Information Security Manager

As Cornerstone’s Information Security Manager, you will lead the development, implementation, and continuous improvement of our Information Security Management System (ISMS), ensuring alignment with ISO 27001:2022. You will be responsible for safeguarding our digital infrastructure, managing cyber risk, and embedding a security-first culture across the organisation.

This is a strategic and hands-on role, requiring collaboration across IT, legal, procurement, and operational teams. You will act as the primary point of contact for all matters related to information assurance, supplier security assurance, incident response, and regulatory compliance.

• Technology Oversight: Evaluate and implement security tools and technologies. Collaborate with IT Operations and infrastructure teams to embed security into system design and operations.
• Coordinate ISO 27001 certification audits and maintain ongoing compliance on behalf of the IT & Digital function. Actively support and contribute to health and safety, environmental sustainability, business continuity, and information security initiatives, ensuring we meet our obligations to customers and regulatory standards
• Cyber Awareness Programme: Champion a culture of security awareness through training, phishing simulations, ensuring staff compliance with mandatory cyber training and internal communications
• Compliance & Certification: Ensure ongoing compliance with GDPR, ISO standards, and other regulatory frameworks. Lead surveillance audits and certification renewals.
• Incident Response: Lead the response to security incidents, including forensic analysis, reporting, and remediation. Coordinate with law enforcement and external partners where necessary.
• Risk Management: Identify, evaluate, and mitigate information security risks across systems, suppliers, and processes. Maintain visibility over key cyber risks and report to senior leadership.
• Collaborate closely with IT SecOps team members to ensure security controls remain effective. Where gaps are identified, implement appropriate mitigation measures and lead the response to security incidents in a timely and coordinated manner.
• ISMS Leadership: Own and maintain the ISMS, ensuring it meets ISO 27001:2022 requirements and supports business objectives.
• Policy & Governance: Draft, review, and enforce security policies and procedures. Chair or support governance forums such as the ISMS Review and Information Security Steering Group.
• Supplier Assurance: Conduct security reviews and audits of third-party vendors. Ensure compliance with Cornerstone’s security policies and contractual obligations.
• Secure Development: Ensure that security considerations are embedded throughout the project lifecycle, from initial design through to deployment and ongoing maintenance
• Leadership and professional judgement are central to the position. The postholder will lead regular internal and customer orientated security governance meetings, oversee cross-departmental initiatives, and foster a culture of security awareness throughout Cornerstone. The role also involves close collaboration with the IT Security Operations team, contributing to continuous improvement, and supporting Cornerstone's ongoing security and compliance maturity.

• Familiarity with Cofense phishing simulation tool, ISMS Online, Qualys VMDR
• Experience with supplier assurance, penetration testing, and vulnerability management.
• The role requires strong proficiency in vulnerability management, coordinating penetration testing, supplier security assurance, and incident response. A thorough understanding of legal and procedural obligations relating to data protection and information governance is essential.
• Excellent communication and stakeholder management skills are required, with the ability to articulate technical risks in a clear and business-focused manner. Analytical and problem-solving skills are critical to effectively identify vulnerabilities, assess risks, and deliver appropriate mitigation strategies in collaboration with internal and external stakeholders.
• Proven experience managing an enterprise ISMS and leading ISO 27001 audits.
• Strong understanding of cyber threats, cloud security (Azure, M365), and regulatory compliance.
• They will have a comprehensive understanding of cyber threats, cloud security, particularly within Azure and Microsoft 365 environments, and key regulatory and compliance frameworks, including GDPR and ISO 27001. Experience with security and compliance tools such as ISMS Online, Qualys VMDR, and Cofense phishing simulation would be highly advantageous.
• Ability to work independently and influence cross-functional teams.
• Excellent stakeholder engagement and communication skills.
• The successful candidate will possess substantial experience in managing and maintaining an enterprise Information Security Management System (ISMS), with a demonstrable track record of leading and supporting external ISO 27001 audits and implementing and managing robust security frameworks.
• Suitable candidates are likely to have prior experience in roles such as Information Security Manager, Security Lead, or Senior Security Analyst, ideally within ISO 27001-certified or similarly regulated environments.

• 30 days holiday
• Competitive salary and an excellent bonus structure
• Hybrid working
• Life insurance
• Competitive pension scheme
• Cycle to Work
• Competitive refer a friend scheme
• Private Healthcare Insurance
• Retail Discount