Explore our vision: Incredible, effortless recruitment
IT Recruitment

How to Hire a Information Security Manager in the UK (2026)

Owning security strategy, risk and compliance. Hiring an Information Security Manager.
By Mark Wilkinson, Managing Director of Coburg Banks
Charles leads Coburg Banks IT, placing technology professionals from helpdesk to CTO for businesses across the UK.
Mark's Linkedin Profile

An Information Security Manager owns the organisation's security posture - strategy, risk, policy, compliance and often the team. It blends technical understanding with governance and the ability to influence the whole business.

⚡ In short

A UK Information Security Manager typically earns £70k-£100k. Expect a placement in 6-10 weeks. Coburg Banks recruits them with no fee until your hire starts.

£70k-£100k

Typical base salary

6-10 weeks

Time to hire

48 hrs

To first shortlist

12 wks

Replacement guarantee

What to look for in a Information Security Manager

1

Strategy and governance

Ask how they've built a security programme or improved a posture.

2

Risk and compliance

Probe experience with the standards and regulations that apply to you.

3

Influence

They must get the whole business to take security seriously. Look for persuasion, not just policy.

How to run the hire

1. Define the mandate
Be clear on scope - strategy, compliance, team, incident ownership.

2. Score for governance and influence
Weight the ability to build a programme and change behaviour.

3. Source and approach
Approach senior candidates directly.

4. Test with a scenario
Ask how they'd raise the security posture in their first six months.

5. Reference impact
Confirm they measurably improved security and compliance.

Frequently asked questions

How much does it cost to hire an Information Security Manager?

Fees typically run 20-25% of first-year salary, capped and agreed upfront.

Nothing is due until your hire starts.

How long does it take to hire an Information Security Manager?

Around 6-10 weeks.

It's a senior, in-demand role, so a targeted search and a competitive offer matter.

What does an Information Security Manager do?

An Information Security Manager owns the organisation's security strategy, risk management, policy and compliance, and often leads the security team.

They set the direction, manage risk and drive a security culture across the business.

What's the difference between a security manager and analyst?

An analyst is hands-on with monitoring and response. A manager owns strategy, governance, compliance and the team.

They complement each other, and we'll help you scope which you need.

What should I ask an Information Security Manager at interview?

Try: How would you raise our security posture in six months?
Tell me about a compliance programme you built.
How do you get non-technical leaders to care about security? and How do you handle a serious incident?

Do you recruit for specific standards like ISO 27001?

Yes. Where you need experience with ISO 27001, Cyber Essentials or sector-specific regulations, we match it.

We'll weight relevant compliance experience against broader security leadership as your role requires.

External citations

Ready to hire your next Information Security Manager?

Tell us about your role and a specialist IT recruiter will call you. No fee until your hire starts.