×
Register Here to Apply for Jobs or Post Jobs. X

Information Security & Compliance Manager

Job in Greater London, London, Greater London, W1B, England, UK
Listing for: Blue Matter
Full Time position
Listed on 2026-07-01
Job specializations:
  • IT/Tech
    Cybersecurity, Information Security, IT Consultant, Data Security
Salary/Wage Range or Industry Benchmark: 70000 - 90000 GBP Yearly GBP 70000.00 90000.00 YEAR
Job Description & How to Apply Below
Location: Greater London

Blue Matter is a rapidly growing strategic consulting firm serving clients in the life sciences industry. We partner with our clients to help them achieve commercial success across the lifecycle of their products, portfolios and organisations. Our project types include new product planning, launch strategy & planning, brand & life cycle planning and corporate & portfolio strategy, across a variety of specialty therapeutic areas.

We have a unique entrepreneurial culture and invest in building Blue Matter to be one of the best places to work. We have a strong global presence with offices in the US (San Francisco, New York, Boston), Europe (London, Zurich, Netherlands), and India (Mumbai, Gurgaon, Pune).

Why this role exists

Our clients are among the most security- and privacy-conscious organizations in the world, and they trust us with highly sensitive commercial and scientific information. At the same time, our internal AI platform,
Blue Cortex
, is becoming central to how we serve them — which raises both the stakes and the opportunity around how we govern data and technology. As we grow, we need a dedicated owner for information security and compliance. This role sits in our Technology & Operations team and is based in the UK — giving us strong coverage of GDPR and UK GDPR obligations, alignment with European clients and subsidiaries, and time‑zone support for our global team.

What

you’ll do

Security governance and strategy

  • Own and run Blue Matter’s information security program end-to-end, including for Blue Cortex.
  • Define, maintain, and operationalize security policies, standards, and procedures, and keep them current as the firm scales.
  • Maintain the risk register, run regular risk assessments, and drive remediation to closure.
  • Report on security and compliance posture to leadership in clear, business-oriented terms.

Compliance and certifications

  • Drive certification and attestation efforts (e.g., ISO 27001 and/or SOC
    2): design and maintain the control framework, own the documentation and evidence, and lead internal and external audits.
  • Build a sustainable, “always-audit-ready” approach rather than a once-a-year scramble.
  • Track relevant regulatory and framework developments and translate them into practical action.

Data protection and privacy

  • Lead data protection under GDPR and UK GDPR; act as, or closely support, our Data Protection function.
  • Maintain records of processing (RoPA), conduct Data Protection Impact Assessments (DPIAs), and own data-handling, retention, and minimization policies.
  • Manage data subject requests and any personal-data incidents, including regulator and individual notifications where required.
  • Oversee data transfer mechanisms and data residency considerations across our global footprint and subsidiaries.

Client security assurance

  • Own the response to client security due-diligence: complete security questionnaires and assessments from biopharma and medtech clients accurately and on time.
  • Support commercial and contractual discussions on security, privacy, and data processing terms (e.g., DPAs).
  • Maintain a library of reusable security documentation, certifications, and answers to accelerate client reviews.

Microsoft 365 security operations

  • Secure and govern our Microsoft 365 environment — Entra , Microsoft Defender, Microsoft Purview, and Intune.
  • Own identity and access management: conditional access, MFA, privileged access, joiner/mover/leaver processes, and least-privilege enforcement.
  • Implement and tune data loss prevention (DLP), information protection/labelling, and device compliance.
  • Partner with IT on secure configuration, patching, and endpoint hardening.

Third-party and vendor risk

  • Run third-party and vendor risk management across our supply chain, including security review of new tools and AI/SaaS vendors.
  • Maintain an inventory of vendors and their data access, and reassess risk on a regular cadence.

Incident response and investigations

  • Own the incident response plan; lead detection, triage, investigation, containment, and post-incident review.
  • Investigate security events (for example, analysing Entra
    -in and audit logs), and produce clear, actionable incident reports.
  • Run tabletop…
Note that applications are not being accepted from your jurisdiction for this job currently via this jobsite. Candidate preferences are the decision of the Employer or Recruiting Agent, and are controlled by them alone.
To Search, View & Apply for jobs on this site that accept applications from your location or country, tap here to make a Search:
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary