- Company Name
- Prevail Partners Limited
- Job Title
- Information Security Manager
- Job Description
-
**Job Title**: Information Security Manager
**Role Summary**
Lead the design, implementation, and continuous improvement of the organization’s Information Security Management System (ISMS) to align with ISO 27001 and Cyber Essentials standards. Drive risk-based decision‑making, oversee technical and procedural controls, and cultivate a security‑aware culture across all business functions.
**Expectations**
- Achieve and maintain ISO 27001 certification and Cyber Essentials Plus accreditation.
- Deliver annual risk assessments and mitigation plans that support business objectives.
- Ensure timely incident response, recovery planning, and ongoing improvement of the incident response framework.
- Demonstrate measurable improvement in security posture and stakeholder confidence within the first 12 months.
**Key Responsibilities**
- Develop and evolve the ISMS, integrating it with broader business goals.
- Serve as senior security advisor, influencing executive‑level strategy and commercial proposals.
- Maintain relationships with external bodies (e.g., NCSC, NPSA) and ensure awareness of national threat intelligence.
- Plan, implement, and monitor technical controls across endpoint, data access, and cloud environments (including AWS).
- Manage Cyber Essentials programs, audit preparation, and continuous controls improvement.
- Conduct structured risk assessments across internal systems and project activities; create mitigation plans.
- Collaborate with Compliance, DPO, and business units to implement UK GDPR/UK Data Protection Act requirements and DPIAs.
- Oversee security awareness training, internal briefings, and engagement activities.
- Lead the incident response program, including tabletop exercises and post‑incident reviews.
- Manage business continuity, recovery planning, and impact assessment for cyber incidents.
- Chair or co‑chair internal security governance forums; track risk, define priorities, and drive improvements.
- Provide security input for new market entries, overseas deployments, and sensitive projects.
**Required Skills**
- Proven leadership in ISO 27001‑aligned ISMS implementation and Cyber Essentials compliance.
- Deep knowledge of information security risk management, governance, and technical controls.
- Strong understanding of UK data protection laws (GDPR, Data Protection Act).
- Excellent communication and stakeholder management, capable of translating technical concepts to non‑technical audiences.
- Proactive, solutions‑focused mindset balancing security with business agility.
- Experience in risk assessment, incident response, and business continuity planning.
**Required Education & Certifications**
- Bachelor’s degree in Information Technology, Computer Science, Cyber Security, or related field.
- ISO 27001 Lead Implementer or Lead Auditor certification (essential).
- Additional certifications in ISO 31000, NIST CSF, or CIS Controls desirable.
---