🚀 Information Security Manager

Join to apply for the Information Security Manager role at Nido Living

At Nido, we create more than just student accommodation – we build vibrant communities where students can thrive. As a fast-growing student housing provider in Europe, we put people and the planet first, delivering exceptional spaces, conscious communities, and unparalleled experiences.

We are on an ambitious journey to become Europe’s leading provider of Purpose-Built Student Accommodation (PBSA). With a strong portfolio of over 12,000 beds across 32 properties in the Iberian Peninsula and active expansion into key markets including Germany and Italy, we are laying the foundations for long-term, pan-European growth.

As part of this growth, we are seeking an experienced Information Security Manager to lead the design, implementation, integration and continuous improvement of our information security strategy. This role is critical to ensuring the protection of sensitive data, regulatory compliance, and business continuity in a complex, multi-country digital environment. The Information Security Manager will oversee cybersecurity governance across all entities, coordinate risk assessments, define and enforce internal security policies and procedures, and act as the primary point of contact for all data protection and information security matters across the business.

KEY TASKS & RESPONSIBILITIES

• Develop and deliver a multi-year cybersecurity roadmap aligned with business growth.
• Lead cybersecurity integration efforts, ensuring consistent security standards, governance, and controls.
• Harmonize data protection and privacy practices across jurisdictions (e.g., GDPR, UK Data Protection Act) to ensure unified compliance.
• Establish and maintain the Information Security Management System (ISMS) in line with ISO 27001, NIST, and GDPR.
• Conduct risk assessments and manage mitigation plans across both entities, maintaining unified security policies and procedures.
• Oversee security operations across all systems, ensuring consistent monitoring and response capabilities.
• Lead incident response and business continuity, coordinating cross-entity response processes and communication.
• Manage vendor and third-party security risks, ensuring consistent due diligence and contract standards across both organizations.
• Integrate cybersecurity into enterprise risk management, reporting key risks and progress to executive management and the board.
• Ensure compliance with EU, UK, and local cybersecurity regulations (e.g., NIS2, ENS, UK NCSC guidance).
• Conduct vulnerability management, penetration testing, and threat monitoring to proactively identify and address risks.
• Collaborate with IT and business teams to ensure secure systems, networks, and applications across both entities.
• Promote a unified security culture, delivering awareness and training programs across all regions.
• Stay current with emerging threats, technologies, and regulatory changes relevant to both UK and EU operations

QUALIFICATIONS & EXPERIENCE

• Bachelor’s degree in Computer Science, IT, Cybersecurity, or a related field.
• 5+ years of experience in information security, with proven success implementing and maintaining ISMS and compliance programs (e.g., ISO 27001, GDPR).
• Strong knowledge of security frameworks and regulations (ISO 27001, NIST, NIS2, ENS, UK NCSC).
• Experience in multi-country or multi-site operations, ideally within real estate, hospitality, or student housing.
• Expertise in cybersecurity and technology infrastructure, including networks, systems, and cloud.
• Proven ability in incident response, business continuity, and risk management across multiple jurisdictions.
• Experience managing MSSPs and external security providers across different geographies.
• Strong leadership, communication, and stakeholder management skills, with the ability to align diverse teams and cultures.
• Change management experience in integrating cybersecurity programs during mergers or organizational transitions.
• Certifications such as CISM, CISSP, ISO 27001 Lead Implementer, or DPO preferred; others (CISA, CRISC, CCSP, ISO 22301) are an asset.
• Fluent in English; Spanish, German, and/or Italian are strong advantages

KEY PERSONAL SKILLS & TRAITS

• Integrity: Commitment to upholding ethical standards, honesty, and integrity in managing sensitive information and ensuring compliance with security and data protection regulations, fostering a culture of transparency and accountability.
• Analytical Thinking: Proficiency in analysing complex security risks, threats, and vulnerabilities, and interpreting technical findings to support strategic decision-making.
• Problem-Solving: Capacity to identify security issues, assess alternative solutions, and implement effective remediation strategies to address threats, incidents, and control gaps.
• Resilience: Ability to remain composed and focused under pressure, demonstrating resilience in managing security incidents, regulatory audits, and multiple projects simultaneously under tight deadlines.
• Collaboration and Communication: Excellent communication skills with the ability to explain technical security matters clearly to both technical and non-technical stakeholders, and to collaborate effectively with IT, legal, compliance, and business teams across multiple locations.
• Personality: Proactive, self-motivated, and results-oriented, with a strong sense of ownership and accountability in driving security initiatives.

Seniority level

• Mid-Senior level

Employment type

• Full-time

Job function

• Information Technology