Rodeo
ResourcesPartnersSign in

British Land

Information Security Manager

London
Posted about 6 hours ago
Sign up to applySee more jobs like this

How your CV stacks up

1Upload CV
2Analyse CV
3Improve CV

Upload your CV to see how well it fits this job role

?%

Information Security Manager

Department: Technology

Location: Central London (Regent's Place, NW1) Hybrid – 4 days in office

Reporting to: Head of Information Security

Type of Contract: Permanent

Places People Prefer

Our purpose is to create and manage outstanding places which deliver positive outcomes for all our stakeholders on a long term, sustainable basis.

We are a FTSE listed business with a strong balance sheet and £15.2bn of assets under management. But with just 600 employees you’re given the ability to make a big impact and elevate your career quickly.

Our diverse, passionate team of experts works on some of the most ambitious, innovative and sustainable projects in the country – from our high-quality campuses across central London, to some of the top retail schemes in the UK – providing a rewarding career journey where you can shape how you grow.

We believe in shared success and enabling people to be themselves. If you want to feel listened to and understood in an environment where your opinions count and bright ideas are encouraged, you’ve come to the right place!

In our latest engagement survey, 81% of colleagues said they are proud to work at British Land!

The Role

Reporting to the head of information security, this role plays a central part in protecting British Land's information assets across both business technology and property technology. The primary focus is on the development, implementation, and management of British Land's information security governance, risk, and compliance programme — ensuring alignment with regulatory requirements, industry standards (e.g. Iso 27001, nist), and good practice.

As a member of a small, high-impact team, the role requires an all-rounder who can move comfortably between governance activities and broader cyber security topics. The successful candidate will have sufficient technical understanding to engage credibly with the wider infosec team, challenge supplier technical proposals, and contribute to operational security activities where required. An appreciation of emerging technologies, particularly AI, and a genuine interest in how these can be leveraged to strengthen information security, is essential.

What You’ll Do

Assisting with the support of technologies in the following categories:

Governance:

  • Develop and maintain information security policies, standards, and procedures.
  • Ensure alignment of security policies with business objectives and regulatory requirements.
  • Monitor compliance with policies and conduct regular reviews and updates of security policies and procedures
  • Complete security assessments for third party suppliers, assets (buildings/retail) and projects to ensure adherence to cyber security policies and standards
  • Deliver and maintain the supplier risk assessment process

Risk Management:

  • Identify and assess information security risks across the organisation and maintain the risk register
  • Develop and implement risk mitigation strategies and action plans.
  • Conduct regular risk assessments and audits to ensure compliance with security policies and standards.
  • Monitor and report on the status of risk management activities

Compliance:

  • Ensure compliance with relevant laws, regulations, and industry standards (e.g., GDPR, ISO 27001).
  • Coordinate and support internal and external audits and assessments.
  • Develop and deliver security awareness and training programs to employees.
  • Maintain documentation and evidence of compliance activities.

Reasons to use Rodeo

I’m in my final year doing Economics and I don’t know whether to apply for grad schemes now or do a masters first. What do you think?

Honest answer — it depends on where you want to end up. A lot of top grad schemes (Big 4, civil service, banking) don’t need a masters. Let’s look at the ones you’d be competitive for now, and we can decide if a masters actually adds anything.

Also worth knowing: most autumn 2026 applications are open now. Timing matters more than you think.

Start with a chat, not a search bar

Grad scheme, placement, apprenticeship? Not sure what you want yet — that's fine. Your agent talks it through with you and turns "I have no idea" into a shortlist.

P

Graduate Consultant — 2026 Scheme

PwC·London, UK
£35,000/yr

Why you're a good match

Strong

Your economics background and your summer at a regional bank line up with what PwC looks for on the consulting scheme. Applications close in four weeks.

See breakdown
Save jobNot relevant
View details

It searches the market for you

Every day your agent scans the market matching roles against what actually matters to you, not just keywords on a CV.

Why you're a good match

You’ve got the grades and the economics background, and your bank internship is exactly the experience this scheme looks for. Apply soon — deadlines close within the month.

See breakdown
Strong

Experience fit

Your summer at the bank plus your econometrics coursework map directly to the day-one responsibilities on this scheme — client modelling, market briefings, and deal support.

See breakdown
Strong

Only hits

No noise. No "maybe this fits." Just roles with a clear explanation of why they're right — and where to focus when applying.

Advocacy:

  • Articulating the need for information security and compliance.
  • Building strong stakeholders’ relationships across the business to enable effective communication and delivery of infosec objectives
  • Responsible for delivery of infosec controls which are effectively designed and implemented
  • Identify security gaps and work with stakeholders to clearly define remediation actions

Collaboration:

  • Provide guidance and support to business units on security-related matters.
  • Security awareness training. Managing courses, rollout, liaison with training team. Arranging phishing tests and metrics, providing remediation training in person to required employees
  • Management of information security steerco meeting. Taking minutes, organising meetings and actions. Supporting the committee in the role of secretary.
  • Supporting technology projects with security analysis on any proposed solutions & ensuring any risks are highlighted and addressed as part of the project
  • Liaise with stakeholders in relation to cyber security issues and provide future recommendations
  • Research and generate reports for both technical and non-technical staff and stakeholders
  • Give advice and guidance to staff on information security related issues
  • Defining and monitoring security policies and best practice standards

Technical Engagement & Supplier Oversight:

  • Develop and maintain a working understanding of British Land's security technology stack (e.g. SIEM, email security, DLP, endpoint, identity, vulnerability management) sufficient to engage credibly with the wider infosec team and IT
  • Critically review and challenge supplier technical proposals, architectures and security testing reports (e.g. SOC 2, penetration test reports) ensuring proportionate controls are in place
  • Provide informed input into security testing scope (e.g. Penetration testing, configuration reviews) and review remediation activity with suppliers
  • Support incident response and operational infosec activities as required, providing cover and acting as an all-round contributor in a small team

Technical Engagement & Supplier Oversight:

  • Maintain awareness of AI developments relevant to information security, including both the risks (e.g. Shadow AI, agentic systems, data exposure) and the opportunities (e.g. AI-assisted analysis, automation, threat detection).
  • Support the application of British Land's AI governance framework, including risk review of AI use cases
  • Identify and pilot opportunities to leverage AI capability within the infosec function to improve productivity, coverage, and effectiveness

About You

  • Strong written and oral communication skills
  • Passionate about information security and proactive in recommending ways to further improve our security posture
  • Enthusiastic, supportive team player
  • Strong Microsoft Office skills
  • Self-motivated problem solver
  • Strong time management and organisational skills
  • Pragmatic – making the best of the tools that we have and getting the best out of them. Recognise the balance between security and productivity
  • Understanding of information security risk management concepts
  • Experience of working collaboratively within an IT department
  • Technically curious – comfortable engaging with the wider infosec team on operational and technical topics, willing to learn and able to ask the right questions of suppliers and technical specialists
  • Genuine interest in AI and its application to information security
  • Comfortable with breadth over depth – happy operating across multiple disciplines in a small team rather than specialising narrowly

Get help with your application

Your very own career expert that helps elevate your application to the next level.

Get help applying for this job

Required Skills

  • Demonstrable experience in an information security role with significant exposure to GRC, alongside working knowledge of broader cyber security disciplines (e.g. Supplier assurance, security testing, incident response, security operations)
  • Experience of ISO 27001 ISMS implementation and management, and certification process (working with external and internal auditors)
  • Strong Microsoft 365 skills, including familiarity with enterprise security tooling
  • Risk management
  • Third party risk management software (such as SureCloud or OneTrust or similar)
  • Working understanding of common cyber security domains (e.g. Network security, endpoint protection, identity and access management, vulnerability management, security testing)

Preferred Skills

  • ISO 27001 or NIST framework experience
  • ISO 27005 risk management
  • SureCloud/GRC/alternatives
  • Exposure to AI governance frameworks (e.g. NIST AI RMF) or developing AI use-case risk assessments
  • Exposure to property technology would be a distinct advantage
  • Experience reviewing penetration test reports, SOC 2 reports, or supplier security architectures
  • Experience with security tooling such as SIEM, email security platforms or vulnerability scanning
  • Hands-on experience supporting incident response or security operations activities

Desirable Accreditations:

  • ISO 27001 lead auditor/implementer certification
  • ISO 27005 risk management
  • CISSP, CISM or equivalent
  • CompTIA Security+ or equivalent foundational technical certification
  • Experience of taking detailed minutes during senior or executive level meetings.

Our Shared Values

Our values are what we stand for at British Land, they’re not just a label on the door; they connect us every day to our vision, purpose, and strategy. They help us to promote an inclusive, positive, and collaborative culture. You can read more on our corporate website.

Bring Your Whole Self

Listen & Understand

Smarter Together

Build for the Future

Deliver at Pace

A Rewarding Place to Be

Our People – Just ask anyone why they love working here and they will tell you it’s the people. They’re highly talented, passionate, and collaborative! We thank our people with rewards that feel rewarding; you can review our market leading benefits here.

Our Recruitment Process

If you enjoy bringing your whole self to work, share our values and are excited about our purpose we’d love to hear from you! We are committed to providing an accessible and inclusive process learn more about our selection process here.

Please note that we endeavour to get back to all applicants within 28 days. If you haven’t heard from us within this period, please assume that you have been unsuccessful on this occasion.

Trusted by 25,000+ job seekers

“It took my CV and asked me questions relevant to understanding what kind of jobs to suggest for me. Suggestions were almost perfect. Jobs were exactly what I’ve been looking for.”

Jessica, London

Get help applying for this job

Skills

Information Security
Risk Management
Compliance
Cyber Security
Governance
Supplier Assurance
Security Testing
Incident Response
Security Operations
Microsoft 365
ISO 27001
NIST
AI Governance
Third Party Risk Management
Communication
Problem Solving

Location

London, England, United Kingdom

Sign up to applySee more jobs like this