Information Security Assurance Manager

Application Deadline: 6 February 2026

Department: Office of the CIO

Location: Newquay, Cornwall, UK

The Information Security Assurance Manager is responsible for maintaining and maturing the university’s Information Security Management System (ISMS) in alignment with ISO/IEC 27001:2022 and related standards, such as ISO 9001, ISO 27005 and ISO 31000. The role oversees the effective operation and continual improvement of the ISMS, including the expansion of its scope across additional faculties, services, and operational areas where appropriate, with an ultimate goal of implementing an integrated management system for the university.

The postholder will lead a team, providing expert guidance on information security governance, risk management, compliance, and assurance, while working closely with university stakeholders to embed robust security practices.

This role is based within the IT Assurance team at King’s Service Centre in Cornwall, however, there will be some need to travel to the London campuses.

• Maintain, continually improve, and expand the university’s ISO 27001 certification.
• Chair management review meetings and maintain the continual improvement log, ensuring all actions are logged, prioritised, and appropriately progressed.
• Conduct fieldwork for internal audits, working from the annual plan, to keep the timescales for completion on track.
• Create and present reports to the relevant management teams following audits, including recommendations for improvements where necessary.
• Contribute to the improvement of information security culture across the university by building relationships and supporting best practice through recommendations.
• Be the main point of contact for surveillance and certification audits of the ISMS.
• Work towards an integrated management system, incorporating other ISO standards and best practice as appropriate.

The above list of responsibilities is not exhaustive, and the post holder will be required to undertake such tasks and responsibilities as may be reasonable expected within the scope and grading of this post.

The role holder will have in-depth knowledge of information security management systems (ISMS), including their design, implementation, operation, and continual improvement, ideally within a complex higher education environment. They will demonstrate a strong understanding of relevant international standards, particularly ISO/IEC 27001:2022, ISO/IEC 27002:2022, and ISO/IEC 27005:2022, and how these can be applied pragmatically to support institutional governance, assurance, and risk management while enabling teaching, research, and professional services activity.

Professional information security certifications, such as ISO/IEC 27001 Lead Implementer or Lead Auditor, CISSP, CISM, or an equivalent qualification will be held, and they will have demonstrable experience of expanding the scope of an ISMS or implementing security frameworks across diverse operational, academic, or research environments. Familiarity with data protection requirements, research security considerations, and third-party assurance activities is desirable, including the ability to assess and manage supplier and partner risk.

In addition to strong technical and professional expertise, the postholder will be highly organised, thorough, and attentive to detail, with the ability to work independently and exercise sound professional judgement. They must be an effective communicator, capable of engaging confidently with staff at all levels, including influencing and negotiating outcomes with senior management. A well-developed understanding of risk management is essential, including a practical appreciation of risk appetite and the ability to apply it proportionately to support informed decision-making.

• Strong understanding of information security standards and frameworks, particularly ISO/IEC 27001:2022.
• Practical experience of security assurance activities, including internal audits, control assessments, and risk management.
• Strong understanding of information security risk assessment methodologies and treatment planning.
• Experience leading, managing, and developing a small professional team, with the ability to set clear objectives, manage performance, and support professional development.
• Proven ability to work effectively with a wide range of stakeholders, including senior leaders, technical teams, and non-technical staff.
• Strong written and verbal communication skills, with the ability to explain security concepts clearly and pragmatically.
• Ability to manage multiple workstreams, priorities, and deadlines effectively.

• Experience or detailed understanding of the UK Higher Education system.
• Understanding of service management practices, in particular ITIL4.
• Experience or knowledge of disaster recovery and business continuity planning and scenario testing.
• Experience or knowledge of ISO 9001 Quality Management Systems Standard.
• Experience or knowledge of ISO 31000 Risk Management Standard.
• Experience of budget management.

• Hybrid Working - Minimum of 5 days per month in the office
• 10% Performance related bonus
• 30 Days holiday and maximum of 8 public holidays (pro-rata)
• Sick pay
• 4 Discretionary Christmas Closure Days
• Contributory pension scheme
• Life Assurance cover
• Service time - 3 Volunteer days per year
• Free onsite parking & Bike racks
• Annual leave purchase scheme - up to a maximum of 10 days (subject to national minimum wage requirements)
• Student Discount (access to Totum, Unidays & Student Beans)
• CycleScheme
• TechScheme
• Opportunities for formal training and professional certification
• Free access to Linkedin Learning
• Free access to Future Learn short courses
• Potential for internal promotion and advancement

We are an inclusive and welcoming employer that encourages a wide range of applicants. We embrace diversity and want everyone to be able to bring their whole selves to work and succeed.

This is in line with King's College London (KCL).