The Role
We are looking for an IT & Information Security Manager to take ownership of our IT systems, infrastructure and security. You'll manage our Microsoft 365 environment, devices and IT support for a hybrid workforce, while helping to modernise our technology through cloud migration and improved monitoring. You'll also lead our ISO 27001 and Cyber Essentials certifications, manage security policies and audits, oversee business continuity, and work with colleagues across the business to maintain a secure, reliable and compliant IT environment. This role has real autonomy, and it'll suit someone who wants to build something they're proud of rather than simply clock in and out.
You'll be based in or near Birmingham, working hybrid with office visits as needed for hardware and infrastructure work. You'll have genuine autonomy and the space to shape how we do security and IT as the business grows including developing our ISMS into something you're proud of.
Team culture is at the heart of what we do, so we’re looking for someone who brings a positive, collaborative attitude. We value a supportive and ego-free environment, where everyone can share ideas and grow together. If you’re excited to be part of a team that builds each other up and tackles challenges together, we’d love to meet you!
What you'll be doing
- Own office infrastructure and all staff hardware end to end procurement, setup, asset lifecycle, joiner/leaver provisioning, and day-to-day fixes for the Birmingham office.
- Own identity, access and endpoint management company-wide across our Windows estate Entra ID, Microsoft 365, and Intune with most staff hybrid or fully remote, so remote provisioning and support is central to this role, not an edge case. Experience with Mac management would be a bonus.
- Own the relationship with our outsourced IT support provider performance, SLAs, escalations and renewals and act as the senior escalation point for IT.
- Help drive our ongoing move from remaining on-premise infrastructure to cloud, and support the decommissioning that follows.
- Strengthen monitoring, logging and alerting so we can spot and investigate anomalies early.
- Contribute to IT planning and budgeting, and report on our security and IT posture to leadership as needed.
- Take ownership of our ISO 27001-certified ISMS, carry it through its surveillance audits, and lead its continued development so it's genuinely embedded in how we work day to day, not just on paper.
- Keep certifications such as Cyber Essentials (and Cyber Essentials Plus) in good standing.
- Lead responses to client security questionnaires, audits and due-diligence requests a regular and important part of the role, particularly for our public-sector and regulated financial-services clients.
- Develop, maintain and enforce security policies, standards and procedures, and drive awareness of them across the business, including annual staff security training.
- Ensure compliance with data protection obligations (UK GDPR / DPA), working alongside our DPO-trained and compliance colleagues you are not the sole owner of data protection here, but need to be conversant enough to run day-to-day queries and escalate appropriately.
- Run vendor and third-party risk assessments, and keep our supplier risk posture under review.
- Own disaster recovery and business continuity planning, including periodic testing.
- Respond to security incidents, run root-cause analysis, and feed lessons back into our controls.
What you'll bring
5+ years in IT management, information security, or a closely related role, with genuine breadth across both security/compliance and hands-on IT infrastructure - this is a hybrid role and we need someone who won't neglect one side in favour of the other.
- Proven, hands-on experience taking an organisation through ISO 27001 certification or a substantial ISMS rebuild - not just maintaining a system someone else built. You'll be our sole owner of this, so you need to operate independently from day one. Familiarity with frameworks like NIST or CIS Controls is a plus.
- Experience responding to client security questionnaires and supporting audits and certifications.
- Solid working knowledge of enterprise identity and Windows endpoint tooling Entra ID/Okta, Microsoft 365, and Intune.
- Experience managing an outsourced IT provider / MSP, including holding them to SLAs.
- Vendor and third-party risk assessment experience.
- Working knowledge of UK GDPR / Data Protection Act obligations you'll have support here, but need to be conversant, not a specialist.
- The ability to translate technical risk into clear, practical terms for non-technical stakeholders.
- A recognised security or ISMS certification (e.g. ISO 27001 Lead Implementer/Auditor, CISM, Security+, CySA+, or equivalent).
- A proactive, ownership-driven mindset comfortable being the go-to security and IT person in a small, cross-functional team, and comfortable with the unglamorous parts of the job (hardware, cabling, the office printer) as well as the strategic parts.
- Awareness of cloud infrastructure environments (we are mid-migration off on-premise servers).
- Experience administering hosted VoIP / phone systems.
Who we're looking for
Most of all, we're looking for someone who genuinely loves this stuff. Technology and security are what you'd probably be tinkering with anyway — and you're the kind of person people are glad to have around, whether that's talking a nervous colleague through a problem or getting stuck in as part of the team.
- Curious by nature: you're the sort who follows where technology and security are heading and enjoys going down the odd rabbit hole, and that enthusiasm shows in your work.
- People-friendly: approachable, patient and easy to deal with; you can explain a tricky issue to a non-technical colleague without making them feel silly, and people trust you to help.
- A natural owner: you take initiative, follow things through, and care about doing them properly, so the ISMS becomes something genuinely lived rather than a box-ticking exercise.
- Analytical and clear: you get to the root of a problem quickly, weigh risk sensibly, and can set it out plainly in a report, policy or audit response.
- Broad and hands-on: comfortable across security, compliance and infrastructure, and just as happy with the strategic thinking as with the unglamorous fixes.
- Honest and dependable: integrity is essential to everyone at NetWatch, and especially in a role trusted with our systems, data and security.
First 90 days will likely include:
- Getting up to speed on the ISMS and running a gap assessment ahead of the next surveillance audit.
- Reviewing our outsourced IT support arrangements and how we work with our provider.
- A review of Microsoft 365 licensing and device inventory.
Benefits Package
- Flexible working hours
- Remote working / hybrid
- On-site gym
- Employee benefits and wellbeing program
- 24 days leave plus bank holidays, with a flexible holiday policy
- Buy and sell leave scheme
- Length of service rewards
- Company pension scheme
- Training and development opportunities
- Regular team social events and clubs
- Cycle to work scheme
- Casual dress code
How to Apply
Submit your CV and a covering letter via Indeed, or directly via our website - https://netwatchglobal.com/careers/information-security-it-officer.
Covering letters should detail your interest in our company, your passion for development, and why you’d be a great fit for this role. If successful, the hiring process is as follows:
Accessibility Statement
NetWatch Global is committed to creating an inclusive and accessible environment for all. If you require any accommodations during the application process, please call and ask for HR.
Pay: £48,000.00-£58,000.00 per year
Benefits:
- Casual dress
- Enhanced maternity leave
- Enhanced paternity leave
- Flexitime
Work Location: Hybrid remote in Birmingham