We are recruiting an Information Security Manager who will be a key member of the Healix Risk Department. You will be working across Healix International Group to manage all areas of data & information security compliance including the oversight and management of the firm's control framework relating to these speciality areas.

As the Information Security Manager you will design, implement & maintain the Information Security Management System (ISMS) in accordance with ISO27001, Cyber Essential Plus & SOC2 and other relevant standards. In a travel risk management environment this role is critical for safeguarding sensitive traveller data, real-time location tracking and operational systems that support crisis response and duty of care obligations for clients worldwide.

In addition you will support the firm's governance, RFP requests, addressing areas of risk and supporting plans to address these risks including the compilation of business continuity plans (BCP). You will work very closely with colleagues in IT to enhance the technology & control frameworks regarding information security compliance & cyber threat security.

Key Responsibilities:

• Lead the development, implementation, and continuous improvement of our Information Security Management System (ISMS) in line with ISO 27001 and other regulatory standards.
• Assess security posture, identify vulnerabilities, and develop mitigation strategies to manage enterprise-wide information security risks.
• Maintain and enhance the organisation's risk register and heat map, ensuring risks are scored, tracked, and treated effectively.
• Oversee the implementation and management of security systems including firewalls, encryption, and data protection controls.
• Investigate and respond to security incidents, policy breaches, and regulatory findings.
• Collaborate with internal teams to close audit actions and ensure documentation meets compliance standards.
• Engage external experts when necessary and monitor the effectiveness of their services.

Policy & Training:

• Develop and maintain global information security and cyber policies.
• Deliver engaging training and awareness programmes to foster a strong security culture.
• Promote a positive risk and compliance mindset across the organisation.
• Ensure lessons from audits, incidents, and inspections are embedded into practice.

Incident & Breach Management:

• Lead the response to cyber and information security incidents, including investigation, containment, and escalation.
• Maintain and test business continuity and disaster recovery plans.
• Coordinate incident response efforts across IT, operations, and client-facing teams.

Risk & Control Management:

• Identify and manage risks related to mobile travel apps, tracking systems, and third-party data processors.
• Develop risk treatment plans and support the implementation of appropriate controls.
• Work closely with Governance and Data Protection teams to ensure alignment.

Vendor & System Assurance:

• Conduct third-party security assessments and manage security clauses in supplier contracts and SLAs.
• Oversee penetration testing and vulnerability scanning of core systems, including client portals and emergency response platforms.

People Management:

• Lead and mentor a team of Analysts, ensuring high-quality output and continuous development.
• Create and support individual training and development plans.

Requirements:

• Professional certifications such as CISM, CISSP, or ISO 27001 Lead Implementer/Auditor (or equivalent).
• Hands-on experience with ISO 27001:2022, Cyber Essentials Plus, and enterprise risk management.
• Strong background in information security governance, compliance, and risk assessment.
• Experience in travel risk, security, or medical assistance sectors is a plus.
• Excellent communication skills - both written and verbal - with the ability to influence and educate.
• A proactive, solution-focused approach with strong problem-solving skills.
• High attention to detail and a customer-centric mindset.
• Comfortable working in a fast-paced, dynamic environment.
• Committed to continuous personal and professional development.

Healix is an equal opportunities employer and welcomes applications from all qualified candidates. We are committed to helping our people build and develop successful careers.