Information Security Manager (ISM) – United Kingdom of Great Britain and Northern Ireland 7 views

Title: Information Security Manager (ISM)

Location: Remote, with a requirement to work from our modern Haywards Heath office approximately once per month

Contract: Permanent

Salary: Salary: £45,405 to £53,418 depending on experience, with scope for discussion at interview

About the role

In this role, you will lead Sightsavers’ information security function, ensuring our systems, services and data are protected from evolving cyber threats. You will drive the development and delivery of our information security strategy, working closely with teams across the organisation to strengthen controls and embed secure ways of working. This will include overseeing key areas such as vulnerability management, patching and compliance activities, as well as identifying and assessing risks and supporting colleagues to put effective, practical safeguards in place. Acting as the organisation’s subject matter expert, you will play a central role in managing audits, supporting incident response and ensuring we meet key security standards, while continuously improving our overall security approach.

Responsibilities

• Lead the development and delivery of Sightsavers information security strategy, ensuring it aligns with organisational priorities
• Oversee key security controls, including patching, vulnerability management and change control processes
• Identify and assess information security risks across the organisation, supporting teams to implement practical solutions
• Provide expert advice and guidance on information security controls to protect systems, services and data
• Act as the organisation’s subject matter expert for audits, reviews and security assurance activities
• Maintain compliance with key standards and certifications, including Cyber Essentials and PCI-DSS
• Lead or support the investigation of security incidents, ensuring lessons learned are captured and acted upon
• Provide guidance on information governance, including data access, classification and retention practices
• Monitor emerging cyber threats, trends and regulatory requirements, recommending improvements where needed
• Promote awareness of information security across the organisation, encouraging good practice and secure behaviours
• Build strong relationships with internal teams, suppliers and external partners to embed security into day-to-day operations
• Support continuous improvement of security processes, ensuring controls remain effective and fit for purpose

This is a highly varied and involved role and the above is not an exhaustive list of duties or required professional skills. Please see the Job Description for full details.

Jobholder Requirements

Essential:

• Strong experience working in information security, cyber risk or security governance within a complex organisation
• A recognised professional certification such as CISSP, CISM or ISO 27001 (or equivalent experience)
• Solid understanding of security standards and compliance frameworks, including PCI-DSS
• Experience applying security principles in a practical, real-world environment
• Confident working with both technical and non-technical stakeholders
• Strong communication skills, with the ability to translate complex information into clear, practical guidance
• Highly organised, with strong attention to detail and the ability to manage competing priorities
• Experience working within an outsourced or multi-supplier environment

Desirable:

• Good technical understanding of IT infrastructure and security technologies
• Ability to explain technical risks and concepts to a range of audiences across the organisation
• Experience supporting audits, compliance frameworks or certification processes
• An interest in staying up to date with emerging threats, trends and best practice in information security