Information Security Manager

Westhill, Scotland, United Kingdom

4/16/2025

The Information Security Manager (ISM) will lead the Cyber Security Centre of Excellence at Subsea7, acting as a bridge between the IT Cyber Security and Compliance Director's strategic activities and the technical work of analysts, engineers, and architects.

The ISM will translate IT risk requirements into technical control specifications, develop performance metrics, and coordinate technical activities to manage security infrastructure. This role requires a strong technical background and the ability to align IT and business priorities with security measures. The ISM will also balance real-world risks with business drivers like speed, agility, and performance.

Key responsibilities include leading project teams, managing vendor relationships, and ensuring service levels are met. The ISM will manage technical staff, documentation, and presentation skills, and coordinate security-related activities across IT operations.

What will you be doing?

• Develop a security program and projects with the IT Cyber Security and Compliance Director.
• Assess and report on current and future threats.
• Create budget projections for short- and long-term goals.
• Monitor and enforce compliance with security policies.
• Propose changes to policies for efficiency and compliance.
• Manage and develop a team of security professionals.
• Assist with security audit responses.
• Provide security communication, awareness, and training.
• Manage production issues and participate in change management.
• Participate in the information security governance process.
• Define metrics and reporting strategies with stakeholders.
• Support legal and regulatory compliance efforts.
• Ensure security in hardware, applications, and software.
• Implement technical controls to enforce security policies.
• Align business, technical, and security requirements.
• Develop a strong relationship with the IT Security team.
• Report on technical aspects of security management.
• Manage outsourced vendors for security functions.
• Coordinate incident management and reporting.
• Maintain a knowledgebase of security trends and regulations.
• Manage threat and vulnerability activities.
• Provide guidance on security matters for IT projects.
• Assist in disaster recovery planning and testing.
• Review audit trails and system logs for compliance.
  
  

Key Relationships/Stakeholders

External: Industry peers, audit partners, IT service partners, business partners, professional bodies.

Internal: Heads of business functions, senior management, IT colleagues.

What experience would we like you to have?

• Extensive IT experience, with significant information security experience.
• Experience within a supervisory position.
• Preferred security certifications (e.g., CISSP, CISM).
• Experience with cyber security control frameworks (e.g., NIST, ISO) and delivering Information Security in modern digital workplaces.
• Strong technical background and proficiency in risk assessments.
• Knowledge of cyber risk in the Maritime industry and OT/SCADA infrastructure is preferred.
• Excellent leadership, negotiation, and communication skills.
  
  

Candidates must have the Right to Work in the UK.