Information Security Manager

View more categories | View less categories

Clearance Level: DV, SC, BPSS

Sector: Central Government, Consultancy, Cyber Security, Defence, Information Technology, Public Sector

Job Type: Permanent

In 2019, our founders were working as engineers solving complex cross-domain problems within government organisations.

TwinStream was formed to consolidate their collective expertise and experience into one business, providing technical excellence and exceptional service to our clients. We have teams working both on-site with clients and remotely from home.

Security Clearance: Eligible for DV clearance

The Security Manager will be responsible for maintaining and enhancing our ISO 27001 Certification and will be the focal point for all security requirements within the organisation. Working closely with internal and external stakeholders, this role will ensure that TSL’s security posture aligns with best practices, compliance standards, and contractual obligations. The successful candidate will also be responsible for driving security governance, advising on security requirements, and ensuring the smooth running of security-related projects.

1. Ensure TSL’s continued compliance with ISO 27001, Cyber Essentials, Cyber Essentials +, and DCPP CSM, working closely with relevant teams to implement and maintain security controls.
2. Lead the implementation and maintenance of information security policies and procedures to address security risks and compliance requirements.
3. Provide security-related subject matter expertise to help identify, assess, and mitigate information security risks, with an understanding of ISO 27005 and NIST Cyber Security Framework (CSF).
4. Coordinate with internal and external audit representatives to ensure security governance is being followed.
5. Collaborate closely with internal teams, including Senior Leadership, Finance, People Teams, and IT, to ensure the successful adoption and execution of information security policies and standards.
6. Lead and facilitate security policy training and awareness programs to drive a strong security culture.
7. Lead incident response and management efforts, providing expertise in handling security incidents efficiently.
8. Align ISO 27001 standards with Government frameworks, such as the Defence Cyber Protection Partnership’s Cyber Security Models (v3 and v4), ensuring full compliance.
9. Respond to DCPP evidence requirements, oversee CIP remediation activities, and build policies and procedures as necessary, ensuring continued compliance over time.
10. Engage with project Security Assurance Coordinators and support the development of contractual and project-specific documentation, with an understanding of Secure by Design (SbD) Assurance activities.
11. Oversee the implementation of protective security controls at the TwinStream premises in North Bristol and take an ongoing lead in setting and maintaining security policies and processes there.
12. Serve as the key advisor to internal and external stakeholders regarding assurance with Government Protective and Personnel Security standards and guidelines.

• Ability to work effectively in a flexible, fast-paced environment.
• Focus on accuracy and precision, with no tolerance for overlooking security-related details.
• Proactively challenge business approaches to ensure security-centric decisions are made.
• Experience in managing security incidents and leading incident response teams.
• Ability to present and be the focal point for security matters across the business.
• Experience supporting the security controller role in various frameworks.
• Understanding insider threat operational and governance requirements and applying them effectively.

• CISSP (preferred but highly desirable), CISM, or CRISC.
• Security Controller (DISA).
• Technical Security Proficiency (CompTIA or similar).
• Risk Management Proficiency (NIST or similar).

Create a job alert and receive personalised job recommendations straight to your inbox.