Senior Manager Information Security

Senior Security Information Manager

Location:
Hybrid – UK (Remote with travel to data centres in Norway and other European sites as required)

Reports To:
Head of Information Security

Department:
Security, Compliance & Risk

Role Overview

We are seeking a Senior Security Information Manager to work closely with the Head of Information Security in building and managing an end-to-end security framework across physical, technical, and organizational domains. This is a
hands-on, execution-focused role
in a complex environment spanning hyperscale GPU clusters, critical infrastructure, and compliance programs including SOC 2 Type II, ISO 27001/17/18, Cyber Essentials Plus, ISO 22301, and ISO 22237.

The role involves supporting certification, audit readiness, incident response, and driving operational maturity across multiple sites and systems. UK government security clearance up to DV is required.

Key Responsibilities

Governance, Risk & Compliance

• Support delivery and maintenance of ISO 27001, ISO 27017/27018, SOC 2 Type II, Cyber Essentials Plus, and ISO 22301 frameworks.
• Maintain the Information Security Management System (ISMS), risk register, and control evidence for audits.
• Manage third-party risk, ensuring supplier compliance and onboarding reviews.
• Develop and track KPIs/KRIs for security operations and compliance health.

Operational Security

• Oversee vulnerability management, endpoint detection, and security incident workflows in partnership with internal teams or MSSPs.
• Support incident detection, triage, investigation, and root-cause analysis.
• Own operational runbooks for containment, eradication, and recovery procedures.
• Review access control, privileged-user logs, and infrastructure security baselines.
• Maintain asset inventory, patch cadence, and configuration compliance across servers, workstations, and Kubernetes workloads.

Physical & Data Centre Security

• Support the physical security program at all data centres, ensuring alignment with ISO 27001 Annex A.11 and ISO 22237.
• Maintain visitor management and access audit trails, assisting with incident reviews and compliance documentation.

Awareness & Culture

• Support security awareness and phishing simulation programs.
• Develop clear communications and training materials to reinforce security accountability across teams.

Continuous Improvement

• Contribute to architecture reviews, change-control boards, and project assessments.
• Identify and implement automation opportunities to reduce manual compliance and reporting overhead.
• Track and report on control effectiveness, audit findings, and remediation progress to senior leadership.

Experience & Skills

Essential

• 5+ years in information or physical security management within data centre, cloud, or MSP environments.
• Active CISSP certification.
• Deep familiarity with ISO 27001, SOC 2, NIST CSF, and Cyber Essentials Plus frameworks.
• Experience leading or supporting audits and external assessments.
• Strong understanding of incident response, vulnerability management, and access control processes.
• Excellent documentation, communication, and stakeholder management skills.
• Hands-on with GRC tooling.

Desirable

• Experience with hyperscale GPU clusters, HPC architectures, or AI-focused data-centre environments.
• Experience implementing SOC 2 Type II evidence automation and continuous-compliance tooling.
• Knowledge of EU data-sovereignty requirements (GDPR, EUCS, NIS2, DORA) for multi-site HPC operations.
• Kubernetes security experience, including admission controllers, network policies, and container hardening.
• Familiarity with physical security technologies: access control, CCTV, SIAM, alarms, and sensors.
• Experience with enterprise security platforms (Darktrace, Tenable, Exabeam, Thales CipherTrust).
• Scripting/automation skills (Python, Bash, PowerShell).
• Knowledge of supply-chain and contractor security in data-centre environments.
• Experience supporting incident response in complex hybrid cloud/on-prem environments.
• Additional certifications: CISM, ISO 27001 Lead Auditor, CEH, GIAC (GCIA, GCED, GCIH), CCSP.

Personal Attributes

• Calm, structured, and decisive under pressure.
• Pragmatic and collaborative, bridging technical teams, compliance partners, and auditors.
• High attention to detail with the ability to prioritize effectively.
• Strong sense of integrity, confidentiality, and accountability.