Job Specifications
We are seeking an experienced and highly motivated Information Security Manager to join our growing team at Prevail Partners. The ideal candidate will bring deep technical knowledge of information security risks, controls and frameworks — with practical experience managing ISO 27001-compliant systems and embedding secure practices across dynamic operational environments. You will work closely with the Security Lead, Compliance Manager, IT department, and project teams to ensure robust, proportionate, and forward-looking protection of our people, data and systems.
This is a key role for a pragmatic and security-minded individual who can operate at both strategic and operational levels, supporting the business as it expands its global footprint and develops sensitive technology solutions.
Us:
Prevail Partners delivers high quality intelligence, and security consultancy services to clients ranging from governments and multinational corporations to non-governmental organisations. These services are delivered predominantly across Europe, the Middle East and Africa.
We pride ourselves on selecting interesting projects which we believe can genuinely make a difference. You will be joining the company at a time of continued growth, and be required to support a wide variety of these projects across the whole company.
Key Responsibilities
Security Strategy & Governance
Lead the continued development of Prevail's Information Security Management System (ISMS) in alignment with ISO 27001, driving forward maturity and integration with wider business goals
Serve as the lead advisor on information security, ensuring risk-based decision-making and strong stakeholder engagement across the business
Maintain close working relationships with external stakeholders including NCSC and NPSA, ensuring Prevail remains alert to national-level threat reporting and guidance
Represent information security within executive-level planning, commercial proposals, and assurance processes
Operational Security & Risk Management
Oversee the planning, implementation and management of technical and procedural controls across endpoint security, data access, and cloud infrastructure (including AWS)
Maintain Prevail's Cyber Essentials and Cyber Essentials Plus accreditations, including preparation, audit liaison, and continuous improvement of control measures
Lead structured risk assessments across internal systems and project-specific activities, and develop pragmatic mitigation plans with relevant teams
Data Protection & Compliance
Work alongside the Compliance Manager and DPO to ensure effective implementation of UK data protection law, including support for Data Protection Impact Assessments (DPIAs) and data mapping
Oversee the information security training and awareness programme, ensuring it reflects both regulatory obligations and operational realities
Maintain up-to-date security documentation, incident logs, audit records and policy registers
Preparedness & Incident Response
Lead and continuously improve the company's incident response framework, including conducting tabletop exercises and reviewing lessons learned
Ensure the business is prepared to respond to cyber security incidents, breaches or service disruptions through robust business impact assessment, business continuity and recovery planning
Internal Engagement & Security Culture
Deliver internal briefings and staff awareness sessions across the year, including at onboarding and company Townhalls
Champion a culture of secure behaviours, ensuring all staff understand their role in protecting the organisation and its data
Collaborate with teams across operations, HR and IT to identify emerging vulnerabilities and strengthen preventative measures
Governance & Oversight
Chair or co-chair internal security governance forums to track risks, define priorities, and drive improvement across physical, cyber and personnel domains
Contribute to security input for new markets, overseas deployments, and sensitive project work
Support leadership in meeting regulatory, contractual, and reputational requirements in relation to information security
Requirements
Essential
Demonstrable experience leading or managing an ISO 27001-aligned ISMS and Cyber Essentials with a track record of successful implementation or certification
Strong understanding of information security risk management, governance, and technical controls
Knowledge of UK data protection regulations (GDPR) and security standards relevant to operational delivery
Excellent communication and stakeholder management skills, including the ability to engage non-technical audiences
A proactive, solutions-focused mindset, capable of balancing security with business agility
Desirable
ISO 27001 Lead Implementer or Lead Auditor certification
Experience working in or with secure government, defence, or national security environments
Familiarity with broader frameworks such as ISO 31000, NIST CSF or CIS Controls.[DC1]
Experi
About the Company
Prevail Partners are mission-enablers. We help organisations to turn risk into opportunity. Founded on UK Special Military Unit know-how, we provide insightful intelligence, investigative capability and operational support to the extractive industries, the financial and legal sectors and to NGOs and governmental organisations.
Know more