Sign up to access all features of our service.
  • Job search
  • Favorites
  • Create a CV
    New
  • Salaries
  • Subscriptions

Information Security & Compliance Manager

£49 - £57.4 per hourEstimated
Full-time

Blue Matter is a rapidly growing strategic consulting firm serving clients in the life sciences industry. We partner with our clients to help them achieve commercial success across the lifecycle of their products, portfolios and organisations. Our project types include new product planning, launch strategy & planning, brand & life cycle planning and corporate & portfolio strategy, across a variety of specialty therapeutic areas. 

We have a unique entrepreneurial culture and invest in building Blue Matter to be one of the best places to work. We have a strong global presence with offices in the US (San Francisco, New York, Boston), Europe (London, Zurich, Netherlands), and India (Mumbai, Gurgaon, Pune).

 

Why this role exists

Our clients are among the most security- and privacy-conscious organizations in the world, and they trust us with highly sensitive commercial and scientific information. At the same time, our internal AI platform, BlueCortex , is becoming central to how we serve them — which raises both the stakes and the opportunity around how we govern data and technology.

As we grow, we need a dedicated owner for information security and compliance. This role sits in our Technology & Operations team and is based in the UK — giving us strong coverage of GDPR and UK GDPR obligations, alignment with European clients and subsidiaries, and time-zone support for our global team.

This is a hands-on, high-ownership role — not a tick-box function. You’ll build and run the firm’s security and compliance program end-to-end, and you’ll be the trusted point of contact when clients ask how we protect their data. It’s ideal for someone who wants to shape a program in a fast-moving, AI-forward consultancy rather than maintain one that already exists.

 

What you’ll do

Security governance and strategy
  • Own and run Blue Matter’s information security program end-to-end, including for BlueCortex.
  • Define, maintain, and operationalize security policies, standards, and procedures, and keep them current as the firm scales.
  • Maintain the risk register, run regular risk assessments, and drive remediation to closure.
  • Report on security and compliance posture to leadership in clear, business-oriented terms.
Compliance and certifications
  • Drive certification and attestation efforts (e.g., ISO 27001 and/or SOC 2): design and maintain the control framework, own the documentation and evidence, and lead internal and external audits.
  • Build a sustainable, “always-audit-ready” approach rather than a once-a-year scramble.
  • Track relevant regulatory and framework developments and translate them into practical action.
Data protection and privacy
  • Lead data protection under GDPR and UK GDPR; act as, or closely support, our Data Protection function.
  • Maintain records of processing (RoPA), conduct Data Protection Impact Assessments (DPIAs), and own data-handling, retention, and minimization policies.
  • Manage data subject requests and any personal-data incidents, including regulator and individual notifications where required.
  • Oversee data transfer mechanisms and data residency considerations across our global footprint and subsidiaries.
Client security assurance
  • Own the response to client security due-diligence: complete security questionnaires and assessments from biopharma and medtech clients accurately and on time.
  • Support commercial and contractual discussions on security, privacy, and data processing terms (e.g., DPAs).
  • Maintain a library of reusable security documentation, certifications, and answers to accelerate client reviews.
Microsoft 365 security operations
  • Secure and govern our Microsoft 365 environment — Entra ID, Microsoft Defender, Microsoft Purview, and Intune.
  • Own identity and access management: conditional access, MFA, privileged access, joiner/mover/leaver processes, and least-privilege enforcement.
  • Implement and tune data loss prevention (DLP), information protection/labelling, and device compliance.
  • Partner with IT on secure configuration, patching, and endpoint hardening.
Third-party and vendor risk
  • Run third-party and vendor risk management across our supply chain, including security review of new tools and AI/SaaS vendors.
  • Maintain an inventory of vendors and their data access, and reassess risk on a regular cadence.
Incident response and investigations
  • Own the incident response plan; lead detection, triage, investigation, containment, and post-incident review.
  • Investigate security events (for example, analysing Entra ID sign-in and audit logs), and produce clear, actionable incident reports.
  • Run tabletop exercises so the firm is prepared before an incident happens.
Security awareness and culture
  • Build and deliver security awareness training and phishing simulations.
  • Make security approachable and practical so the whole firm becomes a partner in protecting client data.


What success looks like

  • First 90 days: You’ve assessed our current posture, identified the highest-priority risks and gaps, and built a clear, prioritized roadmap. You’re already the point person for client security questionnaires.
  • First 6 months: Core policies are in place and adopted, the M365 security stack is meaningfully hardened, vendor risk and incident response processes are operating, and certification/attestation work is underway with a credible plan.
  • First year: The firm has a mature, sustainable security and compliance program; a defensible data-protection posture under GDPR/UK GDPR; and a smoother, faster client security-review process.


What you’ll bring

Required
  • 5+ years of experience in information security and/or GRC, ideally in an environment that handles sensitive client data (regulated industries, professional services, SaaS, or similar).
  • Strong, practical knowledge of GDPR and UK GDPR and day-to-day data protection.
  • Hands-on experience with ISO 27001 and/or SOC 2 implementation and audits.
  • Working familiarity with the Microsoft security stack (Entra ID, Defender, Purview, Intune).
  • Experience responding to client/customer security assessments and questionnaires.
  • One or more relevant certifications — for example CISSP, CISM, CISA, CRISC, ISO 27001 Lead Implementer/Auditor, CIPP/E, or CIPM — or equivalent demonstrable experience.
  • Based in the UK with the right to work, and comfortable supporting a globally distributed team across time zones.
  • Excellent written and verbal communication: you can translate security and risk into plain business language for leadership, clients, and colleagues.
Strongly preferred
  • Experience standing up or maturing a security/compliance program (not only operating an established one).
  • Familiarity with EU and UK regulatory developments such as NIS2 and DORA.
  • Experience managing third-party/vendor risk for SaaS and AI tooling.
Nice to have
  • Exposure to life sciences or pharma, and awareness of GxP, GDP, or healthcare data considerations (e.g., HIPAA for US-facing work).
  • Experience establishing data-protection or data-risk practices.
  • Experience supporting M&A or subsidiary integration from a security and compliance perspective.


Who thrives here

  • Builders who want to own a program and shape it, not just keep the lights on.
  • Pragmatic risk managers who right-size controls to the business instead of defaulting to maximum friction.
  • Clear communicators who can earn trust with clients, leadership, and engineers alike.
  • People genuinely interested in the security and governance challenges of a modern, AI-forward firm.


How we work

A small, capable Technology & Operations team with real ownership and direct access to leadership. You’ll have the autonomy to build the program the right way — and the visibility that comes with being the firm’s security and compliance lead. This is a remote/hybrid role based in the UK with occasional travel for team collaboration.

Vacancy posted 6 days ago
Similar jobs that could be interesting for youBased on the Information Security & Compliance Manager in London vacancy
  • £65k - £80k per annum

    Role Description This is a full-time hybrid role for an Information Security Manager with 2nd and 3rd Line IT support experience. The role involves...  ..., implementing network security measures, and ensuring compliance with industry standards. The Information Security Manager... 
    Suggested
    Full-time
    Hybrid working
    On-site
    Remote

    Nexus Jobs Limited

    London
    11 days ago
  • £80k - £85k per annum

     ...Information Security Manager (GRC-Focused) We’re partnered exclusively with one of our London based financial services clients in their search...  .... You’ll lead policies, frameworks, risk management and compliance, while working closely with engineering and architecture teams... 
    Suggested
    Permanent

    Trust In SODA

    London
    2 days ago
  • £60k - £75k per annum

    Information Security Manager Role Description This is a full-time role as an Information Security Manager for Bank in Central London. The Information Security Manager will be responsible for day-to-day tasks related to information security management, including implementing... 
    Suggested
    Permanent
    Full-time
    Hybrid working
    On-site
    Remote

    Nexus Jobs Limited

    London
    11 days ago
  • £58k - £76k per annumEstimated
     ...London news: Your New Job Title: Mandarin speaking Information Security Manager (Banking) The Skills You'll Need: Fluent in Mandarin and...  ...of IT security controls, and supports regulatory compliance and operational resilience. What You'll be Doing Each Day... 
    Suggested
    Permanent
    Fixed-term contract
    On-site

    People First Recruitment

    Central London
    a month ago
  • £52k - £67k per annumEstimated
     ...specific departments or processes to ensure compliance with funding rules. Lead "Mock Audit"...  ...to "prep" their evidence. Project Management: Lead and support cross-functional improvement...  ...with data backed confidence to drive informed, top-down decision making. Project... 
    Suggested
    Long-term contract
    Full-time
    Apprenticeship
    Seasonal
    Hybrid working
    On-site
    Weekend work

    Multiverse

    London
    7 days ago
  • *Interim Role- min 9 months *Competitive Rate Senior IT Security Manager We’re looking for an experienced Senior IT Security Manager to take ownership of IT security, compliance, infrastructure operations, and day‑to‑day IT support across a fast‑moving, modern SaaS... 
    Long-term contract
    Interim

    Positiv+ Cohort

    London
    12 days ago
  • £78k - £104k per annumEstimated
     ...to team leadership and key stakeholders. Support lifecycle management activities , including new indications, formulation changes, manufacturing...  ..., ancestry, ethnicity, disability, veteran status, genetic information, sexual orientation, marital status, or any characteristic... 
    Full-time
    Hybrid working
    Remote
    5 days/week

    Vertex Pharmaceuticals

    London
    4 days ago
  • £93k - £120k per annumEstimated
     ...We’re searching for a Global Chief Information Security Officer (CISO) to join our Technology...  ...standards Direct and mature global risk, compliance, and governance programs (HIPAA, GDPR,...  ...intelligence, and vulnerability management to improve detection and response capability... 
    Long-term contract
    Hybrid working

    RLDatix

    London
    25 days ago
  • £55k - £73k per annumEstimated
     ...global alternative investment management firm focused on pursuing...  ...the FTSE 250 Index. Further information can be found At Man Group...  ...designed to provide for the security and integrity of your Personal...  ...governance, operational, and compliance requirements that come with itith... 
    Long-term contract
    Full-time
    Hybrid working
    Flexible hours

    Man Group

    London
    13 days ago
  • £67k - £86k per annumEstimated
     ...ones that enable our growth. The Cyber Security Manager is responsible for developing, implementing...  ...from cyber threats. This role ensures compliance with security standards, leads incident...  .... Experience in cybersecurity or information security roles. Excellent communication... 
    Permanent
    Hybrid working
    On-site
    Work from home
    Flexible hours

    WHSmith

    Aldgate, Greater London
    2 days ago
  • £47k - £62k per annumEstimated
     ...banks, hedge funds and asset managers. With more than 40 offices worldwide...  ...the Americas. For more information visit Position Reference:...  ..., scalability and security for the business. Technology...  ...Report any breaches of policy to Compliance and/ or your supervisor as required... 
    Full-time
    Immediate start

    Marex

    London
    4 days ago
  • £53k - £70k per annumEstimated
     ...deliver best-in-class advisory services in accounting, risk, cyber security, technology, and business transformation.  We pride ourselves...  ...Audit Committees and Board of Directors  Build risk management practices for clients, including policies, procedures, Risk Register... 
    Flexible hours

    CFGI

    London
    more than 2 months ago
  • £84k - £112k per annumEstimated
     ...Job Title: Cyber Threat Intelligence Manager - EMEA Corporate Title:  Up to Senior Vice...  ...continuously strengthen the organisation’s cyber security posture through research, intelligence,...  ...The role will work closely with Global Information Security operational and technical teams... 
    Long-term contract
    On-site
    Flexible hours

    Bank of America Corporation

    London
    10 days ago
  • £29k - £38k per annumEstimated
     ...Job Description Role: Zero Trust Security Lead Career Level: Senior Manager Location: London Travel/Mobility Requirement: Flexibility to travel...  ...be found. #LI-EU Locations London Additional Information Equal Employment Opportunity Statement All... 
    Full-time

    Accenture

    London
    more than 2 months ago
  • £69k - £91k per annumEstimated
     ...Job Description Role: OT Cyber Security Senior Manager Location: UK Level: Senior Manager...  ...point of application. Note: The above information relates to a specific client...  ...workshops using industry frameworks and compliance mandates Identify and articulate risks... 
    Full-time
    Hybrid working
    On-site

    Accenture

    London
    10 days ago
  • £72k - £94k per annumEstimated
     ...Description Role: Quantum Security & Sovereign Lead Location:...  ...jurisdictional control, and regulatory compliance. ~ Advise onsovereign...  ...cryptography, key management, and enterprise security architecture...  ...London Additional Information Equal Employment Opportunity... 
    Full-time
    Hybrid working

    Accenture

    London
    more than 2 months ago
  • £35k - £40k per annum

     ...financial services organisation, is seeking an Information Security Officer to support the ongoing development and management of its Information Security and Cyber Security...  ...maturity framework. Security Governance & Compliance Coordinate security assessments, including... 
    Permanent
    Flexible hours
    Harrow, Greater London
    10 days ago
  • £75k - £85k per annum

    IT Security Manager Our Client is a large international organisation who are looking to recruit...  ...them to maintain and improve their information security maturity. To work collaboratively...  ..., including legal and regulatory compliance Advise Company Corporate functions on... 
    Full-time
    On-site

    Nexus Jobs Limited

    London
    11 days ago
  • £53k - £70k per annumEstimated
     ...Information Security Officer Location: London Department: Risk and Compliance Reporting to: Head of Risk and Compliance ABOUT NEXGEN CLOUD: NexGen Cloud is...  ...and Compliance to embed security by design Manage third-party security risk and vendor assessments... 
    Hybrid working
    Remote
    Flexible hours

    NexGen Cloud

    London
    23 days ago
  • £56k - £71k per annumEstimated
     ...About the role Sitting in our 2 nd Line Function, the Information Security Officer (ISO)  plays a pivotal role in help ing the bank achieve...  ...Information Security,  IT,  Operational Resilience and the management, storage and use of data , will provide independent... 
    Full-time
    Flexible hours

    recognisebank

    London
    2 days ago
  • £80k per annum

     ...We’re looking for an SSES Cyber Security Lead to join the Information Security team at Elexon on a permanent basis. In this role, you’ll act as...  ...Security leadership roles Strong knowledge of Cyber Risk Management frameworks and Security Architecture approaches... 
    Permanent
    Hybrid working
    On-site

    Elexon

    London
    8 days ago
  • £53.69k per annum

     ...shaping and embedding a strong security culture in cyber, physical...  ...reduce human-related risk in compliance with regulatory and customer...  ...awareness, knowledge, and skills to manage security risks in alignment...  ...resources to keep colleagues informed, engaged and mitigate risk of... 
    Permanent
    Hybrid working
    Work from home
    Flexible hours

    National Physical Laboratory

    Teddington, Greater London
    4 days ago
  •  ...our mission. About The Role Security is foundational to the trust that...  ...cloud infrastructure, identity management, and application security are genuinely...  ...sensitive patient and clinician information we steward. Governance, risk & compliance: Maturing Doctify's security... 
    Hybrid working
    On-site
    Remote
    Shift work

    Doctify

    London
    3 days ago
  • £85k - £95k per annum

    Head of IT Infrastructure and Security In summary we are looking to recruit an all-...  ...Infrastructure coupled with Security, Compliance & Risk Management You must have upwards of 10 years hands...  ...& Decision-Making: Capable of making informed decisions and resolving complex IT... 
    Full-time
    Hybrid working
    On-site

    Nexus Jobs Limited

    London
    11 days ago
  • £79k - £101k per annumEstimated
    One of our leading UK firms is looking for a Data/Cyber Associate at the 2 – 5 PQE level. Candidates must have experience of advising on EU and UK digital regulation specifically from the data, privacy and AI side. The team need an individual who has experience advising on ...

    SSQ

    London
    4 days ago
  •  .... KEY RESPONSIBILITIES Compliance Monitoring & Assurance Design...  ...design and proportional risk management. Enhance the monitoring...  ...identify emerging risks and inform monitoring priorities. KNOWLEDGE...  ...care voucher. Financial Security and Reward: We offer an... 
    Visa sponsorship
    On-site
    Work from home
    Flexible hours

    Homeprotect

    New Malden, Greater London
    more than 2 months ago
  • £61k - £77k per annumEstimated
     ...offer a best-in-class business credit card, SME-focused spend management platform, a savings product that hit £1 billion in funds within...  ...with a minimum of 3 days a week in our London office. Risk & Compliance at Capital on Tap The Risk & Compliance team is the second line... 
    Hybrid working
    On-site

    Capital on Tap

    London
    3 days ago
  • €50k - €70k per annum

     ...and high value-added services, with a strong focus on regulatory compliance and operational efficiency.   The Role As a Senior...  ...specifications · Analyze existing regulatory processes (submission management, labelling, safety, clinical) to identify inefficiencies, risks... 
    Permanent
    Full-time
    Hybrid working
    Remote
    Flexible hours

    CPL TAYLOR by Synergos srl - Ricerca e Selezione Personale Q...

    London
    more than 2 months ago
  • £60k - £79k per annumEstimated
     ...and work across the business to ensure compliance is always in step with innovation.We're...  ...looking for an experienced Regulatory Affairs Manager to focus on financial crime related...  ...driving financial crime related requests for information from UK regulators, particularly in... 
    Permanent
    Full-time
    Remote
    Stratford, Greater London
    12 days ago
  • £75k - £101k per annumEstimated
     ...Dwelly Dwelly — a UK-based, AI-enabled lettings and property management platform, that is growing through a roll-up strategy acquiring...  ...operations. Position summary  We are looking for an experienced compliance professional to manage and run day-to-day compliance... 
    Long-term contract
    Live-in
    Hybrid working
    On-site
    1 day/week

    Dwelly

    London
    4 days ago

Do you want to receive more vacancies?

Subscribe and receive similar vacancies to Information Security & Compliance Manager. Be the first to apply!