We are seeking an experienced and highly capable Information Security Manager to join our growing team at Prevail Partners. The ideal candidate will bring deep technical knowledge of information security risks, controls and frameworks — with practical experience managing ISO 27001-compliant systems and embedding secure practices across dynamic operational environments. You will work closely with the Counter Intelligence and Security Lead, Compliance Manager, IT department, and project teams to ensure robust, proportionate, and forward-looking protection of our people, data and systems.
This is a key role for a pragmatic and security-minded individual who can operate at both strategic and operational levels, supporting the business as it expands its global footprint and develops sensitive technology solutions.
Key Responsibilities
Security Strategy & Governance
1. Lead the continued development of Prevail’s Information Security Management System (ISMS) in alignment with ISO 27001, driving forward maturity and integration with wider business goals.
2. Serve as the lead advisor on information security, ensuring risk-based decision-making and strong stakeholder engagement across the business.
3. Maintain close working relationships with external stakeholders including NCSC and NPSA, ensuring Prevail remains alert to national-level threat reporting and guidance.
4. Represent information security within executive-level planning, commercial proposals, and assurance processes.
5. Implement and lead the Data Loss Prevention function, advising on appropriate software and functionality.
6. Develop, configure and refine policies and rules to help prevent data loss and protect sensitive information across the company.
7. Collaborate with the wider, cross-functional company Insider Threat function, including HR, legal, compliance and business leads.
Operational Security & Risk Management
1. Oversee the planning, implementation and management of technical and procedural controls across endpoint security, data access, and cloud infrastructure (including AWS).
2. Maintain Prevail’s Cyber Essentials and Cyber Essentials Plus accreditations, including preparation, audit liaison, and continuous improvement of control measures.
3. Lead structured risk assessments across internal systems and project-specific activities, and develop pragmatic mitigation plans with relevant teams.
Data Protection & Compliance
1. Work alongside the Compliance Manager and DPO to ensure effective implementation of UK data protection law, including support for Data Protection Impact Assessments (DPIAs) and data mapping.
2. Oversee the information security training and awareness programme, ensuring it reflects both regulatory obligations and operational realities.
3. Maintain up-to-date security documentation, incident logs, audit records and policy registers.
Preparedness & Incident Response
1. Lead and continuously improve the company’s incident response framework, including conducting tabletop exercises and reviewing lessons learned.
2. Ensure the business is prepared to respond to cyber security incidents, breaches or service disruptions through robust business impact assessment, business continuity and recovery planning.
Internal Engagement & Security Culture
1. Deliver internal briefings and staff awareness sessions across the year, including during onboarding and company Townhalls.
2. Champion our security culture, ensuring all staff understand their role in protecting themselves, the organisation and its data.
3. Collaborate with teams across operations, HR and IT to identify emerging vulnerabilities and strengthen preventative measures.
Governance & Oversight
1. Chair internal security governance forums to track risks, define priorities, and drive improvement across physical, cyber and personnel domains.
2. Contribute to security input for new markets, overseas deployments, and sensitive project work.
3. Support leadership in meeting regulatory, contractual, and reputational requirements in relation to information security.
Minimum Qualifications
1. Demonstrable experience leading or managing an ISO 27001-aligned ISMS, with a track record of successful implementation or certification.
2. Strong understanding of information security risk management, governance, and technical controls.
3. Knowledge of UK data protection regulations (GDPR) and security standards relevant to operational delivery.
4. Excellent communication and stakeholder management skills, including the ability to engage non-technical audiences.
5. A proactive, solutions-focused mindset, capable of balancing security with business agility.
6. ISO 27001 Lead Implementer or Lead Auditor certification (desirable).
7. Experience working in or with secure government, defence, or national security environments.
8. Familiarity with broader frameworks such as ISO 31000, NIST CSF, CIS Controls, or Cyber Essentials.
9. Experience supporting the secure delivery of software or technology platforms.
About Us
Prevail Partners delivers high quality intelligence, research and consultancy services to clients ranging from governments and multinational corporations to non-governmental organisations. These services are delivered predominantly across Europe, the Middle East and Africa.
We pride ourselves on selecting interesting projects which we believe can genuinely make a difference. You will be joining the company at a time of continued growth, and will be required to support a wide variety of these projects across the whole company.
What We Offer
Competitive salary, salary sacrifice pension, access to onsite gym facilities, enhanced leave policies, and private healthcare after two years at Prevail.
J-18808-Ljbffr