IT & Information Security Manager

  • Status: Open
  • Salary: Competitive
  • Hours: Full Time


Firefish Ltd was founded in 2000 and has 60+ employees across Group with offices in London and New York. We are Human Strategy Partners to some of the world’s biggest brands such as Unilever, AB Inbev, Spotify, Tommy Hilfiger and PlayStation to name a few. We help our clients make sense of real life and put it at the heart of their decision-making, helping their businesses innovate, communicate, and grow by looking at things from new angles and in new ways.

We call this Unconventional Thinking.

We are a diverse team of brand consultants, entrepreneurs, cultural anthropologists and social psychologists with a passion for helping clients transform their businesses. Whatever your role at Firefish Ltd, we encourage you to explore, to think about different ways to solve problems and get fresh results.

The Role in a Nutshell

We are looking for someone to manage IT & Information Security operations and security compliance for the four operating companies in the business.

As well as to assess and manage the information security environment of the business and serve as a communication liaison between the information security team, staff and other Firefish Group managers in the business as well as external IT/Security providers.


  • Management and Team Liaison
    • Manager of IT Support Executive
    • Work with and support the COO, Head of Compliance and security team
    • Responsible for liaison with external IT provider and security consultant
  • ISMS Manager for company ISO27001 certification
    • Manage and maintain all aspects of the Firefish ISO 27001 certified ISMS
    • Operate and assess the operational effectiveness of information security controls in the ISMS
    • Proactively develop security controls, standards and procedures according to industry good practices
    • Analyse records and logs to spot anomalous behaviour
    • Maintain risk registers and taking ownership of unacceptable security risks remediation
    • Take ownership and monitor progress of incident log and all corrective actions against remediation plans
    • Ownership, continual development, day-to-day monitoring and management of security systems to ensure incidents, real and potential, are quickly identified, responded to and resolved
    • Manage supplier security protocol
    • Manage monthly security status meetings
    • Maintain up-to-date knowledge of ISO standards, security threats, countermeasures, best practices, and assistive technologies
  • Annual Pre-Audit Responsibilities
    • Manage ISO27001 annual audit
    • Documentation review
    • Penetration Test and Remediation co-ordination
    • Work with security consultant as required on Internal Audit & Reporting
    • Work with security consultant as required on Management Review prep and delivery including producing security metrics and supporting KPI reporting
  • Group Information Security Manager
    • Ensure all areas of the business in the UK and US are meeting all required security standards and comply with client security requirements
    • Responsible for vulnerability assessment remediation and BCP/DR management and testing
    • Suggest improvements and best practice in security and ways of working with all parts of the business
    • Provide security advice to staff g. around new/third party technology
    • Escalation point for information security incidents/issues
  • Manager of IT roadmap planning, projects and implementation
    • Help manage IT strategy for the business and ensure projects are implemented according to agreed timescales and budget
    • Attend quarterly IT roadmap planning sessions
    • Work with COO on annual budget for IT roadmap
  • Procurement/Client compliance
    • Responsible for review of security requirements in client contracts
    • First point of contact for responding to client security due diligence/ RFIs/assessment
  • Training and awareness
    • Implement best practice guidelines and train relevant staff on best practice when required
    • Ensure security training is provided to all new starters/staff/freelancers
  • Security trends
    • Stay abreast of emerging security trends, standards and security enhancing technologies

Reports to: COO but has a close working relationship with the Head of Compliance



  • ISO 27001 maintenance / implementation
  • A good understanding of IT / Computer Systems / Cloud / Networks / Windows AD environments (previous work experience in IT preferred).
  • An interest in and knowledge of cyber security
  • Experience working in a similar role or working internally to manage/develop internal information security frameworks
  • Line management skills – experience of managing/coaching/developing staff


  • Educated to degree level or equivalent (IT / Cyber Security related preferred)
  • Knowledge of the legal and statutory obligations for SMEs regarding information security
  • Relevant certification such as ISO Lead Auditor, CISM, CISSP

Skills/Personal Attributes

  • An inquisitive, analytical mind
  • Ruthless organisational skills
  • Calm but enthusiastic
  • Excellent communication skills with an ability to describe technical and security issues / solutions to technically and non-technically minded people
  • Possess critical thinking and problem-solving skills to assess and react to risks and situations
  • Able to understand and successfully manage the balance between business requirements, priorities, IT service delivery and information security
  • Be collaborative and have influence – able to create strong relationships both internally and with external providers and engage staff at all levels
  • Excellent written language skills to be used both in technical and non-technical contexts
  • Ability to follow procedures as well as suggest improvement ideas
  • Ability to multi-task and work on projects concurrently and under tight deadlines
  • Self-motivated with a determination to provide solutions

If this sounds like you, then please send your CV to with the role you are applying for in the subject line.