Rodeo
ResourcesPartnersSign in

HICX

Information Security Manager

London
Posted 7 days ago
Sign up to applySee more jobs like this

How your CV stacks up

1Upload CV
2Analyse CV
3Improve CV

Upload your CV to see how well it fits this job role

?%

Information Security Manager

HICX: Information Security Manager

HICX is a leading worldwide provider of enterprise SaaS solutions for digital supplier management. We help Global 5000 companies to organise and manage their supplier data using our Supplier Management platform, enabling efficient supplier on-boarding, lifecycle management, and data reuse across systems. Our clients, including Unilever, Lenovo, Mars, Mondelez, Baker Hughes, and EDF Energy, trust HICX for seamless supplier data governance—a crucial component of digital transformation and customer-centricity.


📋 Role Description

We are hiring for an Information Security Manager to spearhead our internal IT function, reporting to the CFO (or as assigned). This role is critical in safeguarding HICX’s infrastructure, data, and compliance—balancing security with business enablement.


�λλην Responsibilities

1. Security Strategy & Compliance

  • Lead and implement the overall information security strategy, aligning with ISO 27001, SOC 2, and global regulations.
  • Ensure ISMS (Information Security Management System) standards are adopted, monitored for compliance, and continuously improved.
  • Guide security architecture and design decisions, incorporating best practices and risk mitigation.
  • Oversee security tooling:
    • EDR (Endpoint Detection & Response)
    • SIEM (Security Information & Event Management)
    • MFA (Multi-Factor Authentication)
    • Password managers
    • Device/endpoint management
    • Access review processes

2. Incident & Escalation Management

  • Serve as the primary escalation point (24/7) for major security incidents, adhering to the Out-of-Hours Major Security Incident process.
  • Coordinate incident response, corrective actions, and post-mortems to prevent recurrence.

3. Governance, Risk & Audit

  • Own all security documentation, including:
    • Policies, standards, exceptions
    • Risk registers
    • Control evidence
  • Oversee internal risk assessment and audit programs, collaborating with auditors to remediate findings and track improvements to closure.
  • Third-party risk management:
    • Conduct due diligence, vendor/supplier security assessments
    • Manage sub-processor oversight
  • Streamline access control processes, validating permissions across divisions/teams and ensuring adherence to the principle of least privilege.
  • Provide executive management reports on:
    • Risk posture
    • Incident metrics
    • Audit status
    • Service trends & improvement plans
  • Embed security controls into processes across engineering, DevOps, HR, and customer-facing teams.
  • Drive ongoing governance improvements through collaboration and policy refinement.

Reasons to use Rodeo

I’m in my final year doing Economics and I don’t know whether to apply for grad schemes now or do a masters first. What do you think?

Honest answer — it depends on where you want to end up. A lot of top grad schemes (Big 4, civil service, banking) don’t need a masters. Let’s look at the ones you’d be competitive for now, and we can decide if a masters actually adds anything.

Also worth knowing: most autumn 2026 applications are open now. Timing matters more than you think.

Start with a chat, not a search bar

Grad scheme, placement, apprenticeship? Not sure what you want yet — that's fine. Your agent talks it through with you and turns "I have no idea" into a shortlist.

P

Graduate Consultant — 2026 Scheme

PwC·London, UK
£35,000/yr

Why you're a good match

Strong

Your economics background and your summer at a regional bank line up with what PwC looks for on the consulting scheme. Applications close in four weeks.

See breakdown
Save jobNot relevant
View details

It searches the market for you

Every day your agent scans the market matching roles against what actually matters to you, not just keywords on a CV.

Why you're a good match

You’ve got the grades and the economics background, and your bank internship is exactly the experience this scheme looks for. Apply soon — deadlines close within the month.

See breakdown
Strong

Experience fit

Your summer at the bank plus your econometrics coursework map directly to the day-one responsibilities on this scheme — client modelling, market briefings, and deal support.

See breakdown
Strong

Only hits

No noise. No "maybe this fits." Just roles with a clear explanation of why they're right — and where to focus when applying.

4. Data Privacy

  • Address data privacy and protection concerns, including responses to customer inquiries under UK GDPR/GDPR.
  • Act as the Data Protection Officer (DPO) as required to ensure compliance.

5. Policy, Awareness & Customer Assurance

  • Enforce security policies, promoting adoption and compliance across the company.
  • Deliver security awareness training and campaigns to strengthen corporate culture.
  • Prepare security-related RFPs and customer questionnaires, maintaining a security knowledge base for audit and assurance purposes.
  • Represent HICX in customer/prospect meetings, showcasing security practices and mitigating risks.

6. Internal IT & Operations

  • Manage a small IT support admin team, providing anticipatory service to employees/contractors.
  • Serve as the escalation escalation point for complex IT issues, collaborating cross-functionally.
  • Align IT support with security controls, access management, and usable policies.
  • Oversee:
    • Onboarding/offboarding processes
    • Account lifecycle management
    • Device provisioning/deprovisioning
  • Maintain standard operating procedures (SOPs) and operations platforms.
  • Evaluate SaaS/IT tools for cost, security usability trade-offs.

🛡️ Requirements & Desired Skills

Core Qualifications

  • Proven 5+ years’ experience in senior information security leadership (e.g., Head of Security, Information Security Manager).
  • Hands-on expertise in:
    • ISO 27001, SOC 2, and Cyber Essentials+ certifications
    • Developing, operating, and maturing an ISMS
  • Strong security tooling knowledge:
    • EDR, SIEM, MFA, identity/access management, vulnerability management
  • Cloud security expertise (e.g., AWS, Azure, Microsoft 365 admin) and end-to-end incident response.
  • Knowledge of UK GDPR/GDPR, with experience as a DPO or close collaborator.
  • Experience in third-party risk management, vendor assessments, and sub-processor reviews.

Get help with your application

Your very own career expert that helps elevate your application to the next level.

Get help applying for this job

Soft Skills & Leadership

  • Exceptional communication, able to translate technical risk into actionable business insights for executives, non-technical teams, and customers.
  • Team leadership—ability to develop, mentor, and motivate a small team.
  • Risk-aware pragmatist: Balancing security, usability, cost, and business enablement.
  • Proactive, highly organised, and capable of autonomous work in a fully remote, international environment.
  • Conviction to embed security culture: Proven ability to influence behaviors and drive policy adoption across all departments.

Desirable Certifications & Experience

  • Professional certifications (e.g., CISSP, CISM, CISA, ISO 27001 Lead Auditor).
  • Managing internal IT operations, including saas administration, onboarding, device lifecycle, and helpdesk support.

🍀 Benefits (UK-Based)

  • Remote work: Flexible policy—work from anywhere within the UK.
  • Private health insurance: Ensure wellness and peace of mind.
  • Generous PTO: 25 paid holiday days + UK Bank Holidays (plus happy birthday day off!).
  • Competitive salary: Tailored based on your skills, location, and experience.
  • Global team: Collaborate with a diverse, international workforce.
  • Culture of appreciation: Celebrate milestones and work anniversaries.

"HICX does not discriminate 🌍—we value inclusivity in everything we do."

Apply today to safeguard enterprise innovation!

Trusted by 25,000+ job seekers

“It took my CV and asked me questions relevant to understanding what kind of jobs to suggest for me. Suggestions were almost perfect. Jobs were exactly what I’ve been looking for.”

Jessica, London

Get help applying for this job

Skills

Information Security
ISMS
SOC 2
ISO 27001
EDR
SIEM
MFA
Data Protection
Cloud Security
Risk Management
Incident Response
Vendor Management
Communication
Leadership
Team Management
Security Awareness

Location

London, England, United Kingdom

Sign up to applySee more jobs like this