IT & Information Security Manager

Join to apply for the IT & Information Security Manager role at Zaizi

Zaizi is a software consultancy specialising in building bespoke digital solutions using open source software and cloud platforms. We predominantly work with central government agencies and adhere to the Government Digital Service standard.

We take security seriously, and are certified to ISO 27001 and Cyber Essentials Plus, demonstrating our commitment to robust information security practices.

To support our continued growth, we are seeking an experienced Information Security Manager.

In this role, you will be responsible for ensuring our ongoing compliance with ISO27001 and Cyber Essentials Plus, including managing quarterly external audits and facilitating Integrated Management System (IMS) meetings.

You will also oversee our adherence to ISO 9001 and ISO 14001, ensuring that all relevant documentation and processes are audited and maintained.

Furthermore, you will conduct internal and external risk management workshops, supporting both our own compliance and that of our clients. You will provide expert analysis and advisory services on security compliance standards for the applications and cloud solutions we develop and support.

1. Develop, implement, and maintain comprehensive compliance programs, including integrated management systems for ISO 27001, ISO 9001, ISO 14001, and Cyber Essentials Plus.
2. Oversee security operations, managing internal security tools and processes to ensure optimal protection of company assets.
3. Lead IT Support management, including asset management, budget planning, software deployment, and strategic forward planning.
4. Provide effective line management to an IT support team of three support staff, ensuring efficient team processes and driving continuous improvement initiatives.
5. Foster a collaborative and high-performing team environment.
6. Serve as the acting Data Protection Officer, ensuring compliance with data protection regulations.
7. Champion a culture of security awareness, embedding security by design principles throughout the business.
8. Own and manage critical security processes, including threat detection and incident response, vulnerability and patch management, security advisory and consultancy, and security testing, including the scoping and organisation of external penetration testing.
9. Collaborate closely with the leadership team, providing insightful reports on key security metrics.
10. Ensure security considerations are integrated into all projects and product development initiatives.
11. Support enterprise risk and compliance initiatives, taking a lead role in IT risk management.
12. Extensive industry experience in an IT & Security focused role.
13. You are an experienced supportive manager and can get the best out of your team.
14. You are keen to share your knowledge and are open to giving (and receiving) continuous feedback.
15. Strong communicator who thrives working cross-functionally across multiple teams.
16. You can influence people of all grades to deliver the right outcomes.
17. Security Management, IT management (ITILv4), Continuous Monitoring/Threat Alerts, Managing security incident and non-conformances, Experience with Data protection duties and GDPR.

• (CISM) certification or CISSP desirable to have.

We expect the successful candidate to work in the office for a minimum of two days per week.

Security Clearance: Certain projects require staff to be British and cleared to SC level (or eligible for clearance).

If you don’t meet all the requirements, we encourage you to still apply. We value diversity and inclusion, welcoming applications from women, minorities, individuals with disabilities, neurodivergent individuals, parents, carers, and those from lower socio-economic backgrounds. Let us know if you need accommodations during the application or interview process.