Information Security Manager

Information Security Manager (3 days/week, permanent pro-rata)

Location: Leeds-hybrid (on-site 1-2 day/week, typically Mon/Tue)

Reports to: VP, Information Security

Team: 5 in security (within a wider UK tech org of 25, multi-region)

We're looking for a hands-on InfoSec Manager to take pressure off the VP, shape the control environment, and keep the security operations and compliance moving at speed. You'll blend GRC and technical oversight, working closely with two security engineers (vuln scanning/IDS, external pen-test liaison) and two GRC specialists.

What you'll do

• Drive and extend ISO 27001 implementation/maintenance (UK certified; expanding to Madrid and Manila).
• Support SOC 2 Type 2 maintenance (already accredited)-expert level not required.
• Oversee SIEM operations with the tech team: ensure log ingestion/coverage, daily monitoring, and follow-up.
• Guide vulnerability management, alert triage (Alert Logic), and external pen-test cycles.
• Keep evidence flows tight: client questionnaires, audit responses, security awareness, and user access reviews.

About you

• Strong GRC grounding plus solid technical understanding (AWS-heavy environment).
• Comfortable being hands-on where needed; people management nice-to-have, not essential.
• ISO 27001 (implementation/assurance) experience; SOC 2 exposure helpful.
• SIEM familiarity and the ability to work with engineers on coverage, tuning, and use-cases.
• Stakeholder-savvy; calm under pressure; excellent written/verbal comms.

Benefits (pro-rata)

• Bonus / Health cover / Pension
• Hours: 9-5; hybrid with 1-2 day/week in Leeds