Job Profile

Job Title: Information Security Manager


remuneration: £

employment type: perm

Job Overview:

Working for a blue chip Professional Services Firm in order to provide expertise across a range of information security activities including IT risk management, third party assurance, ISO 27001 compliance, and management reporting.

Reporting into the Director of IT Security & Risk Management the ideal candidate should have an in-depth understanding of the principles, concepts and technologies relating to IT Security with experience in working in a highly technical, dynamic environment, and be able to demonstrate the ability to communicate at all levels of the business

Main Responsibilites

ISO27001 Management

  • Ensure IT Servicescompliance with the Firms ISMS\ISO27001 framework.
  • Monitor security policies, programs or procedures to ensure compliance with internal security policies, licensing requirements, or applicable government security requirements, and directives.
  • Generating reporting to demonstrate ISO27001 compliance.
3rd Party Assurance
  • Manage security elements of 3rd party assurance processes.
Internal Audit
  • Manage, maintain, and develop audit framework.
  • Agree risk assessment methodology with Internal Assurance.
  • Manage ITS audit response and follow-up.
  • Audit reporting.
IT Risk Management
  • Document and communicate IT operational risks.
  • Maintain data quality of risk management systems.
  • Recommend ways to control or reduce risk.
  • Perform cost-benefit analysis of risk mitigation scenarios to identify the most appropriate risk management approach.
  • Devise systems and processes to monitor validity of risk modelling outputs.
  • Develop or implement risk-assessment models or methodologies.
  • Produce reports or presentations that outline findings, explain risk positions, or recommend changes.
  • Managing or co-managing IT Risk activities to provide exceptional service to the firm and its clients.


  • Proven experience of managing IT compliance with ISMS\ISO27001 frameworks.
  • Experience in, writing Information Security policies in the context of ISO27001 framework.
  • Management of audit activities from standards bodies, vendors, clients and other regulatory bodies.
  • Well versed in risk assessment techniques and methodologies.
  • Team leadership experience
  • Proven experience in presenting compliance-related topics to non-technical audiences
  • Demonstrable current industry knowledge
  • CISSP\CISA\CISM qualifications or relevant industry experience.
  • Experience from professional services\financial sector (preferably Big 4 experience).
  • Strong academic background with a minimum 2:1 degree.
Personal Attributes
  • Broad knowledge of a wide range of IT technologies and the inherent security risks.
  • Understanding of information security principles and best practise (e.g., ISO27001 and ISF Standards of Good Practice for Information Security).
  • A strong understanding of incident management.
  • Strong technical abilities, combined with business acumen.
  • Ability to communicate business and technical risk to all levels of audience.
  • Excellent interpersonal skills with ability to build and influence teams.
  • An excellent eye for detail, meticulous in detailed reporting, and with a pleasant manner to encourage understanding and buy-in to compliance-related initiatives.
  • Able to work using own initiative with minimal supervision, often progressing a number of different activities within the same timeframe.

Share This Job