×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Information Security IT Consultant

Information Security Manager

Job in City of Westminster, Central London, Greater London, England, UK
Listing for: SCS Railways
Full Time position
Listed on 2026-06-08
Job specializations:
  • IT/Tech
    Cybersecurity, Information Security, IT Consultant
Salary/Wage Range or Industry Benchmark: 125000 - 150000 GBP Yearly GBP 125000.00 150000.00 YEAR
Job Description & How to Apply Below
Location: City of Westminster

The Info Sec Manager owns and drives the SCS’s Information Security Management System (ISMS), ensuring it stays certified, compliant, and continually improving. The role is accountable for maintaining compliance with ISO 27001, Cyber Essentials Plus, and the HS2 information security requirements set out in WI‑835, including BPSS screening and UK‑based data hosting. The purpose is to achieve, maintain, and demonstrate full compliance for the duration of the project while strengthening security governance, reducing risk, and keeping the ISMS audit‑ready.

Key Responsibilities
  • Lead the implementation, maintenance, and continual improvement of the ISMS in line with ISO 27001.
  • Ensure the ISMS remains audit‑ready, risk‑driven, and aligned with organisational and contractual requirements.
  • Own and maintain the full suite of ISMS documentation including policies, processes, procedures, standards, and records.
  • Achieve and maintain ISO 27001 certification, ensuring controls, evidence, and processes remain compliant year‑round.
  • Achieve and maintain Cyber Essentials Plus certification, leading the implementation of required technical and organisational controls.
  • Ensure compliance with HS2 WI‑835 requirements, including BPSS screening and UK‑based data hosting.
  • Lead a comprehensive audit programme (internal, external, CE+, penetration testing) to assess control effectiveness and drive corrective actions.
  • Maintain and communicate an effective information security risk management framework that enables informed decision‑making at senior levels.
  • Drive proactive risk identification, assessment, treatment, and monitoring across the organisation.
  • Recommend and deploy organisational and technical controls that are proportional, cost‑effective, and aligned with risk appetite and available resources.
  • Champion a strong security culture across SCS JV, ensuring policies and expectations are understood and embedded.
  • Lead the design and delivery of security training and awareness, ensuring all staff— from the board to delivery units—maintain good security behaviours.
  • Influence and support process owners to improve processes where security weaknesses are identified.
  • Work within and improve existing processes to enhance security governance and operational efficiency.
  • Ensure security requirements are considered in projects, procurement, supplier onboarding, and change initiatives.
  • Lead, mentor, and develop junior Info Sec team members, ensuring the team has the competence and capability to run an effective ISMS.
  • Influence senior managers to secure the necessary resources to sustain and improve the security function.
  • Drive continual improvement of security controls, behaviours, and processes in line with ISO 27001, Cyber Essentials, and industry best practice.
  • Track emerging risks, threats, and compliance changes, ensuring the ISMS evolves to remain effective and relevant.
Essential Qualifications
  • Demonstrable experience working with ISO 27001 and/or an ISO 27001 aligned ISMS.
  • Demonstrable experience working with Cyber Essentials.
  • Certified Information Security Manager (CISM) or equivalent qualification.
  • Demonstrable understanding of cloud technology.
  • Demonstrable working understanding of security technology and how it’s deployed to create effective technical controls (e.g., firewalls, IDS, IAM, MFA, SSO, DLP, CASB, MDM, EDR).
  • Demonstrable risk‑management knowledge and the ability to influence senior management on risk treatment decisions.
  • Working knowledge of Microsoft 365 and associated applications (e.g., Windows, Word, Excel, PowerPoint).
  • Working knowledge of the UK Data Protection Act (DPA) / GDPR.
  • Demonstrable good level of written and spoken English.
Desirable Qualifications
  • Commonly identifiable security qualification (e.g., CISA, CRISC, CDPSE, CGEIT, CCOA, CISSP).
  • Experience of other Info Sec standards (e.g., NIST, PCI‑DSS, SOC).
  • Working knowledge of Microsoft 365 / Azure security.
  • Experience leading audit processes (internal, external, pen testing).
  • Experience with recent cyber security incidents.
  • Expert knowledge of Microsoft 365 and its associated applications.
  • Ability to demonstrate that you meet the minimum job criteria and person specification.

Salary Competitive with excellent benefits package.

Flexible working:
We welcome you to ask about flexibility you need—part‑time, remote or compressed hours. We will explore what’s possible.

#J-18808-Ljbffr
Note that applications are not being accepted from your jurisdiction for this job currently via this jobsite. Candidate preferences are the decision of the Employer or Recruiting Agent, and are controlled by them alone.
To Search, View & Apply for jobs on this site that accept applications from your location or country, tap here to make a Search:
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search