This range is provided by Context Recruitment. Your actual pay will be based on your skills and experience — talk with your recruiter to learn more.

Base pay range

Information Security Manager

Central London

A well-established construction engineering business is seeking an experienced Information Security Manager to join them on a permanent basis. You’ll be joining at a critical time as the organisation expands its technical capability, with ambitious growth plans and multiple acquisitions planned over the coming years.

The Information Security Manager will play a pivotal role in both the technical cyber security environment and the wider information security and data governance framework for the business. This includes ownership of the entire data lifecycle, from ingestion to delivery, ensuring accuracy, security, compliance and enabling confident, data-driven decision-making.

This role is responsible for ensuring robust cyber security controls, with a strong emphasis on ISO 27001 readiness and accreditation. You will liaise with assessors and internal teams, drive ISO-related strategies and ensure certification plans stay on track. In addition, you will develop and implement the company’s data governance strategy, ensure GDPR compliance and define policies and procedures for data quality, access and usage.

Responsibilities:

• Oversee the development and maintenance of the Information Security Management System (ISMS)
• Own and maintain all security-related and data governance policies, implementing Security by Design
• Oversee the full data lifecycle, ensuring integrity, quality and compliance from source to end client
• Ensure compliance with GDPR, NIS2 and other data protection regulations
• Define and enforce scalable and secure data and analytics architecture
• Collaborate across IT, Operations, Marketing and Compliance to integrate and secure data sources
• Conduct risk assessments, threat modelling and recommend actionable improvements
• Work with data custodians to ensure information assets are stored correctly and in compliance with standards
• Process Data Subject Access Requests (DSARs) and supplier assurance questionnaires (SAQs/PQQs)
• Manage relationships with third-party suppliers for audits, forensic analysis, penetration testing and compliance checks
• Deliver data security and cyber awareness training across the business

Requirements:

• Experience with ISO 27001 (implementation, maintenance and accreditation) is essential
• Strong technical background in cyber security, data governance and related technologies
• Proven track record in designing and implementing governance frameworks and policies
• Experience with GDPR compliance, data protection and regulatory standards
• Knowledge of Microsoft Purview, VARONIS (or similar tools), advanced Excel, Power BI and master data management
• Familiarity with security assessment frameworks (threat modelling, controls assessment, risk assessment)
• Relevant qualifications such as CISSP, CISM, CDMP, CDGP, or CIPP/E are highly advantageous

Based in Central London, with 4 days per week onsite initially, dropping to 3 once probation is passed.

Seniority level

Mid-Senior level

Employment type

Full-time

Job function

Information Technology

Industries

Construction, Civil Engineering, and Engineering Services