
How your CV stacks up
Upload your CV to see how well it fits this job role
?%
Information Security Manager
HICX: Information Security Manager
HICX is a leading worldwide provider of enterprise SaaS solutions for digital supplier management. We help Global 5000 companies to organise and manage their supplier data using our Supplier Management platform, enabling efficient supplier on-boarding, lifecycle management, and data reuse across systems. Our clients, including Unilever, Lenovo, Mars, Mondelez, Baker Hughes, and EDF Energy, trust HICX for seamless supplier data governance—a crucial component of digital transformation and customer-centricity.
📋 Role Description
We are hiring for an Information Security Manager to spearhead our internal IT function, reporting to the CFO (or as assigned). This role is critical in safeguarding HICX’s infrastructure, data, and compliance—balancing security with business enablement.
�λλην Responsibilities
1. Security Strategy & Compliance
- Lead and implement the overall information security strategy, aligning with ISO 27001, SOC 2, and global regulations.
- Ensure ISMS (Information Security Management System) standards are adopted, monitored for compliance, and continuously improved.
- Guide security architecture and design decisions, incorporating best practices and risk mitigation.
- Oversee security tooling:
- EDR (Endpoint Detection & Response)
- SIEM (Security Information & Event Management)
- MFA (Multi-Factor Authentication)
- Password managers
- Device/endpoint management
- Access review processes
2. Incident & Escalation Management
- Serve as the primary escalation point (24/7) for major security incidents, adhering to the Out-of-Hours Major Security Incident process.
- Coordinate incident response, corrective actions, and post-mortems to prevent recurrence.
3. Governance, Risk & Audit
- Own all security documentation, including:
- Policies, standards, exceptions
- Risk registers
- Control evidence
- Oversee internal risk assessment and audit programs, collaborating with auditors to remediate findings and track improvements to closure.
- Third-party risk management:
- Conduct due diligence, vendor/supplier security assessments
- Manage sub-processor oversight
- Streamline access control processes, validating permissions across divisions/teams and ensuring adherence to the principle of least privilege.
- Provide executive management reports on:
- Risk posture
- Incident metrics
- Audit status
- Service trends & improvement plans
- Embed security controls into processes across engineering, DevOps, HR, and customer-facing teams.
- Drive ongoing governance improvements through collaboration and policy refinement.
Reasons to use Rodeo
I’m in my final year doing Economics and I don’t know whether to apply for grad schemes now or do a masters first. What do you think?
Honest answer — it depends on where you want to end up. A lot of top grad schemes (Big 4, civil service, banking) don’t need a masters. Let’s look at the ones you’d be competitive for now, and we can decide if a masters actually adds anything.
Also worth knowing: most autumn 2026 applications are open now. Timing matters more than you think.
Start with a chat, not a search bar
Grad scheme, placement, apprenticeship? Not sure what you want yet — that's fine. Your agent talks it through with you and turns "I have no idea" into a shortlist.
Graduate Consultant — 2026 Scheme
Why you're a good match
StrongYour economics background and your summer at a regional bank line up with what PwC looks for on the consulting scheme. Applications close in four weeks.
See breakdownIt searches the market for you
Every day your agent scans the market matching roles against what actually matters to you, not just keywords on a CV.
Why you're a good match
You’ve got the grades and the economics background, and your bank internship is exactly the experience this scheme looks for. Apply soon — deadlines close within the month.
Experience fit
Your summer at the bank plus your econometrics coursework map directly to the day-one responsibilities on this scheme — client modelling, market briefings, and deal support.
Only hits
No noise. No "maybe this fits." Just roles with a clear explanation of why they're right — and where to focus when applying.
4. Data Privacy
- Address data privacy and protection concerns, including responses to customer inquiries under UK GDPR/GDPR.
- Act as the Data Protection Officer (DPO) as required to ensure compliance.
5. Policy, Awareness & Customer Assurance
- Enforce security policies, promoting adoption and compliance across the company.
- Deliver security awareness training and campaigns to strengthen corporate culture.
- Prepare security-related RFPs and customer questionnaires, maintaining a security knowledge base for audit and assurance purposes.
- Represent HICX in customer/prospect meetings, showcasing security practices and mitigating risks.
6. Internal IT & Operations
- Manage a small IT support admin team, providing anticipatory service to employees/contractors.
- Serve as the escalation escalation point for complex IT issues, collaborating cross-functionally.
- Align IT support with security controls, access management, and usable policies.
- Oversee:
- Onboarding/offboarding processes
- Account lifecycle management
- Device provisioning/deprovisioning
- Maintain standard operating procedures (SOPs) and operations platforms.
- Evaluate SaaS/IT tools for cost, security usability trade-offs.
🛡️ Requirements & Desired Skills
Core Qualifications
- Proven 5+ years’ experience in senior information security leadership (e.g., Head of Security, Information Security Manager).
- Hands-on expertise in:
- ISO 27001, SOC 2, and Cyber Essentials+ certifications
- Developing, operating, and maturing an ISMS
- Strong security tooling knowledge:
- EDR, SIEM, MFA, identity/access management, vulnerability management
- Cloud security expertise (e.g., AWS, Azure, Microsoft 365 admin) and end-to-end incident response.
- Knowledge of UK GDPR/GDPR, with experience as a DPO or close collaborator.
- Experience in third-party risk management, vendor assessments, and sub-processor reviews.


Get help with your application
Your very own career expert that helps elevate your application to the next level.
Soft Skills & Leadership
- Exceptional communication, able to translate technical risk into actionable business insights for executives, non-technical teams, and customers.
- Team leadership—ability to develop, mentor, and motivate a small team.
- Risk-aware pragmatist: Balancing security, usability, cost, and business enablement.
- Proactive, highly organised, and capable of autonomous work in a fully remote, international environment.
- Conviction to embed security culture: Proven ability to influence behaviors and drive policy adoption across all departments.
Desirable Certifications & Experience
- Professional certifications (e.g., CISSP, CISM, CISA, ISO 27001 Lead Auditor).
- Managing internal IT operations, including saas administration, onboarding, device lifecycle, and helpdesk support.
🍀 Benefits (UK-Based)
- Remote work: Flexible policy—work from anywhere within the UK.
- Private health insurance: Ensure wellness and peace of mind.
- Generous PTO: 25 paid holiday days + UK Bank Holidays (plus happy birthday day off!).
- Competitive salary: Tailored based on your skills, location, and experience.
- Global team: Collaborate with a diverse, international workforce.
- Culture of appreciation: Celebrate milestones and work anniversaries.
"HICX does not discriminate 🌍—we value inclusivity in everything we do."
Apply today to safeguard enterprise innovation!
“It took my CV and asked me questions relevant to understanding what kind of jobs to suggest for me. Suggestions were almost perfect. Jobs were exactly what I’ve been looking for.”
Jessica, London
Skills
Location