Information Security Manager

Job Description

A highly regarded professional services firm based in London is looking for an experienced Information Security Manager to take a central role in shaping its security agenda and protecting the firm’s information assets.

The opportunity

This is a genuinely influential position. Sitting within a busy Technology function and reporting to a senior member of the information security team, you’ll carry delegated authority across risk treatment, policy decisions and operational controls. You’ll advise senior leadership, present to key committees, and represent the firm externally with clients and at industry events. It’s a role with real scope to make a lasting impact.

What you’ll be doing

You’ll take ownership of the firm’s ISO 27001 ISMS — managing the risk register, driving audit and compliance activity, overseeing vendor risk, and keeping policies current. You’ll lead on client security assurance, support incident response and business continuity programmes, and deliver awareness initiatives across the business. AI risk governance features prominently too, with the firm keen to adopt new technologies responsibly. You’ll also manage and develop a small team.

What we’re looking for

You’ll need 3+ years in an information security management role within a legal or professional services environment, with a solid track record managing an ISMS end-to-end. A recognised professional qualification (CISM, CISSP or ISO 27001 Lead Implementer/Auditor) is required. Equally important is the ability to communicate clearly with senior stakeholders, build trusted relationships across the business, and translate complex technical matters into plain language.

Experience integrating security into the SDLC and budget management experience are useful but not essential.