ISMS & Data Protection Manager

Overview

We are currently representing a growing international technology organisation that provides digital solutions and data-driven services to clients across multiple global markets. The company operates within a highly regulated environment and places a strong emphasis on information security, data protection, and regulatory compliance.

Due to continued growth, they are looking to appoint an ISMS & Data Protection Manager to maintain and evolve their established Information Security Management System (ISMS), ensuring continued compliance with ISO 27001:2022 and Cyber Essentials standards while protecting the confidentiality, integrity, and availability of business and customer data.

This is an excellent opportunity for an experienced information security professional to play a key role in strengthening security governance and shaping the future security strategy of a globally operating organisation.

• ISMS Governance & Maintenance
  Maintain and continuously improve the organisation's ISO 27001:2022 certified ISMS across all operational regions.
• Cyber Essentials
  Manage Cyber Essentials and Cyber Essentials Plus certification and renewal processes.
• Audit Coordination
  Coordinate ISO 27001 surveillance audits and recertification cycles.
• Policy & Documentation
  Review and maintain information security policies, procedures, and control documentation.
• CAPA
  Manage corrective and preventive action (CAPA) processes arising from audits and assessments.
• Internal Audits
  Coordinate and conduct internal audit programmes to ensure control effectiveness.
• Liaison
  Act as the operational liaison between the ISMS function and the Legal team.
• Policy Collaboration
  Collaborate on the review and approval of information security and data protection policies.
• SoA & Risk
  Coordinate updates to the Statement of Applicability (SoA), risk treatment plans, and associated documentation.
• Data Protection
  Ensure ISMS controls support compliance with UK GDPR, GDPR, and relevant international data protection regulations.
• Regulatory Responses
  Support responses to security-related contractual requirements, regulatory enquiries, and incident response obligations.
• Risk & Compliance
  Conduct regular risk assessments and treatment activities in line with ISO 27001 requirements.
• Certification & Compliance
  Manage external certification audits and compliance assessments.
• Vendor Security
  Oversee third-party and vendor security due diligence and supplier risk management processes.
• Metrics
  Track and report on security metrics, KPIs, and control effectiveness to senior leadership.
• SoA & DPIAs
  Maintain the Statement of Applicability (SoA) and risk treatment plans. Support the completion and maintenance of Data Protection Impact Assessments (DPIAs).
• Security Operations
  Oversee vulnerability management programmes, including identification, prioritisation, and remediation.
• Incident Response
  Lead incident response planning, coordination, and post-incident review activities.
• Secure Architecture
  Work closely with IT teams to ensure secure systems architecture and operational practices.
• ISMS Maturity
  Drive ongoing ISMS maturity improvements based on audit outcomes and industry best practice.
• BCP/DR
  Coordinate business continuity and disaster recovery planning.
• Technology Evaluation
  Evaluate and recommend security tools and technologies to enhance the organisation's security posture.
• Awareness & Culture
  Design and deliver global security awareness and data protection training programmes. Develop role-based security training tailored to different business functions. Promote a security-first culture through communication, engagement, and education initiatives. Monitor training completion rates and programme effectiveness.
• Strategy & Improvement
  Stay current with emerging security threats, technologies, and regulatory changes. Monitor updates to ISO 27001, Cyber Essentials, and relevant compliance frameworks. Identify opportunities to strengthen the organisation's security posture. Support security-related initiatives and projects across the business. Evaluate and develop the business case for additional security and privacy certifications where appropriate.

• 4-5+ years' experience managing or maintaining an ISMS framework, ideally within a technology or SaaS environment.
• Proven experience managing ISO 27001 surveillance audits and recertification cycles.
• Hands-on experience with Cyber Essentials or Cyber Essentials Plus certification processes.
• Experience conducting risk assessments, internal audits, and compliance gap analysis.
• Knowledge of vulnerability management and incident response processes.
• Experience working with multi-regional regulatory or compliance frameworks.

• Salary of £65,000
• Opportunity to shape and develop the information security framework of a growing global organisation
• Collaborative and forward-thinking working environment
• Flexible / remote working
• Competitive benefits package