Information Security Manager

Job Title:  Information Security Manager
Basis: Full-time, permanent
Location: Canary Wharf, London - WeWork
Reporting to: Co-founder

About Onetrace 🚀

Great products start with great people.

Our relentless focus on user experience has been the cornerstone of our growth, helping us become the market leading software for fire protection subcontractors across the UK.

We’ve grown by staying obsessed with building software that actually works for the subcontractors on the ground; fast, intuitive, and simple to use.

We’re now gearing up for our next chapter: expanding into new trades and taking Onetrace global. We’re bootstrapped, profitable and driven by a clear mission - to lead the digital transformation for subcontractors, one trade at a time.

Come be part of a team that’s smart, ambitious, and comfortable in the chaos of growth - where your ideas matter, and your work shapes what comes next.

Want to learn more about our journey? Check out our LinkedIn page.

About the Role �

We’re looking for an Information Security Manager to lead the systems, practices, and frameworks that protect Onetrace’s data, people and infrastructure as we grow.

This is a cross-functional, hands-on role with a strong strategic lens - you’ll own our information security posture end-to-end, ensuring we maintain our ISO 27001 accreditation, while preparing for other relevant accreditations (such as SOC2 and Cyber Essentials). You’ll proactively manage risks and help create a secure environment where teams can move fast without compromising on trust or safety.

You’ll also guide how we approach data protection, tooling configuration and technical policy, embedding scalable and secure practices across our operations.

This is an opportunity to build on strong foundations and shape the future of InfoSec in a scaling B2B SaaS business that takes its security responsibilities seriously.

What You’ll Do  💡
Information Security Leadership

• Own and evolve our ISMS (Information Security Management System), ensuring it remains fit for purpose as we scale.
  
• Maintain and advance compliance across ISO 27001, SOC2, Cyber Essentials, GDPR, and any emerging frameworks (e.g. PCI DSS, AI governance), ensuring we are audit-ready.
  
• Identify, assess, and mitigate security risks across infrastructure, systems, and vendors - flagging and resolving vulnerabilities before they become problems.
  
• Own security documentation, policies and access protocols, ensuring regular audits and updates.
  
• Lead on GDPR compliance (or arrange the appropriate support and tools) to manage data privacy obligations, including DSARs, DPIAs and risk assessments.
  
• Maintain a clear and up-to-date sub-processor list and lead on third-party risk management.
  
• Act as primary contact for external audits and third-party security assessments (e.g. via Vanta).
  
• Drive awareness and promote best practices across the team around security, compliance, and data handling.

Secure Tooling and IT Ops Oversight

• Guide secure configuration and ongoing management of tools like Kandji, Twingate, and 1Password.
  
• Oversee secure onboarding and offboarding workflows from a systems/access perspective, reducing risk during personnel changes.
  
• Partner with internal stakeholders to manage vendor selection and SaaS procurement, balancing usability, security and cost.
  
• Proactively monitor access controls, audit trails, and incident response procedures and lead or escalate where needed.
  
• Champion scalable solutions, including the use of AI or automation for security monitoring, access reviews and alerting.

Governance and Process Clarity

• Ensure security policies are clearly documented, visible, and adopted company-wide.
  
• Support the business in navigating legal and regulatory change (e.g. GDPR, international expansion, AI etc).
  
• Run awareness sessions, training and security onboarding to embed a culture of ownership and care.
  
• Partner with leadership to ensure policies align with the day-to-day needs of each team and avoid unnecessary friction.
  

What we're looking for  ğŸ”�

Essential 

• Experience as an InfoSec expert - ideally within a high-growth SaaS or B2B tech environment.
  
• Strong working knowledge of compliance frameworks (e.g. ISO 27001, SOC2Cyber Essentials) and ideally PCI DSS.
  
• Working knowledge of GDPR, with experience supporting or overseeing data protection practices.
  
• Hands-on experience with security tooling and SaaS security systems.
  
• Confident in managing compliance audits, access reviews, internal risk assessments and policy updates.
  
• Comfortable owning security strategy and technical documentation.
  
• Excellent project and stakeholder management skills - especially across tech, people and ops.
  
• Able to communicate clearly with both technical and non-technical audiences, translating policy into practice.
  
• Pragmatic, detail-oriented, and proactive in identifying gaps and driving improvements.
  
• Organised and comfortable managing multiple systems and vendors.
  
• Ability to work independently and collaboratively in a fast-paced environment, managing multiple priorities and deadlines effectively
  
• Technically curious and excited about how emerging technologies (particularly AI) - can be used to streamline and automate security operations, compliance workflows, and internal processes.

Desirable 

• Experience in compliance operations management within payments, or financial services is a bonus.
  
• Experience acting as a Data Protection Officer (DPO) or supporting DPO responsibilities is a plus - especially around managing DSARs, privacy impact assessments, and data governance.
  
• Extra points if you have experience in data protection for international markets e.g. AU, NZ
• Degree (or equivalent experience) in a relevant field (computer science, cyber security etc.) - what matters more is demonstrated technical and operational experience
  

What We Offer  â­�

• Benefits 
  • Private medical insurance with Bupa
  • NEST pension scheme
  • Season ticket loan scheme
  • Employee assistance programme
  • 25 days PTO, plus bank holidays

• Ways of Working 
  • WeWork membership
  • Hybrid working options
  • Remote work abroad opportunities

• Equipment 
  • We’ll set you up with an Apple MacBook and all the necessary software
  • Standing desk (when based in the office)
  • Tech accessories and Onetrace merch

• Socials 
  • Annual team offsite and regular socials

• Your Growth 
  • Joining our agile team means you’ll gain hands-on experience, working closely with talented colleagues, and develop your skills in a supportive environment focused on growth

Diversity 

Onetrace is committed to diversity in the workplace and proud to be an equal opportunity employer. If you require a reasonable adjustment, please contact us. All information will be kept confidential and will only be used for applying a reasonable adjustment.

For an informal discussion about the role, please contact [email protected].

� Please note that our office is a dog-friendly environment. Candidates should be aware that dogs are present in the workplace, which may include shared spaces. If you have allergies or concerns, please let us know in advance. �