Information Security Manager (Cyber Security Business Partner)The Information Security Manager / Cyber Security Business Partner (CSBP) plays a vital role in ensuring the alignment of cyber security initiatives with the strategic and operational goals of the organisation. This role serves as a key interface between business units and the cyber security function, delivering risk-based guidance, promoting a strong security culture, and enabling security innovation. You will have experience managing customer cyber assurance activities, supporting external audits (e.g., ISO 27001, Cyber Essentials Plus), and maintaining regulatory compliance, particularly with Financial Conduct Authority (FCA) cyber-related controls. Proficiency in cloud security controls and an ability to translate cyber risk into business context are essential. This role does not manage a team.

Key Accountabilities

Cyber Security Partnership and Advisory: Act as the security point of contact for UK business units, aligning cyber security goals with business priorities

Provide guidance on secure-by-design principles during project planning, procurement, and solution development

Build strong relationships across technical and non-technical stakeholders to promote security best practices

Ensure that the business’ information security posture is continuously improved through proactive security measures, monitoring, and reporting

Customer Cyber Assurance and Regulatory Compliance: Lead and manage customer cyber security assurance activities, including due diligence and technical assurance engagements

Support the development and maintenance of materials that evidence the organisation’s cyber maturity and compliance posture

Liaise with internal audit and risk functions to ensure cyber and information security controls align with FCA expectations and industry standards

External Audit and Certification Support: Lead preparation and support for external audits, including ISO 27001, Cyber Essentials and Cyber Essentials Plus, customer and regulatory assessments; collaborate with compliance, risk, and IT teams to ensure audit readiness and implement improvements

Cloud Security and Technology Risk: Provide expertise on cloud security controls (identity and access management, encryption, logging, secure configuration) across AWS and Azure; ensure secure adoption of cloud-native services in accordance with recognised frameworks (e.g., CIS Benchmarks, NIST, OWASP)

Risk Management and Governance: Identify and assess cyber risks within business processes and technology environments; support risk mitigation planning, tracking, and reporting in line with enterprise risk frameworks

Awareness, Culture and Reporting: Contribute to cyber security awareness and education initiatives; promote a culture of shared accountability for security and resilience; produce and maintain reporting information as required

Skills and ExperienceRequired

5+ years’ experience in a cyber security, risk, or assurance role, with strong stakeholder-facing exposure

Demonstrable experience with customer cyber assurance activities

External audit preparation, including ISO 27001, Cyber Essentials Plus

Proficient in cloud security (AWS, Azure, or GCP), including security control implementation and risk assessment

Working knowledge of NIST, ISO 27001, FCA Handbook (SYSC), and relevant NCSC guidance

Excellent verbal and written communication skills, with the ability to engage effectively at all business levels

Desirable

Background in financial services or regulated industries

Experience in third-party/vendor risk assessment and assurance

Relevant Cyber Security or IT degree level education

ISO 27001 Lead Implementer / Auditor

CISSP, CISM, CRISC

AWS/Azure security certifications

Notes: To be conducted as part of post offer employment checks. The personal information we have collected from you will be shared with Cifas to prevent fraud and other improper conduct. Further details on how your information will be used can be found at the privacy notice. By applying for this role, you consent to us processing your personal data in accordance with UK GDPR and the Data Protection Act 2018.

#J-18808-Ljbffr