Information Security Manager

Overview

We are seeking an experienced and highly motivated Information Security Manager to join our growing team at Prevail Partners. The ideal candidate will bring deep technical knowledge of information security risks, controls and frameworks — with practical experience managing ISO 27001-compliant systems and embedding secure practices across dynamic operational environments. You will work closely with the Security Lead, Compliance Manager, IT department, and project teams to ensure robust, proportionate, and forward-looking protection of our people, data and systems.

This is a key role for a pragmatic and security-minded individual who can operate at both strategic and operational levels, supporting the business as it expands its global footprint and develops sensitive technology solutions.

Prevail Partners delivers high quality intelligence, and security consultancy services to clients ranging from governments and multinational corporations to non-governmental organisations. These services are delivered predominantly across Europe, the Middle East and Africa. We pride ourselves on selecting interesting projects which we believe can genuinely make a difference. You will be joining the company at a time of continued growth, and be required to support a wide variety of these projects across the whole company.

• Security Strategy & Governance
• Lead the continued development of Prevail's Information Security Management System (ISMS) in alignment with ISO 27001, driving forward maturity and integration with wider business goals
• Serve as the lead advisor on information security, ensuring risk-based decision-making and strong stakeholder engagement across the business
• Maintain close working relationships with external stakeholders including NCSC and NPSA, ensuring Prevail remains alert to national-level threat reporting and guidance
• Represent information security within executive-level planning, commercial proposals, and assurance processes

• Operational Security & Risk Management
• Oversee the planning, implementation and management of technical and procedural controls across endpoint security, data access, and cloud infrastructure (including AWS)
• Maintain Prevail's Cyber Essentials and Cyber Essentials Plus accreditations, including preparation, audit liaison, and continuous improvement of control measures
• Lead structured risk assessments across internal systems and project-specific activities, and develop pragmatic mitigation plans with relevant teams

• Data Protection & Compliance
• Work alongside the Compliance Manager and DPO to ensure effective implementation of UK data protection law, including support for Data Protection Impact Assessments (DPIAs) and data mapping
• Oversee the information security training and awareness programme, ensuring it reflects both regulatory obligations and operational realities
• Maintain up-to-date security documentation, incident logs, audit records and policy registers

• Preparedness & Incident Response
• Lead and continuously improve the company's incident response framework, including conducting tabletop exercises and reviewing lessons learned
• Ensure the business is prepared to respond to cyber security incidents, breaches or service disruptions through robust business impact assessment, business continuity and recovery planning

• Internal Engagement & Security Culture
• Deliver internal briefings and staff awareness sessions across the year, including at onboarding and company Townhalls
• Champion a culture of secure behaviours, ensuring all staff understand their role in protecting the organisation and its data
• Collaborate with teams across operations, HR and IT to identify emerging vulnerabilities and strengthen preventative measures

• Governance & Oversight
• Chair or co-chair internal security governance forums to track risks, define priorities, and drive improvement across physical, cyber and personnel domains
• Contribute to security input for new markets, overseas deployments, and sensitive project work
• Support leadership in meeting regulatory, contractual, and reputational requirements in relation to information security

Essential

• Demonstrable experience leading or managing an ISO 27001-aligned ISMS and Cyber Essentials with a track record of successful implementation or certification
• Strong understanding of information security risk management, governance, and technical controls
• Knowledge of UK data protection regulations (GDPR) and security standards relevant to operational delivery
• Excellent communication and stakeholder management skills, including the ability to engage non-technical audiences
• A proactive, solutions-focused mindset, capable of balancing security with business agility

Desirable

• ISO 27001 Lead Implementer or Lead Auditor certification
• Experience working in or with secure government, defence, or national security environments
• Familiarity with broader frameworks such as ISO 31000, NIST CSF or CIS Controls
• Experience supporting the secure delivery of…