Information Security (InfoSec) Manager

London, England, United Kingdom

6/19/2025

Prevail Partners is seeking an experienced and technically capable Information Security Manager to help lead and grow our security function in a fast-paced and mission-driven organisation. While technically focused, this role offers significant opportunity to contribute to Prevail's strategic information security goals.

You will work closely with the Physical Security, Compliance and IT leads, as well as leaders across the business, to ensure our data, systems, infrastructure and people remain secure in dynamic and challenging environments. We are looking for a visible champion of information security with a proactive mindset, able to influence positive change at a senior level. Strong technical acumen and an ability to lead incident response and effectively manage risk is essential.

Key Responsibilities

Security Strategy & Governance

• Act as the company's lead advisor on cyber and information security, ensuring risks are identified, prioritised, and addressed with appropriate technical and procedural controls
• Shape and embed practical security governance aligned with real-world operational needs — integrating controls, risk assessments, and mitigation into core business activities
• Work with the Executive and project leadership to ensure security is represented in commercial proposals, assurance processes, and delivery planning
• Maintain strong relationships with relevant external stakeholders (e.g. NCSC, NPSA), monitoring threat intelligence and security guidance
  
  

Operational Security & Risk Management

• Lead the design, implementation, and monitoring of controls across endpoint security, identity and access management, and cloud infrastructure (e.g., AWS)
• Own and improve the incident response framework, including active participation in investigations, post-incident reviews, and business continuity planning
• Run regular tabletop exercises and scenario testing to ensure operational preparedness for cyber-attacks and disruptions
• Support secure architecture and infrastructure reviews across projects and services
  
  

Risk Management & Security Engineering

• Conduct and lead structured technical and procedural risk assessments, including threat modelling and security reviews for new projects or systems
• Collaborate with IT and engineering teams to identify, address, and continuously improve security control effectiveness
• Oversee the management of external security assessments and ensure remediation plans are executed effectively
• Maintain relevant security certifications such as Cyber Essentials / Plus and support the business in aligning with broader security frameworks (e.g., NIST CSF, CIS Controls)
  
  

Awareness & Security Culture

• Lead internal training, briefings and onboarding sessions to build awareness and support for secure behaviours across the organisation
• Act as a security advocate across teams, ensuring people understand their responsibilities and are equipped to play their part in reducing risk
• Collaborate with HR, IT, and project teams to identify emerging threats, implement detection mechanisms, and foster a strong security-first culture
  
  

Compliance & Governance

• Work in partnership with the Compliance Manager and DPO to ensure security measures support data protection obligations (e.g. UK GDPR)
• Maintain up-to-date records of security incidents, policies, and audit logs — ensuring documentation is meaningful and accessible
• Support leadership with security input into market entry, overseas operations, and client assurance processes
  
  

Requirements

• Able to achieve UK security clearance to SC level (resident in UK for minimum of 5 years)
• At least 5 years' experience in a technical security role, ideally within complex or high-risk operational environments
• Practical experience with cloud platforms (e.g. AWS, Azure), endpoint protection, IAM, vulnerability management, and SIEM/logging tools
• Strong understanding of cyber threats, insider risk, security engineering principles and network security
• Demonstrated experience managing the response to cyber incidents
• Familiar with automating tasks with Python or similar programming languages, as well as using SQL to query data at scale
• Knowledge of security frameworks such as NIST CSF, CIS Controls, and Cyber Essentials, with working knowledge of ISO 27001 beneficial but not essential
• Understanding of UK data protection law and its practical application within a security programme
• Security certifications (e.g. CISSP, CISM, CCSP, GIAC/SANS, AWS Security Specialty, or similar) are a plus
• Ability to build effective working relationships across technical and non-technical stakeholders
• Strong analytical, communication, and problem-solving skills
• Experience supporting secure delivery of technology platforms or sensitive services is highly desirable
  
  

Benefits

Us:

Prevail Partners delivers high quality intelligence, research and consultancy services to clients ranging from governments and multinational corporations to non-governmental organisations. These services are delivered predominantly across Europe, the Middle East and Africa.

We pride ourselves on selecting interesting projects which we believe can genuinely make a difference. You will be joining the company at a time of continued growth, and will be required to support a wide variety of these projects across the whole company.

What we offer here at Prevail:

Competitive salary, salary sacrifice pension, access to onsite gym facilities, enhanced leave polices, and private healthcare after two years at Prevail.