Overview

Information Security Manager / Cyber Security Business Partner (CSBP) plays a vital role in aligning cyber security initiatives with the organisation's strategic and operational goals. This role serves as a key interface between business units and the cyber security function, delivering risk-based guidance, promoting a strong security culture, and enabling security innovation. This role does not manage a team.

Key Accountabilities

• Cyber Security Partnership & Advisory: Act as the security point of contact for UK business units, align cyber security goals with business priorities, provide guidance on secure-by-design principles during project planning, procurement, and solution development, build relationships across technical and non-technical stakeholders to promote security best practices, and continuously improve the information security posture through proactive measures, monitoring, and reporting.

• Customer Cyber Assurance & Regulatory Compliance: Lead and manage customer cyber security assurance activities, including due diligence and technical assurance engagements; support the development and maintenance of materials evidencing the organisation’s cyber maturity and compliance posture; liaise with internal audit and risk functions to ensure cyber and information security controls align with FCA expectations and industry standards.

• External Audit & Certification Support: Lead preparation and support for external audits (ISO 27001, Cyber Essentials, Cyber Essentials Plus, customer and regulatory assessments); collaborate with compliance, risk, and IT teams to ensure audit readiness and implement improvements.

• Cloud Security & Technology Risk: Provide expertise on cloud security controls (identity and access management, encryption, logging, secure configuration) across AWS and Azure; ensure secure adoption of cloud-native services in line with recognised frameworks (CIS Benchmarks, NIST, OWASP).

• Risk Management & Governance: Identify and assess cyber risks within business processes and technology environments; support risk mitigation planning, tracking, and reporting in line with enterprise risk frameworks.

• Awareness, Culture & Reporting: Contribute to cyber security awareness and education initiatives; promote a culture of shared accountability for security and resilience; produce and maintain reporting information as required.

Skills & Experience

Required:

• 5+ years’ experience in a cyber security, risk, or assurance role with strong stakeholder-facing exposure
• Demonstrable experience with customer cyber assurance activities
• External audit preparation, including ISO 27001, Cyber Essentials Plus
• Proficient in cloud security (AWS, Azure, or GCP), including security control implementation and risk assessment
• Working knowledge of NIST, ISO 27001, FCA Handbook (SYSC), and relevant NCSC guidance
• Excellent verbal and written communication skills, with the ability to engage effectively at all business levels

Desirable:

• Background in financial services or regulated industries
• Experience in third-party/vendor risk assessment and assurance
• Relevant cyber security or IT degree level education
• ISO 27001 Lead Implementer / Auditor
• CISSP, CISM, CRISC
• AWS/Azure security certifications

Additional Information

To be conducted as part of post-offer employment checks: personal data may be shared with external bodies as part of fraud prevention and identity verification. By applying, you consent to processing of your recruitment data in accordance with applicable data protection laws and the employer privacy notice.

Job Details

Seniority level: Not Applicable

Employment type: Full-time

Job function: Information Technology

Industries: Information Services, Financial Services, IT Services and IT Consulting