Information Security Manager

As a member of the Digital Services team, this role will be at the forefront of ARAG UK’s security strategy, ensuring the confidentiality, integrity, and availability of ARAG’s information and information systems. The successful candidate will be accountable for ensuring our ISO27001 accreditation is adhered to and successfully renewed, as well as assessing information risk and facilitating remediation of identified vulnerabilities within the company’s network, systems, and applications. Additionally, you will lead the strategy, road mapping, and planning of security in the organization, as well as manage the information security team.

This is an excellent opportunity to report on findings, apply recommendations for corrective and preventative actions, and identify opportunities to reduce security risks. Key responsibilities include documenting remediation options regarding acceptance or mitigation of risk scenarios, facilitating and monitoring the performance of risk remediation tasks, and reporting on findings. The role will help the company understand security threats and develop strategies to protect ARAG’s assets and interests across multiple entities.

This is a strategic and hands-on role, where you will manage a small team while supporting the Security & Governance Manager in driving the IT security strategy, leading projects, coordinating the team’s work, and mentoring and developing team members. You will also work with others in Digital Services and the wider organization to ensure appropriate leadership and accountability in security. The role requires engagement with our parent company to ensure our ISMS aligns with their standards and frameworks, and to discuss, analyze, plan, and implement necessary changes and improvements in our Information Security Systems.

We are keen to hear from candidates with strong technical, organizational, and communication skills. You will contribute to audit responses, particularly in the InfoSec area, and help establish improvements in response processes and standardization.

• Good understanding of information security frameworks, standards, and best practices (ISO27001, NIST CSF, Cyber Essentials, OWASP).
• Knowledge of data protection legislation and regulatory requirements (e.g., GDPR, FCA SYSC, PCI DSS).
• Experience with security analysis tools and technologies (e.g., SIEM, VAS, IDS/IPS, Firewalls, IAM, NAC, patch management, anti-malware).
• Solid understanding of security incident management and response processes.
• Knowledge of authentication technologies (e.g., two-factor, multi-factor).
• Familiarity with Zero Trust principles.
• Knowledge of endpoint security solutions (e.g., HIDS, anti-malware, DLP).
• Experience with AWS and cloud platforms (SaaS, IaaS, PaaS).
• System administration skills across multiple platforms and applications.
• Ability to conduct vulnerability scans and identify vulnerabilities.
• Awareness of the current threat landscape and modern malware techniques.
• Experience delivering presentations to leadership teams.
• Intermediate expertise in IT risk management or related disciplines.

• 27 days holiday, with options to buy more.
• Company pension scheme with optional increased contributions.
• Group Income Protection and Legal Protection.
• European Motor Assistance and Home Emergency Assistance.
• Private Medical Insurance.
• Salary sacrifice benefits including Cycle scheme.
• Wellbeing programs and employee discounts.
• Participation in social and sporting events.

If you believe you are a good fit and can demonstrate transferable experience, please apply, even if you do not meet all the criteria listed above.