Information Security Manager

This is an exciting opportunity to lead and manage the SRA's ISO:27001 certified Information Security Management System (ISMS). As Information Security Manager, you'll be a subject matter expert, providing strategic advice and operational support to ensure robust information security practices are embedded across the organisation. You'll work closely with IT Security, Risk, and Governance colleagues to assess and manage risks, investigate incidents, and deliver assurance activities. You'll also lead internal audits, maintain compliance with PCI DSS, and manage external certification processes. This role is ideal for someone with strong analytical skills, excellent stakeholder engagement experience, and a deep understanding of ISO:27001 and information security frameworks. What's in it for you

• Lead the development and implementation of a certified ISMS
• Collaborate with senior stakeholders across the organisation
• Be part of a forward-thinking team focused on continuous improvement
• Influence strategic decisions and drive security awareness

• Strong knowledge of ISO:27001 and experience managing an ISMS
• Recognised security qualification (e.g. CISM)
• Experience in risk assessment, incident management, and internal auditing
• Ability to interpret vulnerability scans, penetration tests, and IT health checks
• Excellent communication and stakeholder management skills
• Knowledge of Data Protection legislation

• Experience in a regulatory environment
• Familiarity with IT service and project management practices

Additionally, we provide a generous flexible benefits package, an excellent defined contribution pension scheme and an additional 3% of annual basic salary upon successful completion of probation.

The salary offer for this role will be from £43,427 to £50,000 per annum. We are recruiting for this role on a full‑time basis, working 35 hours per week. If you have any questions that aren't in this advert or on our website, please contact us via recruitment@sra.org.uk.