Information Security Manager

Introduction

Saab UK is part of Scandinavia’s largest defence company, bringing together the best of Swedish and British innovation. Saab offers world-leading solutions and services in defence, aviation, space, and civil security to keep people and society safe. Our UK presence has been growing at pace, meaning we can offer a wide range of opportunities for personal fulfilment and career growth. We currently employ over 600 people across eight sites in the UK, and our specialisations include software engineering, underwater robotics, radars, AI, and armed forces training.

What you will be part of

Saab is a leading defence and security company with an enduring purpose, to help nations keep their people and society safe.

Empowered by its 28,000 talented people, Saab constantly pushes the boundaries of technology to create a safer and more sustainable world.

Saab designs, manufactures and maintains advanced systems in aeronautics, weapons, command and control, sensors and underwater systems.

Saab is headquartered in Sweden. It has major operations all over the world and is part of the domestic defence capability of several nations.

The Role:

This role is part of our Public Safety Solutions Business Unit.

The Information Security Manager is accountable for the organisation’s information security strategy, governance, and compliance, ensuring the protection of systems and data that support UK public sector and emergency service operations.

The role is critical in ensuring that services remain secure, resilient, and available, recognising the operational importance and potential impact on frontline emergency response.

Key Responsibilities:

Security Leadership & Assurance

• Own and be accountable for the organisation’s overall security posture, ensuring alignment with business objectives and public sector expectations.

• Lead the implementation, maintenance, and continuous improvement of the ISMS in line with ISO/IEC 27001.

• Maintain Cyber Essentials Plus certification, ensuring ongoing compliance with technical controls.

• Develop and maintain the Security Management Plan, with a focus on resilience, availability, and service continuity.

• Provide regular assurance reporting to senior leadership and stakeholders.

Risk Management & Compliance

• Own and maintain the Security Risk Register, ensuring risks are identified, assessed, and managed in line with organisational risk appetite.

• Conduct and support risk assessments, internal audits, and external certification activities.

• Ensure compliance with relevant UK regulatory and security requirements, including GDPR and guidance from the National Cyber Security Centre.

• Work with internal teams and suppliers to implement proportionate and effective security controls.

Security Operations & Incident Management

• Act as the primary point of contact for security incidents, leading or coordinating response activities.

• Take a hands-on role in incident investigation, root cause analysis, and remediation.

• Ensure that incident response processes are aligned to the operational needs of emergency service environments, including timely escalation and communication.

• Oversee vulnerability management, security testing, and remediation activities, engaging third parties where required (e.g., CHECK providers).

Service Resilience & Operational Security

• Ensure security is embedded in the design and operation of services supporting emergency response.

• Work closely with operational and technical teams to maintain high levels of system availability and resilience.

• Support business continuity and disaster recovery planning, testing, and continuous improvement.

Security Awareness & Culture

• Develop and deliver targeted security awareness and training programmes.

• Promote a strong security culture, ensuring all staff understand their responsibilities in protecting critical services.

Stakeholder Engagement

• Act as a trusted advisor to senior leadership, operational teams, and external stakeholders.

• Support engagement with public sector customers, providing assurance on security controls and practices.

• Collaborate with suppliers and partners to ensure security requirements are met across the supply chain.

Qualifications & Skills:

• Proven experience in an information security role within a UK-based organisation, ideally supporting public sector or critical services.

• Practical experience with security monitoring and incident response tooling (SIEM/XDR)

• Strong working knowledge of ISO/IEC 27001 and experience maintaining an ISMS.

• Practical experience with Cyber Essentials / Cyber Essentials Plus certification.

• Experience managing security risks, incidents, audits, and compliance activities in operational environments.

• Ability to balance strategic leadership with hands-on delivery in a small organisation.

• Strong understanding of service resilience, availability, and risk in mission-critical systems.

• Excellent communication skills, with the ability to engage both technical and non-technical stakeholders.

By submitting an application to Saab UK, you consent to undertaking workforce screening activities that may include but are not limited to: Baseline Personnel Security checks, National Security Vetting, reference checks, verification of working rights and in all circumstances preferred candidates will be placed through a security interview.