Information Security Manager (Fixed-Term Contract)

NQC is a successful and growing software company specialising in supply chain risk management platforms. We’re in the ‘Tech for Good’ space, providing online web platforms which are in use by some of the largest organisations across a number of industries.

Based in central Manchester, NQC offers a supportive working atmosphere within a diverse team of people. We work on a hybrid model and regularly meet up outside of the office for team socials and company events. This is an opportunity to work on globally recognised technology solutions used by major brands throughout the world, and become part of an exciting long term plan for sustainability, and a better future.

About your new role

As part of our continued growth, we are seeking an experienced Information Security Professional to lead our SaaS platform through a critical period of audit readiness, recertification and infrastructure migration. Please note that this role is a fixed-term contract, for a minimum of 3 months with the possibility to extend.

You will be responsible for evaluating our current Information Security Management System (ISMS) and processes, identifying vulnerabilities or documentation gaps, driving improvements through ISO27001 and TISAX audits and implementing the necessary controls to ensure successful certification outcome. You will lead the audit processes, liaising with third party auditing providers and internal stakeholders to ensure a successful audit outcome.

You will also lead the external penetration testing requirements for our platforms as we migrate onto the Google Cloud Platform (GCP) environment.

Key Responsibilities

As an Information Security Manager, you are expected to undertake the following responsibilities as part of your day to day activities:

• Act as the primary point of contact and project lead for ISO 27001 and TISAX recertification cycles.
• Conduct a comprehensive review of our existing systems, policies, and controls against necessary audit standards.
• Identify, analyse, and formulate treatment plans for information security risks.
• Identify vulnerabilities within the new cloud architecture and ensure the platform maintains security standards.
• Lead the external penetration testing requirements for our platforms.
• Draft, refine, and implement essential documentation, including the Statement of Applicability (SoA) and internal security policies.
• Work with our Development and Infrastructure teams to embed security controls into our SaaS workflow (e.g., access management, incident response, and change management).
• Perform a "pre-audit" to ensure all departments are compliant before the external body arrives.
• Brief senior staff on security best practices and their specific responsibilities under the ISMS.
• Any other ad-hoc duties as assigned.

As a dynamic organisation, NQC Ltd. may require for an employee’s duties to vary from time to time. The post holder acknowledges that they may be required to work flexibly and undertake other reasonable duties relevant to the role, within the scope of, and proportionate to, the nature of the post.

To be successful for this role, you will ideally meet these requirements:

• Proven experience leading organisations to successful audit certification or recertification.
• Proven experience implementing ISO 27001 within cloud-native (AWS/Azure/GCP) environments.
• Proven experience leading organisations through pentesting workflows within cloud-native environments,

• Exceptional documentation skills with the ability to simplify complex compliance requirements for non-technical stakeholders.
• Desirable: ISO 27001 Lead Implementer or Lead Auditor; CISSP or CISM.

Key Competencies

• Is consistently motivated, committed and able to perform duties in all situations.
• Communicates and receives ideas, views and information to achieve understanding.
• Champions NQC’s values and consistently acts in a principled, open and conscientious manner, challenging unacceptable behaviour.
• Plans and prioritises activities and resources to maximise performance and minimise errors. 
• Thinks creatively and embraces opportunities for change. 
• Works collaboratively with cross-functional teams and acts as a team player while supporting colleagues.

• Hybrid working policy of 60% office-based

• Salary sacrifice scheme
• 25 days holiday (Increasing with service) + bank holidays
• Enhanced Maternity and Paternity Leave
• Health Cash Plan
• Learning & Development through Udemy platform
• 24/7 Access to a Virtual GP
• Life Assurance (4 x Salary after 6 months)
• YuLife: Employee discounts and wellbeing platform
• Regular company socials & events