Information Security Manager

Birmingham, Solihull (Hybrid)

Full time

Competitive Salary + Aligned company benefits

Overview

About us

At Serco, we unite the right people, technology, and partners to solve some of the world's most pressing and complex challenges. From defence and space to healthcare, justice, transport and beyond, our UK operations deliver critical services across government sectors-driven by expertise in service design, programme management, engineering, and more.

About the role

As an Information Security Manager, you'll play a vital role in safeguarding data and ensuring compliance across one or more key contracts. Taking full operational ownership of information security management processes, you'll lead the delivery and maintenance of ISO27001 certification or alignment, and work closely with contract Data Protection Champions (DPCs) and senior leaders to uphold data protection legislation.

In addition to your technical responsibilities, you will act as a key business unit contact point, fostering strong working relationships across the wider organisation. You'll be a critical communication link between operational teams and the contract management function, so the ability to communicate effectively, confidently, and clearly with both technical and non-technical stakeholders is essential. We're looking for someone who is approachable, personable, and can positively represent the Information Security function across all levels of the business.

You'll also provide strategic direction and functional leadership to DPCs, helping embed a strong culture of security and compliance. In addition, you'll take the lead on managing and investigating any information security or data protection incidents within your contracts, ensuring risks are swiftly addressed and lessons learned.

Key Accountabilities

• Lead Information Security Operations across multiple sites, covering risk management, incident response, assurance activities, and the implementation of ISO27001 and Government security controls.
• Provide strategic guidance on data protection and GDPR/DPA 2018 compliance, offering functional leadership to Data Protection Champions and acting as a key advisor across contracts.
• Support secure project delivery, advising on technical and physical security requirements, assurance needs, and the application of relevant policies and best practices, including HMG standards.
• Coordinate and manage security forums and assurance activities, including penetration tests, documentation reviews, and stakeholder engagement to build trust and ensure ongoing compliance.
• Lead external audit and assurance engagements, supporting the scoping, interpretation, and response to IT Security Health Checks and implementing remedial actions where necessary.
• Maintain and review security frameworks, conducting gap analyses, developing action plans, and ensuring alignment with ISO27001 and organisational policies.
• Promote a culture of security and compliance, managing security incidents, maintaining accurate documentation, and driving awareness of information security and data protection responsibilities.

Skills & Experience

• Proven expertise as an ISO27001 Lead Implementer and/or Lead Auditor, with hands-on experience maintaining certification and conducting internal audits.
• Strong knowledge of data protection legislation (GDPR/DPA 2018) and privacy frameworks, ideally supported by relevant certifications (e.g. CIPP/E, CIPM).
• In-depth risk management experience, including identifying, assessing, and mitigating information security risks across complex environments.
• Demonstrated ability to lead incident response activities, including investigation, containment, and implementing preventative measures.
• Skilled in delivering security assurance through engagement with external audit providers, coordinating pen-tests, and interpreting test results.
• Ability to translate security and data protection requirements into practical advice for projects, ensuring alignment with HMG policy, business needs, and technical constraints.

Why Serco

Serco's purpose is to impact a better future - we bring together the right people, the right technology, and the right partners to create innovative solutions that deliver positive impact and address some of the most urgent and complex challenges facing governments globally. Our services are powered by more than 50,000 colleagues working across multiple sectors including defence, space, migration, justice, healthcare, transport, and customer services in four regions: UK & Europe, North America, Asia Pacific, and the Middle East.

In this position, your work is vital to the business, in terms of decisions and growth. You will gain a world of opportunity working for a globally operating business delivering essential services across 5 vital sectors, personal growth, achievement, and development won't be hard to find. You'll also work with great people. You'll find yourself working in a highly motivated, supportive environment where no two days are the same, with experienced colleagues who strive for excellence.

What we offer

• 25 days annual leave plus bank holidays.
• Annual leave purchase scheme.
• Up to 6% contributory pension scheme
• Flexible working options.
• Free onsite parking.
• Serco discounts which include cinema, merlin entertainment and online shopping discounts, and discounts on mobile phone plans and leisure centre memberships.
• A range of benefits to support the health and wellbeing of you and your family such as Employee Assistance Programme, Health Cash Plans, free flu jabs and more.
• A wealth of career development training to suit your future aspirations. These range from role specific training, leadership coaching, formal study and much more to support you to build your career with Serco.
• A safe and supportive culture.
• A company passionate about diversity and inclusion