Information Security Manager

We are looking for a cybersecurity subject matter expert to provide technical advice to internal staff on cybersecurity best practices, risk management, and incident management.

This hands-on role focuses on governance, risk, and compliance, including developing and updating security policies, delivering training, and providing clear, practical security guidance across TwinStream.

You will work independently, driving day-to-day security activities and helping build a strong security culture, while enabling teams to deliver securely.

Key Responsibilities

• Provide technical information security expertise to projects, services, and business initiatives, including developing or contributing to Security Management Plans

• Manage information security incidents and security risks across the organisation

• Own and maintain the Information Security Management System (ISMS), including creating and updating policies, procedures, and guidance

• Ensure adherence to information security policies and standards

• Drive a programme of continuous information security improvement

• Embed and promote a positive security culture across the business

• Ensure compliance with relevant certifications and regulatory requirements, including ISO 27001, Cyber Essentials Plus, UK GDPR/Data Protection Act, and MOD CSM v3 and v4

• Assist with security audits (internal, external, customer, and penetration testing), managing evidence collection and tracking findings through to resolution

• Design and deliver information security training and awareness activities

• Contribute to Business Continuity, Disaster Recovery, and internal audit activities

• Act as the primary point of contact for information security across TwinStream

• Proven experience in an Information Security Manager or similar role, including security incident management, risk management, security governance, and providing practical information security guidance

• Experience embedding information security into the design, development, and delivery of software-based solutions, including secure development practices, cloud services, and integrated platforms

• Previous experience in a software development or defence environment

• Understanding of recognised information security frameworks and certifications, particularly ISO 27001 and Cyber Essentials Plus

• Good knowledge of relevant UK legislation and regulatory requirements

• Comfortable working remotely (within the UK) in a flexible, fast-paced environment

• Strong organisational skills with the ability to manage priorities effectively

• Excellent written and verbal communication skills, with the ability to tailor messaging for different audiences

• Relevant professional certifications such as CISSP (highly desirable), CISM, or ISO 27001 Lead Implementer/Auditor

• Ability and willingness to undergo UK Security Clearance (minimum SC level)

Desired Skills

• Experience in information security roles within the UK defence sector, national security sector, or other highly regulated industries

• Existing UK Security Clearance (SC)

• Familiarity with MOD security frameworks, including CSM v3 and v4, IPSA, and FSC

• Experience using the Atlassian suite, particularly Jira

• Demonstrated experience in managing security incidents and leading incident response teams.

• Ability to present and be the focal point for security matters across the business.

• Experience in supporting the security controller role in various security frameworks.

• Understanding of insider threat operational and governance requirements, and experience in applying them.

• Competitive salary and benefits package

• 28 days' holiday plus bank holidays, with the option to buy or sell an additional week

• Annual bonus

• 8% non-contributory pension

• Private healthcare and life insurance

• Enhanced parental leave

• Flexible working

• Opportunities for learning, development, and career progression

• Supportive and inclusive team environment

• The chance to work on meaningful projects

Diversity & Inclusion

We're committed to building a diverse and inclusive workplace. We welcome applications from people of all backgrounds, experiences, and identities.

If you need any adjustments during the recruitment process, please let us know-we're here to support you

In 2019, the founders were working as engineers solving complex cross-domain problems within government organisations. TwinStream was formed to bring together their collective expertise and experience into a single business, focused on delivering technical excellence and high-quality service to clients. Since then, the company has grown to over 100 team members across the UK, with colleagues working both on-site with clients, hybrid and remotely from home., To meet the security requirements of certain clients and industries we serve, any job offer will be contingent upon the successful completion of a security screening process.