Information Security Lead

My client is recruiting an Information Security Lead to take full ownership of information security governance, risk management, and audit readiness across the organisation. This role is responsible for ensuring the business remains continuously compliant while enabling teams to operate quickly and securely in a regulated environment.

The successful candidate will lead the information security function, working closely with technical and operational teams to embed pragmatic, delivery‑focused security practices that support business outcomes.

Key Responsibilities

• Own information security governance and the ISMS end‑to‑end, including risk registers, policies, internal audits, management reviews, and external audits.
• Lead compliance against recognised security standards (including ISO 27001) and extend governance into additional frameworks where required.
• Establish and maintain a robust, audit‑ready evidence pipeline with clearly defined ownership.
• Maintain a live, decision‑focused risk register with mitigation plans and accountable owners.
• Operate pragmatic policy lifecycle and exception management processes.
• Define evidence and assurance expectations for technical security controls.
• Validate control effectiveness and ensure ongoing audit readiness.
• Support vendor and customer security due diligence activities.
• Observe incident response exercises and ensure corrective actions are tracked and closed.
• Design and deliver organisation‑wide security awareness and training programmes.
• Maintain clear, accessible security guidance and best practices for all teams.
• Lead and develop the information security function, partnering across engineering, IT, operations, and governance teams.
• Contribute to resilience, reliability, and continuous improvement initiatives from a risk and governance perspective.

Qualifications and Experience

• 7+ years’ experience in information security or ISMS leadership roles.
• Hands‑on experience owning ISO 27001 end‑to‑end, including audits and management reviews.
• Strong experience managing evidence, documentation, and compliance artefacts.
• Proven ability to translate technical security controls into compliance‑ready evidence.
• Track record of influencing stakeholders through collaboration rather than enforcement.

Preferred

• Experience with additional frameworks such as SOC 2, ISO 27701, or CIS.
• Professional security certifications (e.g. CISSP, CISM, ISO Lead Auditor/Implementer).
• Experience working closely with security engineering or platform teams.
• Background in fast‑moving or growth‑oriented environments.

Information Security Lead • Birmingham, UK