Information Security Manager

Vacancy Name

Information Security Manager

VN1273

Corporate

UK, Europe, South Africa, India

Full Time

The Information Security Manager (ISM) at Lemongrass is responsible for the creation, implementation, and ongoing management of the Lemongrass Security Framework (LSF). This framework spans all critical security domains including Cloud (AWS, Azure, GCP), Identity and Access Management (IAM), Operations, Data, Artificial Intelligence (AI), SAP on Cloud, and Product Development.

The ISM ensures that security is embedded by design, by default, and by operation, guiding the business and technical teams to align with industry best practices and compliance standards. This role is crucial in safeguarding Lemongrass and its client environments by promoting a proactive security culture, ensuring that policies, standards, procedures, and guidelines are comprehensive, current, and operationally enforced.

• Security Framework Development:
  Lead the design and evolution of the LSF to cover all operational and technical domains, including data classification, protection, governance, and lifecycle management.
• Policy & Governance:
  Develop and maintain security policies, ensuring supporting standards, procedures, and guidelines are created by relevant teams and aligned to regulatory and business needs.
• Operational Assurance:
  Establish and oversee security compliance mechanisms across the business, ensuring secure‑by‑default practices in architecture, deployment, and operations.
• Security Compliance & Testing:
  Lead ongoing compliance assessments and internal audits and provide reporting at client and business unit levels.
• Client‑Facing Advisory:
  Act as a subject‑matter expert and advisor on security and risk management, supporting pre‑sales engagements, Monthly Service Reviews (MSRs), and Quarterly Business Reviews (QBRs).
• Cross‑Functional Engagement:
  Partner with Architecture, Dev Ops, SAP, and AI teams to ensure that security is built‑in, not bolted on.
• Security Awareness & Culture:
  Promote a strong security culture through internal guidance, awareness campaigns, and training.
• Continuous Learning and Development:
  Stay updated on the latest cloud security trends, technologies, and regulatory changes. Participate in ongoing professional development and certification.
• Promote automation:
  Work with our Security Engineers to ensure that our controls are applied and governed through automated means wherever possible.

• No direct line management, but strong influence across Architecture, Product, Operations, and Customer Success teams.
• May lead virtual security working groups and mentor staff in security‑related responsibilities

• Security Governance & Frameworks:
  Deep knowledge of ISO 27001, NIST, CIS, CSA CCM, SOC2 and secure development lifecycle principles.
• Cloud Security:
  Strong understanding of cloud‑native security across AWS, Azure, and GCP.
• SAP & AI Security:
  Awareness of security requirements for SAP on Cloud and modern AI/ML platforms.
• Data Security & Governance:
  Experience with data classification models, data loss prevention (DLP), encryption, and compliance frameworks (e.g., GDPR, HIPAA, CCPA).
• Risk & Compliance:
  Ability to lead risk assessments, develop mitigation strategies, and map controls to compliance standards.
• Communication & Influence:
  Strong skills in translating technical controls into business language and influencing at all organisational levels.
• Documentation & Reporting:
  Skilled in producing comprehensive policy documents, compliance reports, and security dashboards.

• Designing, implementing and evolving comprehensive security frameworks (e.g., LSF)

• Knowledge of AWS, Azure, GCP security capabilities and governance

• Ability to manage data classification, protection, retention, and privacy

• Deep expertise in managing IAM policies, roles, and access controls

• Ability to assess, report and drive remediation of risks across cloud and operations