InfoSec & Compliance Manager

Are you looking for an InfoSec role in a fast-growing business where people are at the heart of everything we do?

Would you like to work within a socially conscious organisation that is making a real impact in the education sector?

The company

The Key is the country's most trusted provider of knowledge and know-how to education leaders determined to make a difference. We provide authoritative, up-to-the-minute sector intelligence, tools, services and resources that give leaders the knowledge to act.

The role

We are looking for a InfoSec & Compliance Manager to join our IT team. This person will take ownership of The Key's Information Security Management System (ISMS) and cultivate an environment that balances robust security with effective user enablement. You will

1. Governance & Risk

• Own and evolve the Information Security Management System (ISMS) for this business unit, keeping us aligned to ISO 27001, Cyber Essentials Plus and data-protection law aligned as appropriate to other BUs and Group activities.
• Maintain the enterprise risk register: identify, assess, prioritise and track remediation of InfoSec and compliance risks
• Lead internal / external audits and certifications, coordinating evidence collection and driving closure of findings.
• Manage the full policy lifecycle - draft, review, publish and socialise security and compliance policies.
• Report security metrics and risk posture to the Exec and Board, translating technical risk into clear business impact.

2. Security Operations

• Oversee day-to-day security operations across our Microsoft stack (Entra ID, Intune, Defender) and key SaaS platforms.
• Act as Incident Manager for security events: coordinate investigation, containment, eradication, recovery and lessons learned.
• Run the vulnerability-management programme - scans, penetration tests, prioritisation and remediation tracking.
• Conduct supplier due-diligence and ongoing security reviews, embedding robust clauses into new and renewal contracts.
• Own access governance for critical systems, working with colleagues and automating joiner-mover-leaver controls and periodic privilege reviews.

3. Enablement & Culture

• Design and deliver engaging security-awareness initiatives that build a security-first mindset across the organisation.
• Support colleagues and business owners to ensure we build and adhere to processes that bring policies to life.
• Advise product and engineering teams, embedding "secure-by-design" principles into the SDLC and change management.
• Lead business-continuity and disaster-recovery planning, tabletop exercises and continuous improvement.
• Monitor emerging threats, regulatory changes and best practice; translate insights into a forward-looking security roadmap.

• Mentor colleagues and nurture a network of "security champions", fostering a collaborative, growth-oriented culture.

Requirements

The ideal person

• Understanding of modern security principles and knows what "good enough" looks like.

• Extensive experience in a hands-on InfoSec SME role.
• Considerable experience in a hands-on Compliance role, including maintaining ISO27001 or similar.
• Demonstrable knowledge and experience in delivering end-to-end Governance and Risk Management alongside core InfoSec and Compliance requirements.
• Experience with data protection regulations (e.g., GDPR, DPA) and their implementation.
• Experience with conducting internal and external audits.
• Ability to communicate risk and compliance issues to technical and non-technical stakeholders.
• Knowledge and experience with the Microsoft security stack (EntraID, Intune, Defender)
• Experience with business continuity planning and disaster recovery.
• Strong problem-solving and troubleshooting skills.
• Excellent communication and collaboration skills.
• Ability to work effectively in a fast-paced environment.

If you don't meet all of the above but have a genuine interest in joining our team please get in touch - we'd be very happy to chat.

Benefits

Why work for us

We place huge importance on caring for and developing our people. If you join us you can expect a good work-life balance and the training and support you need to succeed in your role and continue to progress. We are a socially conscious company, but one that also likes to have fun. We offer a generous holiday allowance, flexible hours, buying and selling holiday, enhanced maternity pay, free breakfast, fruit, and drinks, regular socials and much more.

How to apply

Please upload your CV [and covering letter] below. In your cover letter please explain why you think you would be right for this role, how your experience fits, and why you would like to work at The Key

The deadline for applications is 5pm on Friday 22nd August.

If you have any questions please email recruitment@thekeysupport.com.