We are currently representing a growing international technology organisation that provides digital solutions and data-driven services to clients across multiple global markets. The company operates within a highly regulated environment and places a strong emphasis on information security, data protection, and regulatory compliance.

Due to continued growth, they are looking to appoint an ISMS & Data Protection Manager to maintain and evolve their established Information Security Management System (ISMS), ensuring continued compliance with ISO 27001:2022 and Cyber Essentials standards while protecting the confidentiality, integrity, and availability of business and customer data.

This is an excellent opportunity for an experienced information security professional to play a key role in strengthening security governance and shaping the future security strategy of a globally operating organisation.

Role Overview

The ISMS & Data Protection Manager will be responsible for maintaining, maturing, and continuously improving the organisation's established Information Security Management System (ISMS).

The role will ensure ongoing compliance with ISO 27001:2022 and Cyber Essentials certifications, while supporting the protection of sensitive company and customer data across global operations.

In addition to maintaining existing certifications, the successful candidate will help evaluate and develop the business case for additional security and privacy certifications or attestations to support regulatory compliance, customer trust, and continued market growth.

You will manage surveillance and recertification audits, drive ISMS maturity improvements, oversee risk and vulnerability management processes, lead security awareness initiatives, and coordinate incident response activities to strengthen the organisation's security posture and minimise business risk.

Key Responsibilities:

ISMS Governance & Maintenance

Maintain and continuously improve the organisation's ISO 27001:2022 certified ISMS across all operational regions.

Manage Cyber Essentials and Cyber Essentials Plus certification and renewal processes.

Coordinate ISO 27001 surveillance audits and recertification cycles.

Review and maintain information security policies, procedures, and control documentation.

Manage corrective and preventive action (CAPA) processes arising from audits and assessments.

Coordinate and conduct internal audit programmes to ensure control effectiveness.

Legal, Regulatory & Policy Liaison

Act as the operational liaison between the ISMS function and the Legal team.

Collaborate on the review and approval of information security and data protection policies.

Coordinate updates to the Statement of Applicability (SoA), risk treatment plans, and associated documentation.

Ensure ISMS controls support compliance with UK GDPR, GDPR, and relevant international data protection regulations.

Support responses to security-related contractual requirements, regulatory enquiries, and incident response obligations.

Risk & Compliance Management

Conduct regular risk assessments and treatment activities in line with ISO 27001 requirements.

Manage external certification audits and compliance assessments.

Oversee third-party and vendor security due diligence and supplier risk management processes.

Track and report on security metrics, KPIs, and control effectiveness to senior leadership.

Maintain the Statement of Applicability (SoA) and risk treatment plans.

Support the completion and maintenance of Data Protection Impact Assessments (DPIAs).

Security Operations & Improvement

Oversee vulnerability management programmes, including identification, prioritisation, and remediation.

Lead incident response planning, coordination, and post-incident review activities.

Work closely with IT teams to ensure secure systems architecture and operational practices.

Drive ongoing ISMS maturity improvements based on audit outcomes and industry best practice.

Coordinate business continuity and disaster recovery planning.

Evaluate and recommend security tools and technologies to enhance the organisation's security posture.

Awareness, Training & Security Culture

Design and deliver global security awareness and data protection training programmes.

Develop role-based security training tailored to different business functions.

Promote a security-first culture through communication, engagement, and education initiatives.

Monitor training completion rates and programme effectiveness.

Continuous Improvement & Strategy

Stay current with emerging security threats, technologies, and regulatory changes.

Monitor updates to ISO 27001, Cyber Essentials, and relevant compliance frameworks.

Identify opportunities to strengthen the organisation's security posture.

Support security-related initiatives and projects across the business.

Evaluate and develop the business case for additional security and privacy certifications where appropriate.

Requirements:

4-5+ years' experience managing or maintaining an ISMS framework, ideally within a technology or SaaS environment.

Proven experience managing ISO 27001 surveillance audits and recertification cycles.

Hands-on experience with Cyber Essentials or Cyber Essentials Plus certification processes.

Experience conducting risk assessments, internal audits, and compliance gap analysis.

Knowledge of vulnerability management and incident response processes.

Experience working with multi-regional regulatory or compliance frameworks.

Benefits:

Salary of £65,000

Opportunity to shape and develop the information security framework of a growing global organisation

Collaborative and forward-thinking working environment

Flexible / remote working

Competitive benefits package