Information Security Manager

from, and across often hard-to-reach markets. Job Description About the Role The Information Security Manager will play a crucial role in protecting the confidentiality, integrity, and availability of our systems and data. You'll work across the business to support secure delivery of projects, conduct thorough risk assessments, oversee third‑party security engagements, and contribute to shaping our evolving security posture. This is a technically hands‑on role ideal for someone who enjoys both strategic thinking and rolling up their sleeves to get things done.

• Advise and support project teams to embed security best practices throughout the project lifecycle.
• Scope, manage, and track remediation of penetration testing and vulnerability assessments.
• Maintain application security processes, standards, and guidelines.
• Translate application security policies into security requirements and work closely with engineers.
• Conduct and document security risk assessments on changes, threats, vulnerabilities, and new initiatives.
• Perform third‑party vendor risk assessments and ongoing security reviews.
• Assist in identifying and assessing new security technologies and vendors.
• Lead or support response to security incidents, including investigation, containment, root cause analysis, and reporting.
• Work with internal teams to continuously improve incident response processes.
• Support compliance and alignment with ISO 27001, Cyber Essentials, SWIFT, NIST CSF and other relevant frameworks.
• Communicate effectively with various stakeholders, including engineers, product managers, operations teams, senior management, and auditors regarding the information security posture, risks, and mitigation strategies.

• Extensive experience in information security roles, ideally in a regulated environment.
• Bachelor's degree or higher in Computer Science.
• CISSP certification is essential; additional certifications (e.g., CEH, OSCP, AWS Security) are a plus.
• Experience working with ISO 27001, Cyber Essentials, NIST CSF and preferably SOC 2, or SWIFT frameworks.
• Strong understanding of security in the context of software development and application security (OWASP, SDLC, DevSecOps).
• Technically hands‑on in AWS, DevSecOps pipelines, configuration of security vendor solutions, and basic scripting language for automation.
• Experience using tools like Tenable, Mimecast, Akamai, Sophos, and MDR tools.
• Excellent communication skills, with the ability to engage both technical and non‑technical stakeholders.
• Innovative mindset with a passion for staying current in the ever‑evolving cyber landscape.
• Experience working in or with regulated financial institutions is desirable.

• Competitive salary and benefits.
• Training and development support.
• Hybrid working arrangements.
• Contributory personal pension plan.
• Life assurance: 4 times annual salary.
• Group income protection.
• Private medical insurance (including cover for partner or children at company cost).
• Optical, dental and audiology coverage.
• Discretionary bonus.
• Competitive annual leave.
• Volunteering days.
• Benefit Hub.
• Opportunity to work on cutting‑edge financial services and security projects.