Information Security Manager (Cyber Security Business Partner)

Overview

Information Security Manager / Cyber Security Business Partner (CSBP) plays a vital role in aligning cyber security initiatives with the organisation''s strategic and operational goals. This role serves as a key interface between business units and the cyber security function, delivering risk-based guidance, promoting a strong security culture, and enabling security innovation. This role does not manage a team.Key Accountabilities

Cyber Security Partnership and Advisory: Act as the security point of contact for UK business units, align cyber security goals with business priorities, provide guidance on secure-by-design principles during project planning, procurement, and solution development, build relationships across technical and non-technical stakeholders to promote security best practices, and continuously improve the information security posture through proactive measures, monitoring, and reporting.Customer Cyber Assurance and Regulatory Compliance: Lead and manage customer cyber security assurance activities, including due diligence and technical assurance engagements; support the development and maintenance of materials evidencing the organisation’s cyber maturity and compliance posture; liaise with internal audit and risk functions to ensure cyber and information security controls align with FCA expectations and industry standards.External Audit and Certification Support: Lead preparation and support for external audits (ISO 27001, Cyber Essentials, Cyber Essentials Plus, customer and regulatory assessments); collaborate with compliance, risk, and IT teams to ensure audit readiness and implement improvements.Cloud Security and Technology Risk: Provide expertise on cloud security controls (identity and access management, encryption, logging, secure configuration) across AWS and Azure; ensure secure adoption of cloud-native services in line with recognised frameworks (CIS Benchmarks, NIST, OWASP).Risk Management and Governance: Identify and assess cyber risks within business processes and technology environments; support risk mitigation planning, tracking, and reporting in line with enterprise risk frameworks.Awareness, Culture and Reporting: Contribute to cyber security awareness and education initiatives; promote a culture of shared accountability for security and resilience; produce and maintain reporting information as required.Skills and Experience

Required:5+ years’ experience in a cyber security, risk, or assurance role with strong stakeholder-facing exposureDemonstrable experience with customer cyber assurance activitiesExternal audit preparation, including ISO 27001, Cyber Essentials PlusProficient in cloud security (AWS, Azure, or GCP), including security control implementation and risk assessmentWorking knowledge of NIST, ISO 27001, FCA Handbook (SYSC), and relevant NCSC guidanceExcellent verbal and written communication skills, with the ability to engage effectively at all business levelsDesirable:Background in financial services or regulated industriesExperience in third-party/vendor risk assessment and assuranceRelevant cyber security or IT degree level educationISO 27001 Lead Implementer / AuditorCISSP, CISM, CRISCAWS/Azure security certificationsAdditional Information

To be conducted as part of post-offer employment checks: personal data may be shared with external bodies as part of fraud prevention and identity verification. By applying, you consent to processing of your recruitment data in accordance with applicable data protection laws and the employer privacy notice.Job Details

Seniority level: Not ApplicableEmployment type: Full-timeJob function: Information TechnologyIndustries: Information Services, Financial Services, IT Services and IT ..... full job details .....