Information Security Manager

InstaVolt is the largest owner-operator of rapid electric vehicle charging stations across the UK. In this important role, you will work closely with our international IT team to lead the organisation’s cybersecurity and information risk agenda, including oversight of ISO 27001 and broader security governance across the business.

We are looking for a highly skilled and experienced Information Security Manager to join our team. In this role, you will be responsible for supporting the design, implementation, and ongoing management of our Information Security Management System (ISMS) in accordance with ISO 27001:2022 and our automated assurance framework. You will collaborate closely with internal teams to ensure the company complies with industry standards, regulatory requirements, and best practices for cyber risk management and compliance.

You should also be confident in coordinating technical security assurance activities, including supplier due diligence, security architecture oversight, incident remediation, SOC alert triage and management, and hardening of security tools. These actions ensure the confidentiality, integrity, and availability of our information assets while protecting them from unauthorised access or disclosure. This position offers a unique opportunity to work with diverse teams and optimise our systems to support our Governance, Risk, and Compliance (GRC) objectives.

£55,000 – £65,000 Depending on experience.

Responsibilities:

• Maintain the Information Security Management System (ISMS) in compliance with ISO 27001:2022 standards (70% focus).
• Establish, maintain, and enforce comprehensive security policies, procedures, and technical controls to mitigate information security risks and vulnerabilities.
• Conduct regular risk and vulnerability assessments to identify potential threats and weaknesses in our information security posture.
• Oversee the triage, investigation, and response to Security Operations Centre (SOC) alerts, ensuring timely remediation and escalation of incidents where required.
• Collaborate with internal stakeholders to ensure that security requirements are integrated into business processes and systems.
• Lead internal audits and coordinate external audits and certifications to assess ISMS effectiveness and drive continuous improvement.
• Define and enforce information security policies, standards, and guidelines across the organisation.
• Monitor and enforce compliance with all information security policies, procedures, and standards.
• Manage and govern tabletop/red team exercises and maintain incident response playbooks.
• Lead and support security incident investigations, managing root-cause analysis and corrective actions.
• Provide guidance and support to employees on information security matters and promote a culture of security awareness throughout the organisation.
• Stay up to date on the latest information security trends, threats, and best practices, and make recommendations to enhance the organisation’s security posture.
• Conduct technical security due diligence on new suppliers, platforms, and software, including security architecture reviews and compliance verification (e.g., ISO 27001, SOC 2, PEN test results) (30% focus).
• Collaborate with procurement, legal, and product teams to embed security requirements in onboarding and contract processes.
• Prepare and deliver reports on security metrics, incidents, SOC findings, and compliance outcomes to senior management and stakeholders.

Required Qualifications & Desirable Characteristics:

• Professional certifications in information security, such as CISSP, CISM, ISO 27001 Lead Auditor/Implementer, or equivalent.
• Extensive experience (7+ years) in information security management, with a primary focus on ISO 27001 compliance, security operations, and incident management.
• Hands-on experience managing or integrating with a Security Operations Centre (SOC), including alert triage, threat containment, and root-cause analysis.
• Deep understanding of ISO 27001 standards and best practices, as well as other frameworks (e.g., NIST, NIS2).
• Proven experience in developing and implementing security policies, procedures, and controls.
• Familiarity with risk assessment methodologies and tools.
• Strong technical understanding of modern IT and cloud environments, including governance of third-party platforms and suppliers for security risks.
• Excellent communication and interpersonal skills, with confidence to collaborate at all organisational levels.
• Strong analytical and problem-solving abilities.
• Ability to manage multiple priorities and meet deadlines in a fast-paced environment.
• High integrity and commitment to maintaining confidentiality.

Other benefits to include:

• Competitive salary – dependent on experience & qualifications
• 10% discretionary annual bonus
• Company sick pay (30 days full pay & 30 days half pay per annum)
• Access for you & your family to join our Help@Hand virtual private healthcare app
• 25 days holiday + Bank Holidays
• 1 Paid volunteering day per year
• 1 paid day off if you are moving house
• Life insurance at 3 x annual salary from day 1
• Admission to pension scheme following successful 3-month employment
• Ongoing training in career building avenues, including study support
• Opportunity to enrol onto our salary sacrifice EV scheme
• Cycle to work scheme
• Access to PerkPal platform
• Quarterly company events
• Free snacks & drinks in the office
• Free office parking
• Free shuttle bus to/from Basingstoke Train Station

One last thing… We’re an equal opportunity employer. We are committed to equality and diversity, and all applicants will be considered for employment without attention to race, colour, religion, sex, sexual orientation, gender identity, national origin, or disability status.