We’re looking for an experienced Information Security professional to help unify and mature security governance across a complex multi-entity organisation following a major merger within a Charity. London/Midlands based on a hybrid basis.
This isn’t a strategy-from-scratch role — the roadmap already exists. We need a hands-on, delivery-focused Player-Manager who can bring structure, clarity and momentum to Group-wide Information Security operations.
The role:
- Merging two existing ISMS frameworks into a single Group-wide model
- Driving ISO 27001, Cyber Essentials & CE+ compliance activity
- Coordinating audits, remediation and certification readiness
- Embedding practical security controls into day-to-day operations
- Managing risk registers, policies, corrective actions & incident response
- Working closely with IT, Architecture, Legal, Finance and senior stakeholders
- Supporting Security Forums, governance reporting and resilience planning
We're looking for:
- Strong experience in Information Security Governance, Risk & Compliance
- Deep knowledge of ISO 27001 (ideally 2022 version)
- Experience with audits, ISMS delivery and continuous improvement
- Excellent stakeholder management and communication skills
- Ability to influence across multiple entities and teams
- Experience aligning or merging ISMS frameworks highly desirable
- CISM and/or NIST exposure advantageous
The ideal candidate would be focused on execution, excellent stakeholder management, and clear communication with experience managing complexity across multiple entities and prior experience merging ISMS frameworks would be a significant bonus.