Information Security Manager

Information Security Manager

£55,000 per annum

37 hours per week

Farnham, Surrey, with opportunity for hybrid working.  Cross site working required.
 

About us

Phyllis Tuckwell are based in Farnham, Camberley and Guildford, and provide bespoke, compassionate palliative and end of life care for people living with an advanced or terminal illness, across West Surrey and North-East Hampshire.

Phyllis Tuckwell is a very special place to work.  Our staff make a real difference to the lives of our patients and their loved ones, providing outstanding care at a time that really matters.  Our support teams are pivotal in helping deliver our vital services, ensuring ‘every day is precious’ for our patients. 

We are shortly opening our new hospice building, creating a modern environment designed around patients, families, and staff. Alongside this, we are investing in our digital capability to better support care, improve efficiency, and strengthen how we work as an organisation.

We are seeking an Information Security Manager to shape how our information security is built into a new environment from the outset, rather than retrofitted later.  Whilst good progress has already been made in our cyber security and information governance provision across the organisation, this exciting, new role will take the next step in managing and developing a more structured, consistent, and visible approach, seeking to embed good practice and build confidence.   

This is not a purely technical or policy focused role.  It will be responsible for ensuring our systems and information are safe, resilient, and used responsibly, helping our teams make secure choices in their day-to-day work, and educating staff to understand what this means in practice.   The role will play an integral role in ensuring everything we do, and deliver, is secure by default and will ensure a practical, solutions focused approach to risk, helping teams move forward with confidence, building a positive security culture across the organisation.  

This is a key role at an important point for the organisation.  It will make a tangible impact across the work of Phyllis Tuckwell, both clinically and operationally.

The role will operate under the strategic direction of the Director of IT, Estates and Digital Transformation, while acting as the organisation’s recognised subject matter expert in cyber security and information security. They will be the trusted authority in this area, supporting teams across the organisation and providing credible assurance to senior leaders.

Key Responsibilities of the Information Security Manager will include:

• Leading our approach to cyber security, risk management, and incident response
• Developing and improving our information security management system, aligned to standards such as Cyber Essentials Plus and NHS DSPT
• Identifying and managing risks across systems, processes, and suppliers
• Supporting teams to understand and apply good security practice in real-world situations
• Leading response to any cyber or data-related incidents, ensuring an appropriate and prompt response with a learning mindset
• Working with senior colleagues, including the SIRO and Caldicott Guardian, to provide assurance and oversight
• Building awareness and confidence across the organisation through training and engagement
• Ensuring security is built into new systems, projects, and supplier relationships from the outset

• Develop and deliver engaging information security training and awareness campaigns
• Promote a positive, non-blame culture where people feel confident to report incidents or concerns
• Provide practical advice that helps teams make secure choices in day-to-day work
• Act as a visible and approachable subject matter expert across the organisation

About the candidate

Candidates should possess a balanced skillset across technical cyber security and governance, risk, and compliance (GRC) combined with the ability to translate this into clear, organisation-wide governance and assurance.  They will be comfortable with detail, whilst also providing proportionate, practical oversight at an organisational level.  They should demonstrate:

• Strong technical grounding in cyber security including networks, endpoints, identity, vulnerabilities, and incident response
• Experience in applying that knowledge to real world risk management, not just theoretical controls
• Good understanding of governance, assurance, and security frameworks such as Cyber Essentials Plus, ISO 27001, and NHS DSPT
• Ability to move comfortably between technical detail and clear, plain-English communication for non-technical audiences
• Experience in providing assurance to senior stakeholders such as risk reporting, audit, or governance forums
• An enabling, solutions-focused approach with the ability to balance risk, with the need to get things done
• Strong focus on behaviour and culture, not just controls and policy
• Able to challenge constructively while helping teams find workable solutions
• Comfortable influencing across teams and building trusted relationships

Relevant qualifications or certifications such as CISSP, CISM, or Security+ are helpful.

Whilst a hospice background is not required, applicants should understand the importance of working in a people-focused, regulated environment.

We Offer:

Excellent Benefits

• ·        Six weeks paid holiday plus public holidays
• ·        Phyllis Tuckwell Group Personal Pension Plan (matched contributions up to 7.5%)
• ·        Health Cash Plan Scheme
• ·        Employee Assistance Programme
• ·        Staff Benefit Scheme
• ·        Blue Light Discount Card

Career Development

• Leadership Development
• Skill Development, Project-Based Learning and Diverse training courses
• Apprenticeships
• Coaching
• Cross Departmental Projects

A Great Place to Work

• ·Equal Opportunities employer
• ·Flexible working
• ·Supportive colleagues
• ·97% of our staff are proud to work for Phyllis Tuckwell*

We are committed to creating a diverse and inclusive culture, with the principles of fairness and equality at its core.  We are an equal opportunities employer, who values and respects our employees’ unique knowledge, skills and experiences.  We warmly welcome applications from all sections of the community.  All appointments are made following a fair and equitable process, based on merit, job requirements and business need.  

Interested?

If you are looking for a role where you can make a tangible difference, not just manage compliance, we would like to hear from you.  For further information regarding the role or to arrange an informal visit please contact Graham Mayers, Director of IT, Estates and Digital Transformation.  If you have any questions about the recruitment process, contact HR.

 
Closing date for receipt of applications: 10th May 2026. 

Interviews to be held week commencing 1st June 2026.

We reserve the right to close the role ahead of the closing date should sufficient applications be received. Your early response is therefore encouraged.   Please note that we do not hold a sponsor licence and therefore are unable to provide sponsorship.
 

This post is subject to a standard Disclosure and Barring Service check.