Information Security Manager

Overview

In 2019, our founders were working as engineers solving complex cross-domain problems within government organisations. TwinStream was formed to consolidate their collective expertise and experience into one business, providing technical excellence and exceptional service to their clients. We have teams working both on-site with clients and remotely from home.

Information Security Manager

Location: Remote

Security Clearance: Eligible for SC/DV clearance

About the role

We're looking for a hands-on, mid-to-senior Information Security practitioner who enjoys getting involved in the practical aspects of security. This role is about delivery-updating and writing policies, delivering training, and providing clear, pragmatic security advice across TwinStream.

You'll work independently, owning day-to-day information security activities without line management responsibilities. While we may occasionally bring in specialist support, you'll be trusted to drive the work forward.

This role focuses on governance, risk, and compliance rather than IT operations. You won't be configuring systems or running security tools-our IT teams handle that-allowing you to focus on enabling secure delivery and building a positive security culture.

Key Responsibilities

• Manage information security incidents and security risks across the organisation
• Own and maintain the Information Security Management System (ISMS), including creating and updating policies, procedures, and guidance
• Ensure adherence to information security policies and standards
• Drive a programme of continuous information security improvement
• Embed and promote a positive security culture across the business
• Ensure compliance with relevant certifications and regulatory requirements, including ISO 27001, Cyber Essentials Plus, UK GDPR/Data Protection Act, and MOD CSM v3 and v4
• Plan and coordinate security audits (internal, external, customer, and penetration testing), managing evidence collection and tracking findings through to resolution
• Provide information security expertise to projects, services, and business initiatives, including developing or contributing to Security Management Plans
• Design and deliver information security training and awareness activities
• Contribute to Business Continuity, Disaster Recovery, and internal audit activities
• Act as the primary point of contact for information security across TwinStream

Key Skills

• Proven experience in an Information Security Manager or similar role, including security incident management, risk management, security governance, and providing practical information security guidance
• Experience embedding information security into the design, development, and delivery of software-based solutions, including secure development practices, cloud services, and integrated platforms
• Strong understanding of recognised information security frameworks and certifications, particularly ISO 27001 and Cyber Essentials Plus
• Good knowledge of relevant UK legislation and regulatory requirements
• Comfortable working remotely (within the UK) in a flexible, fast-paced environment
• Strong organisational skills with the ability to manage priorities effectively
• Excellent written and verbal communication skills, with the ability to tailor messaging for different audiences
• Relevant professional certifications such as CISSP (highly desirable), CISM, or ISO 27001 Lead Implementer/Auditor
• Ability and willingness to undergo UK Security Clearance (minimum SC level)

Desired Skills

• Experience in information security roles within the UK defence sector, national security sector, or other highly regulated industries
• Existing UK Security Clearance (SC)
• Familiarity with MOD security frameworks, including CSM v3 and v4, IPSA, and FSC
• Experience using the Atlassian suite, particularly Jira
• Demonstrated experience in managing security incidents and leading incident response teams
• Ability to present and be the focal point for security matters across the business
• Experience in supporting the security controller role in various security frameworks
• Understanding of insider threat operational and governance requirements, and experience in applying them

Benefits

• Pension Plan - Secure your future with our competitive pension plan that offers an 8% employer contribution.
• Private Medical Healthcare - Your health and well-being are our top priorities. Includes dental and optical care for you and your family.
• Learning and Development - Your career is in your hands. We empower you to take charge of your own development, giving you autonomy to shape your growth.
• Flexible Working - We understand the importance of balancing work and life. Flexibility is part of our culture.
• Electric Vehicle Scheme - Electric vehicle leasing through a salary sacrifice program.
• Holidays - 28 days of annual leave, plus bank holidays.
• Team Events - Quarterly meetings, Christmas and summer parties, and opportunities to connect as a team.
• Additional Benefits - Life assurance and a cycle-to-work scheme.

Further Information

To meet the security requirements of certain clients and industries we serve, any job offer will be contingent upon the successful completion of a security screening process.

At TwinStream, we take pride in being an equal opportunity employer. We celebrate diversity and are committed to fostering an inclusive environment where all individuals are valued and respected. We welcome applications from qualified candidates regardless of race, religion, disability, age, sexual orientation, or gender.

Note

This description retains the essential information from the original job posting while removing unrelated boilerplate content.