs for executive management.
• Manage relationships with third parties, vendors, and auditors in matters of security.
• Stay current with evolving threats, technologies, and compliance requirements.

• Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or a related field.
• Minimum of 3 years in information security or cybersecurity roles, with a proven track record in implementing and maintaining Information Security Management Systems (ISMS) and driving compliance initiatives (e.g., ISO 27001, GDPR).
• Strong understanding of information security frameworks such as ISO 27001, NIST, and ENS.
• Practical experience with risk assessment methodologies, security governance, and incident response.
• Solid technical knowledge of networks, systems, and cloud environments.
• In-depth understanding of data protection and privacy regulations (e.g., GDPR).
• Relevant industry certifications such as CISM, CISSP, ISO 27001 Lead Implementer, DPO, or equivalent are highly desirable.
• Fluency in English is essential. Knowledge of German and / or Italian is considered a strong advantage.

• Integrity : Commitment to upholding ethical standards, honesty, and integrity in managing sensitive information and ensuring compliance with security and data protection regulations, fostering a culture of transparency and accountability.
• Analytical Thinking : Proficiency in analysing complex security risks, threats, and vulnerabilities, and interpreting technical findings to support strategic decision-making.
• Problem-Solving : Capacity to identify security issues, assess alternative solutions, and implement effective remediation strategies to address threats, incidents, and control gaps.
• Resilience : Ability to remain composed and focused under pressure, demonstrating resilience in managing security incidents, regulatory audits, and multiple projects simultaneously under tight deadlines.
• Collaboration and Communication : Excellent communication skills with the ability to explain technical security matters clearly to both technical and non-technical stakeholders, and to collaborate effectively with IT, legal, compliance, and business teams across multiple locations.
• Personality : Proactive, self-motivated, and results-oriented, with a strong sense of ownership and accountability in driving security initiatives