Blue Matter is a rapidly growing strategic consulting firm serving clients in the life sciences industry. We partner with our clients to help them achieve commercial success across the lifecycle of their products, portfolios and organisations. Our project types include new product planning, launch strategy & planning, brand & life cycle planning and corporate & portfolio strategy, across a variety of specialty therapeutic areas.
We have a unique entrepreneurial culture and invest in building Blue Matter to be one of the best places to work. We have a strong global presence with offices in the US (San Francisco, New York, Boston), Europe (London, Zurich, Netherlands), and India (Mumbai, Gurgaon, Pune).Why this role exists
Our clients are among the most security- and privacy-conscious organizations in the world, and they trust us with highly sensitive commercial and scientific information. At the same time, our internal AI platform, BlueCortex , is becoming central to how we serve them — which raises both the stakes and the opportunity around how we govern data and technology. As we grow, we need a dedicated owner for information security and compliance. This role sits in our Technology & Operations team and is based in the UK — giving us strong coverage of GDPR and UK GDPR obligations, alignment with European clients and subsidiaries, and time-zone support for our global team. This is a hands-on, high-ownership role — not a tick-box function. You’ll build and run the firm’s security and compliance program end-to-end, and you’ll be the trusted point of contact when clients ask how we protect their data. It’s ideal for someone who wants to shape a program in a fast-moving, AI-forward consultancy rather than maintain one that already exists.What you’ll do
Security governance and strategy- Own and run Blue Matter’s information security program end-to-end, including for BlueCortex.
- Define, maintain, and operationalize security policies, standards, and procedures, and keep them current as the firm scales.
- Maintain the risk register, run regular risk assessments, and drive remediation to closure.
- Report on security and compliance posture to leadership in clear, business-oriented terms.
- Drive certification and attestation efforts (e.g., ISO 27001 and/or SOC 2): design and maintain the control framework, own the documentation and evidence, and lead internal and external audits.
- Build a sustainable, “always-audit-ready” approach rather than a once-a-year scramble.
- Track relevant regulatory and framework developments and translate them into practical action.
- Lead data protection under GDPR and UK GDPR; act as, or closely support, our Data Protection function.
- Maintain records of processing (RoPA), conduct Data Protection Impact Assessments (DPIAs), and own data-handling, retention, and minimization policies.
- Manage data subject requests and any personal-data incidents, including regulator and individual notifications where required.
- Oversee data transfer mechanisms and data residency considerations across our global footprint and subsidiaries.
- Own the response to client security due-diligence: complete security questionnaires and assessments from biopharma and medtech clients accurately and on time.
- Support commercial and contractual discussions on security, privacy, and data processing terms (e.g., DPAs).
- Maintain a library of reusable security documentation, certifications, and answers to accelerate client reviews.
- Secure and govern our Microsoft 365 environment — Entra ID, Microsoft Defender, Microsoft Purview, and Intune.
- Own identity and access management: conditional access, MFA, privileged access, joiner/mover/leaver processes, and least-privilege enforcement.
- Implement and tune data loss prevention (DLP), information protection/labelling, and device compliance.
- Partner with IT on secure configuration, patching, and endpoint hardening.
- Run third-party and vendor risk management across our supply chain, including security review of new tools and AI/SaaS vendors.
- Maintain an inventory of vendors and their data access, and reassess risk on a regular cadence.
- Own the incident response plan; lead detection, triage, investigation, containment, and post-incident review.
- Investigate security events (for example, analysing Entra ID sign-in and audit logs), and produce clear, actionable incident reports.
- Run tabletop exercises so the firm is prepared before an incident happens.
- Build and deliver security awareness training and phishing simulations.
- Make security approachable and practical so the whole firm becomes a partner in protecting client data.
What success looks like
- First 90 days: You’ve assessed our current posture, identified the highest-priority risks and gaps, and built a clear, prioritized roadmap. You’re already the point person for client security questionnaires.
- First 6 months: Core policies are in place and adopted, the M365 security stack is meaningfully hardened, vendor risk and incident response processes are operating, and certification/attestation work is underway with a credible plan.
- First year: The firm has a mature, sustainable security and compliance program; a defensible data-protection posture under GDPR/UK GDPR; and a smoother, faster client security-review process.
What you’ll bring
- 5+ years of experience in information security and/or GRC, ideally in an environment that handles sensitive client data (regulated industries, professional services, SaaS, or similar).
- Strong, practical knowledge of GDPR and UK GDPR and day-to-day data protection.
- Hands-on experience with ISO 27001 and/or SOC 2 implementation and audits.
- Working familiarity with the Microsoft security stack (Entra ID, Defender, Purview, Intune).
- Experience responding to client/customer security assessments and questionnaires.
- One or more relevant certifications — for example CISSP, CISM, CISA, CRISC, ISO 27001 Lead Implementer/Auditor, CIPP/E, or CIPM — or equivalent demonstrable experience.
- Based in the UK with the right to work, and comfortable supporting a globally distributed team across time zones.
- Excellent written and verbal communication: you can translate security and risk into plain business language for leadership, clients, and colleagues.
- Experience standing up or maturing a security/compliance program (not only operating an established one).
- Familiarity with EU and UK regulatory developments such as NIS2 and DORA.
- Experience managing third-party/vendor risk for SaaS and AI tooling.
- Exposure to life sciences or pharma, and awareness of GxP, GDP, or healthcare data considerations (e.g., HIPAA for US-facing work).
- Experience establishing data-protection or data-risk practices.
- Experience supporting M&A or subsidiary integration from a security and compliance perspective.
Who thrives here
- Builders who want to own a program and shape it, not just keep the lights on.
- Pragmatic risk managers who right-size controls to the business instead of defaulting to maximum friction.
- Clear communicators who can earn trust with clients, leadership, and engineers alike.
- People genuinely interested in the security and governance challenges of a modern, AI-forward firm.
How we work
£65k - £80k per annum
Role Description This is a full-time hybrid role for an Information Security Manager with 2nd and 3rd Line IT support experience. The role involves... ..., implementing network security measures, and ensuring compliance with industry standards. The Information Security Manager...SuggestedFull-timeHybrid workingOn-siteRemote£80k - £85k per annum
...Information Security Manager (GRC-Focused) We’re partnered exclusively with one of our London based financial services clients in their search... .... You’ll lead policies, frameworks, risk management and compliance, while working closely with engineering and architecture teams...SuggestedPermanent£60k - £75k per annum
Information Security Manager Role Description This is a full-time role as an Information Security Manager for Bank in Central London. The Information Security Manager will be responsible for day-to-day tasks related to information security management, including implementing...SuggestedPermanentFull-timeHybrid workingOn-siteRemote- £58k - £76k per annumEstimated...London news: Your New Job Title: Mandarin speaking Information Security Manager (Banking) The Skills You'll Need: Fluent in Mandarin and... ...of IT security controls, and supports regulatory compliance and operational resilience. What You'll be Doing Each Day...SuggestedPermanentFixed-term contractOn-site
- £52k - £67k per annumEstimated...specific departments or processes to ensure compliance with funding rules. Lead "Mock Audit"... ...to "prep" their evidence. Project Management: Lead and support cross-functional improvement... ...with data backed confidence to drive informed, top-down decision making. Project...SuggestedLong-term contractFull-timeApprenticeshipSeasonalHybrid workingOn-siteWeekend work
- *Interim Role- min 9 months *Competitive Rate Senior IT Security Manager We’re looking for an experienced Senior IT Security Manager to take ownership of IT security, compliance, infrastructure operations, and day‑to‑day IT support across a fast‑moving, modern SaaS...Long-term contractInterim
- £78k - £104k per annumEstimated...to team leadership and key stakeholders. Support lifecycle management activities , including new indications, formulation changes, manufacturing... ..., ancestry, ethnicity, disability, veteran status, genetic information, sexual orientation, marital status, or any characteristic...Full-timeHybrid workingRemote5 days/week
- £93k - £120k per annumEstimated...We’re searching for a Global Chief Information Security Officer (CISO) to join our Technology... ...standards Direct and mature global risk, compliance, and governance programs (HIPAA, GDPR,... ...intelligence, and vulnerability management to improve detection and response capability...Long-term contractHybrid working
- £55k - £73k per annumEstimated...global alternative investment management firm focused on pursuing... ...the FTSE 250 Index. Further information can be found At Man Group... ...designed to provide for the security and integrity of your Personal... ...governance, operational, and compliance requirements that come with itith...Long-term contractFull-timeHybrid workingFlexible hours
- £67k - £86k per annumEstimated...ones that enable our growth. The Cyber Security Manager is responsible for developing, implementing... ...from cyber threats. This role ensures compliance with security standards, leads incident... .... Experience in cybersecurity or information security roles. Excellent communication...PermanentHybrid workingOn-siteWork from homeFlexible hours
- £47k - £62k per annumEstimated...banks, hedge funds and asset managers. With more than 40 offices worldwide... ...the Americas. For more information visit Position Reference:... ..., scalability and security for the business. Technology... ...Report any breaches of policy to Compliance and/ or your supervisor as required...Full-timeImmediate start
- £53k - £70k per annumEstimated...deliver best-in-class advisory services in accounting, risk, cyber security, technology, and business transformation. We pride ourselves... ...Audit Committees and Board of Directors Build risk management practices for clients, including policies, procedures, Risk Register...Flexible hours
- £84k - £112k per annumEstimated...Job Title: Cyber Threat Intelligence Manager - EMEA Corporate Title: Up to Senior Vice... ...continuously strengthen the organisation’s cyber security posture through research, intelligence,... ...The role will work closely with Global Information Security operational and technical teams...Long-term contractOn-siteFlexible hours
- £29k - £38k per annumEstimated...Job Description Role: Zero Trust Security Lead Career Level: Senior Manager Location: London Travel/Mobility Requirement: Flexibility to travel... ...be found. #LI-EU Locations London Additional Information Equal Employment Opportunity Statement All...Full-time
- £69k - £91k per annumEstimated...Job Description Role: OT Cyber Security Senior Manager Location: UK Level: Senior Manager... ...point of application. Note: The above information relates to a specific client... ...workshops using industry frameworks and compliance mandates Identify and articulate risks...Full-timeHybrid workingOn-site
- £72k - £94k per annumEstimated...Description Role: Quantum Security & Sovereign Lead Location:... ...jurisdictional control, and regulatory compliance. ~ Advise onsovereign... ...cryptography, key management, and enterprise security architecture... ...London Additional Information Equal Employment Opportunity...Full-timeHybrid working
£35k - £40k per annum
...financial services organisation, is seeking an Information Security Officer to support the ongoing development and management of its Information Security and Cyber Security... ...maturity framework. Security Governance & Compliance Coordinate security assessments, including...PermanentFlexible hours£75k - £85k per annum
IT Security Manager Our Client is a large international organisation who are looking to recruit... ...them to maintain and improve their information security maturity. To work collaboratively... ..., including legal and regulatory compliance Advise Company Corporate functions on...Full-timeOn-site- £53k - £70k per annumEstimated...Information Security Officer Location: London Department: Risk and Compliance Reporting to: Head of Risk and Compliance ABOUT NEXGEN CLOUD: NexGen Cloud is... ...and Compliance to embed security by design Manage third-party security risk and vendor assessments...Hybrid workingRemoteFlexible hours
- £56k - £71k per annumEstimated...About the role Sitting in our 2 nd Line Function, the Information Security Officer (ISO) plays a pivotal role in help ing the bank achieve... ...Information Security, IT, Operational Resilience and the management, storage and use of data , will provide independent...Full-timeFlexible hours
£80k per annum
...We’re looking for an SSES Cyber Security Lead to join the Information Security team at Elexon on a permanent basis. In this role, you’ll act as... ...Security leadership roles Strong knowledge of Cyber Risk Management frameworks and Security Architecture approaches...PermanentHybrid workingOn-site£53.69k per annum
...shaping and embedding a strong security culture in cyber, physical... ...reduce human-related risk in compliance with regulatory and customer... ...awareness, knowledge, and skills to manage security risks in alignment... ...resources to keep colleagues informed, engaged and mitigate risk of...PermanentHybrid workingWork from homeFlexible hours- ...our mission. About The Role Security is foundational to the trust that... ...cloud infrastructure, identity management, and application security are genuinely... ...sensitive patient and clinician information we steward. Governance, risk & compliance: Maturing Doctify's security...Hybrid workingOn-siteRemoteShift work
£85k - £95k per annum
Head of IT Infrastructure and Security In summary we are looking to recruit an all-... ...Infrastructure coupled with Security, Compliance & Risk Management You must have upwards of 10 years hands... ...& Decision-Making: Capable of making informed decisions and resolving complex IT...Full-timeHybrid workingOn-site- £79k - £101k per annumEstimatedOne of our leading UK firms is looking for a Data/Cyber Associate at the 2 – 5 PQE level. Candidates must have experience of advising on EU and UK digital regulation specifically from the data, privacy and AI side. The team need an individual who has experience advising on ...
- .... KEY RESPONSIBILITIES Compliance Monitoring & Assurance Design... ...design and proportional risk management. Enhance the monitoring... ...identify emerging risks and inform monitoring priorities. KNOWLEDGE... ...care voucher. Financial Security and Reward: We offer an...Visa sponsorshipOn-siteWork from homeFlexible hours
- £61k - £77k per annumEstimated...offer a best-in-class business credit card, SME-focused spend management platform, a savings product that hit £1 billion in funds within... ...with a minimum of 3 days a week in our London office. Risk & Compliance at Capital on Tap The Risk & Compliance team is the second line...Hybrid workingOn-site
€50k - €70k per annum
...and high value-added services, with a strong focus on regulatory compliance and operational efficiency. The Role As a Senior... ...specifications · Analyze existing regulatory processes (submission management, labelling, safety, clinical) to identify inefficiencies, risks...PermanentFull-timeHybrid workingRemoteFlexible hours- £60k - £79k per annumEstimated...and work across the business to ensure compliance is always in step with innovation.We're... ...looking for an experienced Regulatory Affairs Manager to focus on financial crime related... ...driving financial crime related requests for information from UK regulators, particularly in...PermanentFull-timeRemote
- £75k - £101k per annumEstimated...Dwelly Dwelly — a UK-based, AI-enabled lettings and property management platform, that is growing through a roll-up strategy acquiring... ...operations. Position summary We are looking for an experienced compliance professional to manage and run day-to-day compliance...Long-term contractLive-inHybrid workingOn-site1 day/week
Do you want to receive more vacancies?
Subscribe and receive similar vacancies to Information Security & Compliance Manager. Be the first to apply!
- information security manager London
- IT security manager London
- regulatory reporting manager London
- senior director regulatory affairs London
- regulatory senior manager at kpmg London
- quality and compliance manager London
- compliance monitoring manager London
- control compliance manager London
- regulatory affairs associate director London
- regulatory manager London
