Role Description We are hiring for an Information Security Manager to manage our internal IT function reporting to the CFO, or such other person as the Company may appoint from time to time. Security Strategy & Compliance - Set up and drive the overall information security strategy. - Own the ISMS standards and their adoption, ensuring compliance with company and external requirements including SOC 2 and ISO 27001. - Organise and manage ISMS-related scheduled activities and drive continuous improvement of the ISMS. - Contribute to security architecture and design decisions. - Oversee security tooling such as EDR, SIEM, MFA, password managers, device management, and access review processes. Incident & Escalation Management - Act as the primary escalation point, during and outside business hours, for all major security-related incidents and events. - Coordinate and manage corrective actions and responses to security incidents. Governance, Risk & Audit - Own security documentation, including policies, standards, exceptions, risk registers, and control evidence. - Oversee the internal risk-assessment and audit programme, supporting internal and external audits, remediating findings, and tracking control improvements to closure. - Support vendor and supplier risk management, including due diligence, sub-processor oversight, and security assessments. - Own the access control process, validate and audit access across divisions and functions. - Provide management reporting on risk posture, incidents, audit status, metrics, service trends, and improvement plans. - Work with engineering, DevOps, HR, and customer-facing teams to embed controls into everyday processes. - Drive ongoing security governance improvements. Data Privacy - Address data privacy and data protection concerns, and manage responses to customer data privacy requests. - Act as Data Protection Officer (DPO) for the organisation if and as required. Policy, Awareness & Customer Assurance - Help enforce security policies, building adoption, embedding them in the company culture, and introducing regular checks on departmental compliance. - Own and deliver security awareness training and campaigns to strengthen the security culture. - Complete security-related sections of RFPs and customer questionnaires, build and maintain a security knowledge base, and provide assurance of the integrity, confidentiality, and availability of information owned, controlled, and processed by the organisation. - Attend meetings with customers and prospects to provide insights into how HICX implements security across the organization. Internal IT & Operations - Manage a small team of IT support admins providing internal IT support to HICX employees and contractors. - Act as the escalation point for complex IT issues, incidents, and problems requiring cross-team coordination. - Ensure IT support activities align with security controls, access management, and acceptable use requirements. - Oversee onboarding, offboarding, account lifecycle management, and device provisioning/deprovisioning. - Own and maintain standard operating procedures and the operations platform. - Help balance usability, cost, and security when selecting or renewing SaaS and IT tools. - Carry out other reasonable duties as required by the Company. Qualifications - Excellent track record of leading security audits; ISO 27001, SOC 2, Cyber Essentials Plus. - Proven experience in a senior information security leadership role (Head of Security, Information Security Manager, or similar), ideally within a SaaS or technology business. - Demonstrable experience building, operating, and maturing an ISMS, including achieving and maintaining SOC 2 and ISO 27001 certification. - Strong, hands-on knowledge of security tooling and controls; EDR, SIEM, MFA, identity and access management, device/endpoint management, and vulnerability management. - Solid understanding of cloud security (AWS, Azure, and Microsoft 365 admin suite). - Experience leading end-to-end security incident response, including out-of-hours management of major incidents. - Knowledge of UK GDPR/GDPR and global data protection laws, with experience acting as, or working closely with, a Data Protection Officer. - Experience of third-party, vendor, and supplier risk management, including due diligence and sub-processor oversight. - Experience completing customer security questionnaires and RFPs, maintaining a security knowledge base, and presenting security posture to customers and prospects. - Excellent communication skills, with the ability to translate technical risk into clear business language for technical and non-technical audiences, including executives and customers. - Strong leadership and people-management skills, with a track record of developing and motivating a small team. - Pragmatic, risk-based mindset that balances security with business enablement, usability, and cost. - Highly organised, self-motivated, and comfortable working autonomously within a fully remote, international team. - Collaborative and influential, able to embed a strong security culture across the whole organisation. - Relevant professional certification is desirable (e.g. CISSP, CISM, CISA, or ISO 27001 Lead Implementer/Auditor). - Experience managing internal IT operations and a small IT support team, onboarding/offboarding, account lifecycle, device provisioning, and SaaS administration is desirable. Benefits - Work from anywhere within the UK - we are a fully remote company. - Private health insurance. - Flexible PTO - We offer 25 days of paid holiday per year + England Bank Holidays. - We celebrate special occasions with you - like your birthday! Additional PTO for all employees during their birthdays. - Receive Competitive Pay - Our team makes sure to provide a highly competitive rate based on your skills and location. - Work with a diverse, international team.