Job Description

Join to apply for the Information Security Manager role at Healix International

Location: Healix Group, Healix House, Esher Green, United Kingdom

We are recruiting an Information Security Manager who will be a key member of the Healix Risk Department. You will manage all areas of data & information security compliance across the Healix International Group, overseeing the firm’s control framework for these specialty areas.

As the Information Security Manager you will design, implement & maintain the Information Security Management System (ISMS) in accordance with ISO27001, Cyber Essential Plus & SOC2, supporting crisis response and duty of care obligations worldwide.

Key Responsibilities

• Lead the development, implementation, and continuous improvement of the ISMS in line with ISO 27001 and other regulatory standards.
• Assess security posture, identify vulnerabilities, and develop mitigation strategies for enterprise‑wide information security risks.
• Maintain and enhance the organisation’s risk register and heat map, ensuring risks are scored, tracked, and treated effectively.
• Oversee the implementation and management of security systems including firewalls, encryption, and data protection controls.
• Investigate and respond to security incidents, policy breaches, and regulatory findings.
• Collaborate with internal teams to close audit actions and ensure documentation meets compliance standards.
• Engage external experts when necessary and monitor the effectiveness of their services.
• Deliver engaging training and awareness programmes to foster a strong security culture.
• Lead the response to cyber and information security incidents, including investigation, containment, and escalation.
• Maintain and test business continuity and disaster recovery plans.
• Coordinate incident response efforts across IT, operations, and client‑facing teams.
• Identify and manage risks related to mobile travel apps, tracking systems, and third‑party data processors.
• Develop risk treatment plans and support the implementation of appropriate controls.
• Conduct third‑party security assessments and manage security clauses in supplier contracts and SLAs.
• Oversee penetration testing and vulnerability scanning of core systems.
• Lead and mentor a team of analysts, ensuring high‑quality output and continuous development.

Person Specification

• Professional certifications such as CISM, CISSP, or ISO 27001 Lead Implementer/Auditor (or equivalent).
• Hands‑on experience with ISO 27001:2022, Cyber Essentials Plus, and enterprise risk management.
• Strong background in information security governance, compliance, and risk assessment.
• Experience in travel risk, security, or medical assistance sectors is a plus.
• Excellent communication skills – both written and verbal – with the ability to influence and educate.
• A proactive, solution‑focused approach with strong problem‑solving skills.
• High attention to detail and a customer‑centric mindset.
• Comfortable working in a fast‑paced, dynamic environment.
• Committed to continuous personal and professional development.

Contract

Type: Full‑time

Salary: £50,000 per year

Closing Date: Friday 31st October 2025