TwinStream is looking for a hands-on Information Security Manager to own our governance, risk, and compliance (GRC) programme. This mid-to-senior role involves managing our Information Security Management System (ISMS), ensuring policy adherence, and promoting a positive security culture across the business.
What You'll Do
- Manage information security incidents and security risks across the organisation.
- Own and maintain the Information Security Management System (ISMS), including creating and updating policies, procedures, and guidance.
- Ensure adherence to information security policies and standards.
- Drive a programme of continuous information security improvement.
- Embed and promote a positive security culture across the business.
- Ensure compliance with relevant certifications and regulatory requirements, including ISO 27001, Cyber Essentials Plus, UK GDPR/Data Protection Act, and MOD CSM v3 and v4.
- Plan and coordinate security audits (internal, external, customer, and penetration testing), managing evidence collection and tracking findings through to resolution.
- Provide information security expertise to projects, services, and business initiatives, including developing or contributing to Security Management Plans.
- Design and deliver information security training and awareness activities.
- Contribute to Business Continuity, Disaster Recovery, and internal audit activities.
- Act as the primary point of contact for information security across TwinStream.
What We're Looking For
- Proven experience in an Information Security Manager or similar role, including security incident management, risk management, security governance, and providing practical information security guidance.
- Experience embedding information security into the design, development, and delivery of software-based solutions, including secure development practices, cloud services, and integrated platforms.
- Strong understanding of recognised information security frameworks and certifications, particularly ISO 27001 and Cyber Essentials Plus.
- Good knowledge of relevant UK legislation and regulatory requirements.
- Comfortable working remotely (within the UK) in a flexible, fast-paced environment.
- Strong organisational skills with the ability to manage priorities effectively.
- Excellent written and verbal communication skills, with the ability to tailor messaging for different audiences.
- Ability and willingness to undergo UK Security Clearance (minimum SC level).
Nice to Have
- Relevant professional certifications such as CISSP (highly desirable), CISM, or ISO 27001 Lead Implementer/Auditor.
- Experience in information security roles within the UK defence sector, national security sector, or other highly regulated industries.
- Existing UK Security Clearance (SC).
- Familiarity with MOD security frameworks, including CSM v3 and v4, IPSA, and FSC.
- Experience using the Atlassian suite, particularly Jira.
- Demonstrated experience in managing security incidents and leading incident response teams.
- Ability to present and be the focal point for security matters across the business.
- Experience in supporting the security controller role in various security frameworks.
- Understanding of insider threat operational and governance requirements, and experience in applying them.
Team & Environment
You will work independently, owning day-to-day information security activities without line management responsibilities.
Benefits & Compensation
- Compensation: £70,000 to £80,000
- Pension Plan with 8% employer contribution.
- Private Medical Healthcare including dental and optical care for you and your family.
- Learning and Development autonomy.
- Flexible Working culture.
- Electric Vehicle Scheme via salary sacrifice.
- 28 days annual leave plus bank holidays.
- Team Events including quarterly meetings, Christmas and summer parties.
- Life assurance.
- Cycle-to-work scheme.
Work Mode
This is a fully remote role open to candidates based within the UK.
At TwinStream, we celebrate diversity and are committed to fostering an inclusive environment where all individuals are valued and respected.
