Information Security Manager

Job Role:Information Security Manager

Reporting to: CTO

Location: Head Office, White City Place, West London

Contract type: Full Time, 37.5 hours per week

About Us

ME+EM is one of the UK’s fastest-growing luxury fashion brands. As a direct-to- consumer business we operate in a truly omnichannel way, with an extremely successful online store, monthly mailings and stores in London, Edinburgh and concessions in Harrods and Selfridges. Our exciting growth continues in spring 2024 with the opening of our first US stores.

At ME+EM we are an entrepreneurial, creative, and passionate group of people. We work hard, are enthusiastic to learn and are not afraid to take risks. Everyone contributes to our success at all levels, and that precisely what makes being a member of the team so rewarding.

Our office and stores are always busy and fast paced, but we work just as hard to make sure it’s fun, with social activities and biannual parties. We pride ourselves on being approachable, supportive, and welcoming and ensure that everyone’s hard work is rewarded. It takes all these things to build a strong, successful business and our door is always open to new talent ready to contribute to our growth and evolution.

About the Role

The Information Security Manager (ISM) will be responsible for developing, implementing, and maintaining ME+EM’s information security program. Reporting to the CTO, this role will involve managing risk assessments, monitoring compliance, and embedding a robust security culture throughout the organisation. The ISM will act as the primary subject matter expert on information security, ensuring policies are up-to-date, practical, and enforced, and will communicate security risks and opportunities for improvement directly to senior management.

Responsibilities:

Cyber Security Strategy & Governance

• Implement and refine the organisation’s cyber security strategy, aligned with business objectives and risk appetite.

• Lead the development and maintenance of a comprehensive Information Security Management System (ISMS).

• Define and review metrics and KPIs to monitor the effectiveness of security controls.

Policy Management

• Draft, maintain, and enforce all information security policies, procedures, and standards (e.g. access control, data classification, acceptable use).

• Ensure policies are communicated, understood, and adhered to across departments.

• Review and update policies regularly in line with regulatory changes and business needs.

Risk Management

• Conduct and manage regular information security risk assessments across the business.

• Identify and evaluate vulnerabilities, threats, and risks to company assets, systems, and data.

• Work with internal teams to prioritise, treat, or accept risks and track mitigation progress.

Compliance & Audit

• Ensure compliance with relevant security frameworks, data protection laws (e.g. GDPR), and industry standards.

• Manage internal and external security audits, penetration tests, and vulnerability assessments.

• Maintain records of security incidents and lead post-incident reviews and continuous improvements.

Training & Awareness

• Drive an organisation-wide security awareness program to foster a proactive security culture.

• Deliver targeted training for teams and departments based on their risk profile.

Communication & Reporting

• Prepare and present risk summaries, compliance reports, and improvement plans to senior stakeholders.

• Act as the primary liaison for third-party security consultants, auditors, and regulators.

• Champion security at the executive level, influencing key decisions and budgeting.

Skills:

Essential

• Proven experience in a similar Information Security Management or Cyber Risk role.

• Strong understanding of information security principles, risk management frameworks, and industry best practices (e.g. ISO 27001, NIST, CIS).

• Demonstrated experience in drafting and implementing security policies and procedures.

• Strong communication skills with the ability to engage both technical and non-technical audiences.

• Proficiency in conducting security risk assessments and presenting results to senior management.

Desirable

• Relevant certifications such as CISSP, CISM, ISO 27001 Lead Implementer/Auditor.

• Experience in retail or e-commerce environments.

• Familiarity with cloud security, especially across SaaS platforms and modern infrastructure (e.g., GCP, Azure).

• Experience with security tools like SIEM, DLP, endpoint protection, and vulnerability scanners.

Employee Benefits:

• 33 days annual leave for full time employees (25 days holiday + 8 bank holidays)

• A day off to celebrate your birthday.

• Pension Scheme

• Group Life Insurance

• Employee Assistance Programme (EAP)

• Length of Service Award

• Refer a Friend Scheme

• Staff uniform for retail employees

• Generous Staff and Friends and Family Discount

• Annual Volunteer Day

• Cycle to Work Scheme

• Tech Scheme

• Eye Care Vouchers

• Real Living Wage Employer

• Employee led committees

• Social events and biannual parties

• Enhanced maternity and paternity package after 2 years of service.

ME+EM is an equal opportunities employer committed to fostering and preserving a culture ofdiversity, equality, and inclusion in our workforce. As an equal opportunities’ employer, we do notdiscriminate against applicants based on race, colour, religion, gender, gender identity orexpression, sexual orientation, national origin, genetics, disability, age, or veteran status. Webelieve that diversity enriches our workforce and strengthens our organisation. Therefore, weencourage minorities, LGBTQ+ candidates, and individuals with disabilities to apply for opportunities within our company.

Please note, due to the large number of applications we receive, we can only reply to those thatare successful to the next stage.