×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Information Security Data Security IT Consultant

Information Security Manager

Job in Cardiff, Cardiff City Area, CF10, Wales, UK
Listing for: Evotix Limited
Full Time position
Listed on 2026-02-17
Job specializations:
  • IT/Tech
    Cybersecurity, Information Security, Data Security, IT Consultant
Job Description & How to Apply Below

At Evotix
, we’re transforming the way businesses approach health, safety, and wellbeing. Our team thrives on bold ideas, celebrates diversity, and embraces the power of collaboration.

Here’s why you’ll love working with us:

  • Competitive Compensation: Enjoy a competitive base salary and company-based performance bonus.
  • Time to Recharge: Unlimited Annual Leave because we trust you to balance your work and wellbeing.
  • Support for You: Access to our Employee Assistance Program, including mental health, legal, and financial guidance.
  • Growth Opportunities: Educational benefits to help you keep learning and growing.
  • Team Culture: Regular team events, an inclusive environment, and a shared commitment to making an impact.
The Role

Deliver impactful EHS solutions. Empower safer, smarter workplaces.

We are seeking an experienced Information Security Manager to own and scale our information‑security‑led compliance function. This role is responsible for maintaining and evolving our security certifications (e.g. ISO 27001, SOC 2, IRAP), supporting customer and prospect assurance activities, and embedding strong security and compliance practices across the business.

This is a hands‑on leadership role suited to someone who combines deep information security and GRC expertise with strong commercial awareness — able to partner effectively with Product, Engineering, Legal, Sales, and Finance to enable growth while managing risk.

What You’ll Do

Information Security & Certifications

  • Own and maintain the company’s information security management framework (ISMS), including policies, controls, and risk registers.
  • Lead and manage external security certifications and attestations, including:
  • ISO 27001 (and related standards where applicable)
  • SOC 2 Type I & II
  • IRAP (or equivalent government / regulated frameworks)
  • Plan and coordinate internal audits, external audits, penetration tests, and remediation activities.
  • Act as the primary point of contact for external auditors and assessors.

Customer & Commercial Security Assurance

  • Own the end-to-end process for customer and prospect security due diligence, including:
  • Completion and review of security questionnaires and DDQs
  • Supporting enterprise and regulated‑sector sales cycles with security assurance materials
  • Review and advise on the security and compliance components of customer contracts, DPAs, and MSAs, working closely with Legal and Commercial teams.
  • Develop and maintain standard security documentation (e.g. security whitepapers, control mappings, shared responsibility models) to streamline sales cycles.

Risk, Controls & Governance

  • Identify, assess, and manage information security and compliance risks across the organisation.
  • Ensure appropriate controls are designed, implemented, tested, and evidenced.
  • Maintain incident management, breach response, and escalation processes in line with regulatory and customer expectations.
  • Monitor relevant regulatory, contractual, and industry requirements and assess their impact on the business.

Internal Enablement & Culture

  • Embed security and compliance awareness across the organisation through training, guidance, and pragmatic processes.
  • Partner with Engineering, Product, IT, and Data teams to ensure security controls are proportionate, practical, and scalable.
  • Support leadership with clear reporting on security posture, risks, audit outcomes, and remediation progress.
  • Build, lead, and develop the compliance and information security capability as the company scales (including potential future hires or external partners).
  • Establish clear ownership, documentation, and repeatable processes that reduce manual effort over time.
What You Bring
  • Significant experience in information security, compliance, or GRC roles within a SaaS, technology, or regulated environment.
  • Proven hands‑on ownership of security certifications such as ISO 27001 and SOC 2 (end‑to‑end, not just policy oversight).
  • Strong understanding of information security controls, risk management, and audit processes.
  • Familiarity with cloud‑based SaaS architectures and modern Dev Sec Ops  practices.
  • Experience working in a private‑equity‑backed or high‑growth environment.
  • Experience responding to enterprise customer…
Note that applications are not being accepted from your jurisdiction for this job currently via this jobsite. Candidate preferences are the decision of the Employer or Recruiting Agent, and are controlled by them alone.
To Search, View & Apply for jobs on this site that accept applications from your location or country, tap here to make a Search:
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)

Job Posting Language
Employment Category
Education (minimum level)
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search