Information Security Manager

We are pleased to partner with a leading firm in Newcastle, who are seeking an experienced Information Security Manager to join their team. This role will have a strong focus on audit, reporting into senior leadership, and offers the chance to shape and drive the information security agenda in a growing business., * Lead and coordinate security assessments, audits and compliance reviews - particularly aligned to ISO 27001 and Cyber Essential + frameworks and manage physical and IT security collaborations with facility teams.

• Develop and maintain the information security strategy and related policies, plans and processes.
• Monitor, analyse and respond to changes in the IT and information security landscape; provide timely guidance on emerging threats and vulnerabilities.
• Ensure organisational compliance with relevant legislation, standards and internal policies (e.g., GDPR, sector-specific regulation).
• Drive risk-based decision-making and ensure that security solutions and controls are aligned with the firm's risk appetite and business objectives.
• Deliver presentations and reports to senior leadership and key stakeholders as the designated subject matter expert in information security., At Core-Asset, we're committed to protecting and respecting your privacy. Our privacy statement explains when and why we collect personal information about people who engage with our services, how we use it, the conditions under which we may disclose it to others, and how we keep it secure. We may change this policy from time to time, so please check this policy occasionally to ensure that you're happy with any changes.

Do you have experience in Process improvement?, * Experience in an information security management role - preferably within financial services but not essential.

• Strong familiarity with information security frameworks and standards (e.g., ISO/IEC 27001:2022) and experience leading audits and compliance programmes.
• Excellent ability to engage with business stakeholders, translate business goals into security requirements and embed security into business processes.
• Robust understanding of legislative and regulatory requirements (e.g., GDPR, sector-specific regulation) and ability to embed policy, standards and governance.
• Experience in developing and implementing information security strategies, policies and controls across corporate IT, physical security and business operations.
• Strong risk management mindset: able to assess security risks, propose controls balanced with business imperatives, and articulate these to senior management.