Senior Information Security Governance Manager

EC1A, London (Hybrid)
£60,000 - £65,000 per annum
Full-time
Permanent

Actively Interviewing

This organisation is scheduling interviews as applications come in. They're ready to hire as soon as they find the right person. Don't miss your opportunity, apply now!

Job description

Working Arrangements: This role can be home-based, with occasional attendance at the London office required, or performed on a hybrid basis (depending on your location). 

We are the national body for careers education in England, delivering support to schools and colleges to deliver modern, 21st century careers education.
The Careers & Enterprise Company is a great place to work. We operate within a fast-paced and collaborative environment. We are brought together by one thing: our passion to ensure young people get the best possible start in life and are supported to find their best next step.
Do you want to be part of a mission-driven team focused on transforming young people’s lives? If so, we’d love to hear from you!

Role summary (please see the full job description for further information on the role): 

The Careers & Enterprise Company, a non-profit organisation with a social purpose, is looking for a knowledgeable and committed Senior Information Security Governance Manager to join its small Compliance Team. Reporting to the Head of Compliance (CEC’s Data Protection Officer), you will lead CEC’s ISO 27001-certified information security management system, strengthen processes, and help shape policy. In this role, you will play a key part in ensuring information risk is managed effectively, that audits and monitoring are delivered well, and policies and processes continue to improve. Your work will be essential in providing assurance that the young people’s data entrusted to CEC is secure.  

You may already be leading information security governance in a smaller organisation, or you may have built strong experience as a key member of a larger information security or governance team.   

We are seeking a candidate with broad experience across information security governance, including most of the following: identifying and assessing information risk, managing controls, carrying out internal and third-party audits, improving processes, developing training and guidance for staff, managing and reviewing incidents, and contributing to policy development. A strong eye for detail and excellent record-keeping will be essential to success in this role.  

Because CEC works with children’s data and provides digital tools for careers education, we are especially interested in candidates who are motivated by social purpose who understand the importance of security governance in this context. An appreciation of data protection, tech ethics, and safeguarding will be important in helping you thrive here. Technical skills and experience matter, but so do your values.   

We are passionate about helping young people take their best next step, and keeping their information safe is fundamental to that mission. This is a fast-moving environment, so you will need to be comfortable working through ambiguity, building strong partnerships across teams, finding practical solutions, and confidently raising significant risks when needed. 

The key responsibilities of this role are to manage and continually improve CEC’s ISO 27001-certified Information Security Management System, oversee business continuity management for information and technology risks, and support the organisation’s development of a proportionate quality management approach, including work towards ISO 9001 certification. 

Essential criteria: 

  • Strong understanding of information security management principles and appropriate up-to-date technological, organisational, physical and people security controls.  
  • Good understanding of security framework such as ISO 27001 and cyber essentials. 
  • Good working knowledge of the range of tools, platforms, utilities and cloud computing typically used within modern digital firsts organisations  

Experience / Qualifications  

One or more of the following: 

  • Undergraduate or postgraduate qualification in information/cyber security OR 
  • Equivalent professional certification such as CISSP, CIMP or equivalent OR 
  • ISO 27001 lead implementer or lead auditor 

For more information and to apply, please visit our website via the ‘apply’ button.

Closing date: Sunday 26th July (Midnight) 

*PLEASE NOTE THAT WE RESERVE THE RIGHT TO CLOSE THIS ADVERT EARLY SHOULD WE RECEIVE SUITABLE APPLICATIONS* 

Equity, Diversity and Inclusion        

At the Careers and Enterprise Company (CEC) we are committed to fostering a culture of belonging. We know that engagement at work relies on feeling included and valued. Inclusion is both a choice and a practice, for us as an organisation and for individuals within our team. We aim to drive inclusion through every aspect of our work and we understand that diverse teams are essential for innovative careers education and are central to our mission and impact. CEC values the visible and invisible qualities that makes each member of our team who they are. We are a disability confident employer and if you need any help or support through the application process, please contact the HR team and details can be found on our website.

Application resources
Organisation
The Careers and Enterprise Company View profile Organisation type Non Charity Employer Company size 51 - 100
Posted on: 13 July 2026
Closing date: 26 July 2026 at 23:30
Job ref: 202607 - 84
Tags: Advice / Information, Communications, IT, Policy, Training / Learning, Digital, Compliance / Quality, Data Protection, Information Management, Partnerships, Programme Management, Risk Management, Safeguarding, Security, Governance / Management