Roletitle: Information Security Manager

Reportsto: Head of Operational Resilience

Location: Hub Location

Hoursofwork: Full time, with 3 days per week in the office

SMCR Function: Conduct

Purpose of role

Information Security Manager you will define and drive the information security strategy across our financial services business. You will lead a growing team of security professionals to safeguard customer data, ensure compliance with regulatory frameworks, and build a culture of security awareness throughout the organisation. Your strategic vision and hands-on expertise will protect critical systems and support business growth.

Key Responsibilities

• Develop and maintain the enterprise information security strategy aligned with business goals

• Lead the implementation and oversight of a 3rd party managed Security Operations Centre (SOC) ensuring effective integration.

• Baseline and conduct regular reviews with an incoming 3rd party managed SOC and the security tools in the Cloud environment (Defender and Sentinel)
• Oversee security architecture, vulnerability management, incident response, and threat intelligence

• Lead security risk assessments and manage remediation plans for identified gaps

• Ensure compliance with financial regulations (e.g. GDPR, PCI DSS, SOX, FCA requirements)

• Establish and enforce security policies, standards, and procedures

• Report security posture, incidents, and key metrics to senior leadership and the board

• Drive security awareness and training programmes for all employees

• Manage relationships with external auditors, regulators, and security vendors

• Mentor, hire, and retain high-performing information security talent

Experience / Skills Required

• Managing security for cloud-first environments specifically Microsoft Azure

• Implementing Security Operations Centres (SOC) and automated security monitoring

• Collaborate with the third-party risk management and vendor security programmes

• Experience with DevSecOps practices and secure software development lifecycle (SDLC)

• Proven leadership experience in information security within financial services

• Deep understanding of regulatory and compliance requirements for banking and finance

• Strong track record of designing and implementing security frameworks (ISO 27001, NIST)

• Hands-on experience with SIEM, DLP, IAM, and endpoint security technologies, specifically Microsoft Defender XDR, Purview and Sentinel

• Excellent risk assessment and incident management skills

• Outstanding communication skills with the ability to influence stakeholders at all levels

• Strategic mindset with the capability to balance security controls and business agility

SM&CR Responsibilities

As an FCA regulated Company, Ascot Lloyd are required to adhere to the Senior Managers and Certification Regime (SM&CR), to develop a culture where employees take personal responsibility for their own actions.

Individual Conduct Rules

1. You must act with integrity
2. You must act with due care, skill and diligence
3. You must be open and co-operative with the FCA, PRA and other regulators
4. You must pay due regard to the interests of customers and treat them fairly
5. You must observe proper standards of market conduct
6. You must act to deliver good outcomes for clients