Information Security Manager

Information Security Manager

Location: Central Bristol
Job Type: Full-time, Hybrid (2 days per week in-office)
Salary: 60,000 - 70,000 + Benefits

We are recruiting an Information Security Manager to lead the operational and strategic security programme for a respected organisation headquartered in central Bristol. This hybrid role offers the opportunity to shape the company's approach to information risk and resilience, while managing a skilled internal team and driving alignment with industry standards and best practice.

Reporting to the Head of Security & Governance, the successful candidate will play a central role in delivering risk reduction across the business. You'll be responsible for maintaining ISO27001 compliance, overseeing risk assessment and mitigation, and supporting incident management across multi-entity operations.

• Lead and manage a team of three security professionals, supporting their development and day-to-day delivery.
• Ensure ongoing ISO27001 accreditation and alignment with broader assurance frameworks (e.g. NIST CSF, Cyber Essentials).
• Shape and implement the company's information security strategy, including policy, tooling, and training.
• Conduct risk assessments, oversee remediation plans, and guide secure-by-design approaches across projects.
• Provide technical leadership in areas including threat intelligence, compliance reporting, and incident response.
• Support regulatory and internal audits, contributing clear documentation and continuous improvement.
• Collaborate with internal teams and external partners, including service providers and the organisation's parent company.

• Demonstrable experience in information security leadership, including line management or team leadership.
• In-depth knowledge of ISO27001, GDPR, FCA SYSC, PCI DSS and other regulatory/compliance frameworks.
• Hands-on experience with security technologies: SIEM, IAM, vulnerability assessment, endpoint protection, cloud services (AWS, SaaS, IaaS).
• Strong communication skills and stakeholder management abilities.
• Experience in incident response and enterprise risk reporting.
• Professional certifications such as CISSP or ISO27001 Lead Implementer/Auditor (desirable).

• Hybrid working (2 days per week in-office)
• Generous annual leave & pension contributions
• Life assurance and private health options
• Training budget and career development support
• Collaborative, supportive team culture

If you're ready to lead a team, shape an enterprise-wide security programme, and work at the heart of a well-established organisation, we'd love to hear from you.

Apply today - successful applicants will be contacted within 24-48 working hours.