Information Security Manager

Why Join Evotix?

At Evotix, we’re transforming the way businesses approach health, safety, and wellbeing. Our team thrives on bold ideas, celebrates diversity, and embraces the power of collaboration.

Here’s why you’ll love working with us:

• Competitive Compensation: Enjoy a competitive base salary and company-based performance bonus.
• Time to Recharge: Unlimited Annual Leave because we trust you to balance your work and wellbeing.
• Support for You: Access to our Employee Assistance Program, including mental health, legal, and financial guidance.
• Growth Opportunities: Educational benefits to help you keep learning and growing.
• Team Culture: Regular team events, an inclusive environment, and a shared commitment to making an impact.

The Role

Deliver impactful EHS solutions. Empower safer, smarter workplaces.

We are seeking an experienced Information Security Manager to own and scale our information-security-led compliance function. This role is responsible for maintaining and evolving our security certifications (e.g. ISO 27001, SOC 2, IRAP), supporting customer and prospect assurance activities, and embedding strong security and compliance practices across the business.

This is a hands-on leadership role suited to someone who combines deep information security and GRC expertise with strong commercial awareness — able to partner effectively with Product, Engineering, Legal, Sales, and Finance to enable growth while managing risk.

What You'll Do

Information Security & Certifications

• Own and maintain the company’s information security management framework (ISMS), including policies, controls, and risk registers.
• Lead and manage external security certifications and attestations, including:
• • ISO 27001 (and related standards where applicable)
  • SOC 2 Type I & II
  • IRAP (or equivalent government / regulated frameworks)
• Plan and coordinate internal audits, external audits, penetration tests, and remediation activities.
• Act as the primary point of contact for external auditors and assessors.

Customer & Commercial Security Assurance

• Own the end-to-end process for customer and prospect security due diligence, including:
• • Completion and review of security questionnaires and DDQs
  • Supporting enterprise and regulated-sector sales cycles with security assurance materials
• Review and advise on the security and compliance components of customer contracts, DPAs, and MSAs, working closely with Legal and Commercial teams.
• Develop and maintain standard security documentation (e.g. security whitepapers, control mappings, shared responsibility models) to streamline sales cycles.

Risk, Controls & Governance

• Identify, assess, and manage information security and compliance risks across the organisation.
• Ensure appropriate controls are designed, implemented, tested, and evidenced.
• Maintain incident management, breach response, and escalation processes in line with regulatory and customer expectations.
• Monitor relevant regulatory, contractual, and industry requirements and assess their impact on the business.

Internal Enablement & Culture

• Embed security and compliance awareness across the organisation through training, guidance, and pragmatic processes.
• Partner with Engineering, Product, IT, and Data teams to ensure security controls are proportionate, practical, and scalable.
• Support leadership with clear reporting on security posture, risks, audit outcomes, and remediation progress.

Team & Function Leadership

• Build, lead, and develop the compliance and information security capability as the company scales (including potential future hires or external partners).
• Establish clear ownership, documentation, and repeatable processes that reduce manual effort over time.

What You Bring

• Significant experience in information security, compliance, or GRC roles within a SaaS, technology, or regulated environment.
• Proven hands-on ownership of security certifications such as ISO 27001 and SOC 2 (end-to-end, not just policy oversight).
• Strong understanding of information security controls, risk management, and audit processes.
• Familiarity with cloud-based SaaS architectures and modern DevSecOps practices.
• Experience working in a private-equity-backed or high-growth environment.
• Experience responding to enterprise customer security questionnaires and supporting complex sales cycles.
• Ability to interpret and advise on security-related contractual language and compliance obligations.
• Excellent stakeholder management skills, with the ability to balance security rigor with commercial pragmatism.
• Clear, structured communication style — able to translate security concepts for non-technical audiences.

Interview Process

We aim to keep our interview process transparent, fair, and respectful of your time. While steps may vary slightly by role, you can typically expect:

• Initial chat: A conversation with a member of our Talent team to learn more about your background, motivations, and answer any initial questions.
• Predictive Index (PI) assessment: A behavioural and cognitive assessment designed to better understand your working style and how you approach problem-solving.
• Hiring Manager interview: A role-focused discussion exploring your experience, skills, and how you approach real-world scenarios relevant to the role.
• Final interview: A conversation with key stakeholders to dive deeper into collaboration, alignment, and mutual fit.
• Offer: If successful, we’ll move quickly to share an offer and next steps.

We’re happy to make reasonable adjustments at any stage of the process — just let us know what you need.

Ready to Make a Difference?
If you’re a bold, results-driven leader who thrives on challenges, loves scaling success, and is passionate about making a difference—we want to hear from you!

Thank you for your interest. Please note, we are not seeking support from external recruitment agencies at this time. Direct applications from candidates are warmly welcomed.