ABOUT US

At Serco, we unite the right people, technology, and partners to solve some of the world’s most pressing and complex challenges. From defence and space to healthcare, justice, transport and beyond, our UK operations deliver critical services across government sectors—driven by expertise in service design, programme management, engineering, and more.

KEY ACCOUNTABILITIES

• Lead information security management across new Defence contracts, ensuring compliance with MOD standards such as Secure by Design, DefStan 05-138, and HMG/NCSC guidance.
• Conduct risk assessments and gap analyses using frameworks like NIST SP800 and ISO 27001, developing action plans to address deficiencies.
• Oversee security assurance activities, including incident response, investigations, and engagement with external audit providers (e.g., CHECK pen-tests and security health checks).
• Support project and design phases with security advice on technical, procedural, personnel, and physical controls, aligned to contractual requirements and MOD certifications.
• Establish and manage internal and external Security Working Groups to drive coordinated security efforts with Serco teams, partners, and suppliers.
• Provide guidance on data protection compliance, working closely with Data Protection Champions and promoting awareness across the Defence Business Unit.
• Deliver security awareness training and foster a proactive security culture within contracts, maintaining certifications like Cyber Essentials Plus and ISO 27001.

SKILLS & EXPERIENCE

• Comprehensive knowledge of and experience with current MOD policies and standards (e.g., Secure by Design, JSP 440, DefStan 05-138 / DCPP)
• ISO27001 Lead Implementer / Auditor
• CISSP or CISM certified
• Data Protection Compliance knowledge and privacy certifications
• Risk management knowledge utilising recognised frameworks, such as NIST
• Experience in the production and delivery of security awareness training
• A willingness to travel to Serco and MOD sites is necessary for the effective delivery of this role.
• The Infosec Lead (Defence Growth) must be able to achieve and maintain formal UK Security Clearance (SC

As an Information Security Manager, you’ll take operational ownership of information security for new Defence contracts, ensuring compliance with MOD Secure by Design (SbD) standards and data protection legislation. You’ll oversee security arrangements across Serco, its partners, and subcontractors, maintaining rigorous audit and assurance processes. This role is key to ensuring secure contract delivery, managing security incidents, and preparing for evolving MOD requirements. You’ll work closely with Data Protection Champions, senior leaders, and Defence stakeholders to uphold the highest security standards across the business