Information Security Manager
Role details
Job location
Tech stack
Job description
We are seeking an Information Security Manager to shape how our information security is built into a new environment from the outset, rather than retrofitted later. Whilst good progress has already been made in our cyber security and information governance provision across the organisation, this exciting, new role will take the next step in managing and developing a more structured, consistent, and visible approach, seeking to embed good practice and build confidence.
This is not a purely technical or policy focused role. It will be responsible for ensuring our systems and information are safe, resilient, and used responsibly, helping our teams make secure choices in their day-to-day work, and educating staff to understand what this means in practice. The role will play an integral role in ensuring everything we do, and deliver, is secure by default and will ensure a practical, solutions focused approach to risk, helping teams move forward with confidence, building a positive security culture across the organisation.
This is a key role at an important point for the organisation. It will make a tangible impact across the work of Phyllis Tuckwell, both clinically and operationally.
The role will operate under the strategic direction of the Director of IT, Estates and Digital Transformation, while acting as the organisation's recognised subject matter expert in cyber security and information security. They will be the trusted authority in this area, supporting teams across the organisation and providing credible assurance to senior leaders., * Leading our approach to cyber security, risk management, and incident response
- Developing and improving our information security management system, aligned to standards such as Cyber Essentials Plus and NHS DSPT
- Identifying and managing risks across systems, processes, and suppliers
- Supporting teams to understand and apply good security practice in real-world situations
- Leading response to any cyber or data-related incidents, ensuring an appropriate and prompt response with a learning mindset
- Working with senior colleagues, including the SIRO and Caldicott Guardian, to provide assurance and oversight
- Building awareness and confidence across the organisation through training and engagement
- Ensuring security is built into new systems, projects, and supplier relationships from the outset
- Develop and deliver engaging information security training and awareness campaigns
- Promote a positive, non-blame culture where people feel confident to report incidents or concerns
- Provide practical advice that helps teams make secure choices in day-to-day work
- Act as a visible and approachable subject matter expert across the organisation
Requirements
Candidates should possess a balanced skillset across technical cyber security and governance, risk, and compliance (GRC) combined with the ability to translate this into clear, organisation-wide governance and assurance. They will be comfortable with detail, whilst also providing proportionate, practical oversight at an organisational level. They should demonstrate:
Strong technical grounding in cyber security including networks, endpoints, identity, vulnerabilities, and incident response
- Experience in applying that knowledge to real world risk management, not just theoretical controls
- Good understanding of governance, assurance, and security frameworks such as Cyber Essentials Plus, ISO 27001, and NHS DSPT
- Ability to move comfortably between technical detail and clear, plain-English communication for non-technical audiences
- Experience in providing assurance to senior stakeholders such as risk reporting, audit, or governance forums
- An enabling, solutions-focused approach with the ability to balance risk, with the need to get things done
- Strong focus on behaviour and culture, not just controls and policy
- Able to challenge constructively while helping teams find workable solutions
- Comfortable influencing across teams and building trusted relationships
Relevant qualifications or certifications such as CISSP, CISM, or Security+ are helpful.
Whilst a hospice background is not required, applicants should understand the importance of working in a people-focused, regulated environment.
Benefits & conditions
Excellent Benefits
· Six weeks paid holiday plus public holidays
· Phyllis Tuckwell Group Personal Pension Plan (matched contributions up to 7.5%)
· Health Cash Plan Scheme
· Employee Assistance Programme
· Staff Benefit Scheme
· Blue Light Discount Card
Excellent Career Development
- Leadership Development
- Skill Development, Project-Based Learning and Diverse training courses
- Apprenticeships
- Coaching
- Cross Departmental Projects
A Great Place to Work
· Equal Opportunities employer
· Flexible working
· Supportive colleagues
· 97% of our staff are proud to work for Phyllis Tuckwell*, Job Types: Full-time, Permanent
Pay: £55,000.00 per year
Benefits:
- Bereavement leave
- Canteen
- Company pension
- Enhanced maternity leave
- Free flu jabs
- Free parking
- Health & wellbeing programme
- Life insurance
- On-site parking
- Referral programme
- Sick pay
- Work from home
