Information Security Officer

Job Description

The Information Security Manager is responsible for establishing, implementing, and maintaining the organisation’s information security framework. This role ensures the confidentiality, integrity, and availability of company and client data by managing security policies, risk assessments, compliance requirements, and incident response activities.

The role requires close collaboration with engineering, architecture, and delivery teams to ensure security is embedded into system design, development and deployment of mission-critical systems, particularly for large-scale public sector, revenue, identity, and data-driven platforms.

Responsibilities

• Develop, implement, and maintain information security policies, procedures, and standards in line with industry best practices (e.g., ISO 27001, NIST).
• Identify, assess, and manage information security risks across systems, applications, and infrastructure.
• Monitor security controls and conduct regular vulnerability assessments and audits.
• Act as the primary security contact for regulators, auditors, and client security reviews and ensure compliance with relevant and contractual requirements (e.g., ISO 27001, client security requirements).
• Support and continuously improve incident response, breach management, and post-incident review processes, including executive reporting and client communication.
• Improve and test business continuity and disaster recovery strategies for critical systems.
• Ensure resilience, monitoring, logging, and alerting are appropriately implemented for high-availability platforms.
• Collaborate with Technology, Admin, HR, DPO and business teams to embed security-by-design principles.
• Review and provide recommendations on system architectures to ensure secure design across applications, APIs, infrastructure, and data flows.
• Support the implementation of secure development lifecycle (SDLC) practices across engineering teams.
• Provide security guidance for cloud, on-premise, and hybrid deployments.
• Oversee user access management, data protection controls, and secure handling of sensitive information.
• Conduct and support security risk assessments and threat modelling for platforms and client engagements.
• Support proposal writing and technical responses where security posture is a key evaluation criterion.
• Conduct security awareness training for employees and promote a strong security culture.
• Manage third-party and vendor security assessments.
• Prepare security reports, risk registers, and metrics for management review.
• Support internal and external audits related to information security.