Job Title

Information Security Manager£70,000 - £75,000 PACentral LondonA well-established construction engineering business is seeking an experienced Information Security Manager to join them on a permanent basis. You’ll be joining at a critical time as the organisation expands its technical capability, with ambitious growth plans and multiple acquisitions planned over the coming years.The Information Security Manager will play a pivotal role in both the technical cyber security environment and the wider information security and data governance framework for the business. This includes ownership of the entire data lifecycle, from ingestion to delivery, ensuring accuracy, security, compliance and enabling confident, data-driven decision-making.This role is responsible for ensuring robust cyber security controls, with a strong emphasis on ISO 27001 readiness and accreditation. You will liaise with assessors and internal teams, drive ISO-related strategies and ensure certification plans stay on track. In addition, you will develop and implement the company’s data governance strategy, ensure GDPR compliance and define policies and procedures for data quality, access and usage.Responsibilities:Oversee the development and maintenance of the Information Security Management System (ISMS)Own and maintain all security-related and data governance policies, implementing Security by DesignOversee the full data lifecycle, ensuring integrity, quality and compliance from source to end clientEnsure compliance with GDPR, NIS2 and other data protection regulationsDefine and enforce scalable and secure data and analytics architectureCollaborate across IT, Operations, Marketing and Compliance to integrate and secure data sourcesConduct risk assessments, threat modelling and recommend actionable improvementsWork with data custodians to ensure information assets are stored correctly and in compliance with standardsProcess Data Subject Access Requests (DSARs) and supplier assurance questionnaires (SAQs/PQQs)Manage relationships with third-party suppliers for audits, forensic analysis, penetration testing and compliance checksDeliver data security and cyber awareness training across the businessRequirements:Experience with ISO 27001 (implementation, maintenance and accreditation) is essentialStrong technical background in cyber security, data governance and related technologiesProven track record in designing and implementing governance frameworks and policiesExperience with GDPR compliance, data protection and regulatory standardsKnowledge of Microsoft Purview, VARONIS (or similar tools), advanced Excel, Power BI and master data managementFamiliarity with security assessment frameworks (threat modelling, controls assessment, risk assessment)Relevant qualifications such as CISSP, CISM, CDMP, CDGP, or CIPP/E are highly advantageousBased in Central London, with 4 days per week onsite initially, dropping to 3 once probation is passed.