Information Security Manager

About the role

HICX is a leading worldwide provider of enterprise SaaS solutions for digital supplier management. Learn more about HICX . HICX helps Global 5000 companies to organize and manage their supplier data. The HICX Supplier Management platform enables businesses with thousands of suppliers to efficiently on-board and manage the end-to-end lifecycle of all suppliers, and to find, re-use and maintain supplier data and information across any spreadsheet, app or system. High quality supplier data is essential to digital transformation and the key to becoming customer of choice for all suppliers. Some of the world's largest companies, in a wide range of industries, trust HICX for the management of their supplier data; these include Unilever, Lenovo, Mars, Mondelez, Baker Hughes and EDF Energy. Role Description We are hiring for a Information Security Manager to manage our internal IT function reporting to the CFO, or such other person as the Company may appoint from time to time. Security Strategy & Compliance Set up and drive the overall information security strategy. Own the ISMS standards and their adoption, ensuring compliance with company and external requirements including SOC 2 and ISO 27001. Organise and manage ISMS-related scheduled activities and drive continuous improvement of the ISMS. Contribute to security architecture and design decisions. Oversee security tooling such as EDR, SIEM, MFA, password managers, device management, and access review processes. Incident & Escalation Management Act as the primary escalation point, during and outside business hours, for all major security-related incidents and events (as set out in the Out-of-Hours Major Security Incident process). Coordinate and manage corrective actions and responses to security incidents. Governance, Risk & Audit Own security documentation, including policies, standards, exceptions, risk registers, and control evidence. Oversee the internal risk-assessment and audit programme, supporting internal and external audits, remediating findings, and tracking control improvements to closure. Support vendor and supplier risk management, including due diligence, sub-processor oversight, and security assessments. Own the access control process, validate and audit access across divisions and functions. Provide management reporting on risk posture, incidents, audit status, metrics, service trends, and improvement plans. Work with engineering, DevOps, HR, and customer facing teams to embed controls into everyday processes. Drive ongoing security governance improvements. Data Privacy Address data privacy and data protection concerns, and manage responses to customer data privacy requests. Act as Data Protection Officer (DPO) for the organisation if and as required. Policy, Awareness & Customer Assurance Help enforce security policies, building adoption, embedding them in the company culture, and introducing regular checks on departmental compliance. Own and deliver security awareness training and campaigns to strengthen the security culture. Complete security-related sections of RFPs and customer questionnaires, build and maintain a security knowledge base, and provide assurance of the integrity, confidentiality, and availability of information owned, controlled, and processed by the organisation. Attend meetings with customers and prospects to provide insights into how HICX implements security across the organization Internal IT & Operations Manage a small team of IT support admins providing internal IT support to HICX employees and contractors. Act as the escalation point for complex IT issues, incidents, and problems requiring cross-team coordination. Ensure IT support activities align with security controls, access management, and acceptable use requirements. Oversee onboarding, offboarding, account lifecycle management, and device provisioning/deprovisioning. Own and maintain standard operating procedures and the operations platform. Help balance usability, cost, and security when selecting or renewing SaaS and IT tools. Carry out other reasonable duties as required by the Company. Desired Skills and Experience: Excellent track record of leading security audits; ISO 27001, SOC 2, Cyber Essentials Plus Proven experience in a senior information security leadership role (Head of Security, Information Security Manager, or similar), ideally within a SaaS or technology business. Demonstrable experience building, operating, and maturing an ISMS, including achieving and maintaining SOC 2 and ISO 27001 certification. Strong, hands-on knowledge of security tooling and controls; EDR, SIEM, MFA, identity and access management, device/endpoint management, and vulnerability management. Solid understanding of cloud security (AWS, Azure, and Microsoft 365 admin suite) Experience leading end-to-end security incident response, including out-of-hours management of major incidents. Knowledge of UK GDPR/GDPR and global data protection laws, with experience acting as, or wor

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at HICX? Share your experience