Overview

The Information Security Manager / Cyber Security Business Partner (CSBP) plays a vital role in ensuring the alignment of cyber security initiatives with the strategic and operational goals of the organisation. This role serves as a key interface between business units and the cyber security function, delivering risk-based guidance, promoting a strong security culture, and enabling security innovation. You will have experience managing customer cyber assurance activities, supporting external audits (ISO 27001, Cyber Essentials Plus), and maintaining regulatory compliance, particularly with FCA cyber-related controls. Proficiency in cloud security controls and translating cyber risk into business context are essential. This role does not manage a team.

Key Accountabilities

• Cyber Security Partnership & Advisory: Act as the security point of contact for UK business units, aligning cyber security goals with business priorities; provide guidance on secure-by-design principles during project planning, procurement, and solution development; build strong relationships across technical and non-technical stakeholders; ensure continuous improvement of the business information security posture through proactive security measures, monitoring, and reporting.
• Customer Cyber Assurance & Regulatory Compliance: Lead and manage customer cyber security assurance activities, including due diligence and technical assurance engagements; support development and maintenance of materials evidencing cyber maturity and compliance; liaise with internal audit and risk to align controls with FCA expectations and industry standards.
• External Audit & Certification Support: Lead preparation and support for external audits (ISO 27001, Cyber Essentials / Cyber Essentials Plus, customer and regulatory assessments); collaborate to ensure audit readiness and improvements.
• Cloud Security & Technology Risk: Provide expertise on cloud security controls across AWS and Azure; ensure secure adoption of cloud-native services in line with CIS, NIST, OWASP.
• Risk Management & Governance: Identify and assess cyber risks within business processes and tech environments; support risk mitigation planning, tracking, and reporting.
• Awareness, Culture & Reporting: Contribute to cyber security awareness and education; promote shared accountability; produce and maintain reporting information as required.

Skills & Experience

Required

• 5+ years experience in a cyber security, risk, or assurance role with strong stakeholder-facing exposure.
• Demonstrable experience with customer cyber assurance activities.
• External audit preparation, including ISO 27001, Cyber Essentials Plus.
• Proficient in cloud security (AWS, Azure, or GCP) including security control implementation and risk assessment.
• Working knowledge of NIST, ISO 27001, FCA Handbook (SYSC), and relevant NCSC guidance.
• Excellent verbal and written communication skills with the ability to engage at all business levels.

Desirable

• Background in financial services or regulated industries.
• Experience in third-party/vendor risk assessment and assurance.
• Relevant Cyber Security or IT degree level education.
• ISO 27001 Lead Implementer / Auditor.
• CISSP, CISM, CRISC.
• AWS/Azure security certifications.

Notes

To be conducted as part of post offer employment checks: personal information may be shared with Cifas for fraud prevention and identity verification. Further information can be found in our privacy notice and GDPR compliance disclosures as provided by the employer. By applying, you consent to processing of your personal data in accordance with UK GDPR and the Data Protection Act 2018.