Information Security Manager

We're engaged in a search for a long standing professional services client of ours, working in a brand new role as an Information Security Manager. This is a manager role and requires prior experience managing a team of people, ideally within cybersecurity but it could be from previous positions.

• Maintain and develop the organisation’s information security governance framework, including policies, standards and procedures.
• Lead SOC 2 and ISO 27001 programmes, covering audit preparation, evidence coordination, remediation and close out.
• Ensure compliance with client, regulatory and contractual security requirements.
• Manage policy exceptions, risk acceptances and compensating controls.

• Own security authorisations and attestations required for regulated client engagements.
• Coordinate evidence collection and control validation across technical and business teams.
• Track renewal timelines and control changes to maintain eligibility for regulated work.

• Lead the information security AI governance programme.
• Define and maintain AI security requirements, risk assessments and usage standards with legal, privacy and compliance teams.
• Establish controls covering data handling, access management, model use and third party AI risk.
• Support client and regulatory enquiries related to AI security and governance.
• Monitor emerging AI regulation and assess impact on controls and policies.
• Maintain the enterprise information security risk register.
• Lead periodic risk assessments, including AI, data processing and third party technology risks.
• Translate technical risk into business impact and decision making.

• Oversee third party security risk management in partnership with legal and procurement.
• Lead structured security reviews of vendors, including SaaS and AI providers.
• Track remediation activity and ongoing monitoring.

• Act as primary contact for internal and external information security audits.
• Coordinate evidence gathering across IT, security, privacy and business teams.
• Track findings, corrective actions and improvement plans.

• Directly manage a team of information security analysts.
• Set priorities, provide coaching and support professional development.
• Establish consistent processes, documentation standards and performance expectations.
• Work with security engineering and operations to align governance with technical controls.
• Partner with legal, compliance, privacy and data teams on regulatory and AI governance matters.
• Support client security assessments and due diligence activity.

• Bachelor’s degree in information security, risk management or a related field, or equivalent experience.
• 7 to 10 years’ experience in information security, GRC, audit or risk management.
• At least 2 years’ experience managing people or leading a team.
• Demonstrated experience running SOC 2 and or ISO 27001 programmes.
• Practical exposure to AI governance, data governance or emerging technology risk.
• Experience supporting client driven security assessments in a professional services or regulated environment.
• Experience using GRC platforms and risk management tooling.
• Professional certifications such as CISSP, CISM, CRISC, CGRC or ISO 27001 Lead Implementer or Auditor are preferred.
• Clear written and verbal communication skills and the ability to work across technical and non technical teams.

Other information:

Candidates must be authorised to work in the United States without sponsorship now or in the future.