Information Security Manager Header Image.

Information Security Manager

The Football Association

The Football Association is the governing body of association football in England and the Crown Dependencies of Jersey, Guernsey and the Isle of Man.

19 Sep 2022
Full Time
Closing date
29 Oct 2022

The Role and Key Accountabilities

Provide the focal point for all InfoSec elements, both with FA technology partners and internally to FA and County FA stakeholders.

  • Collaborate with the CISO service and the Head of Service Delivery to build an effective Info Sec roadmap that will increase the maturity of the FA's cyber security posture, through budget definition and implementation of fit for purpose Policies, Standards, Processes, and tools.
  • Assist in defining the vision and set the strategy for IT Risk and Cyber Security at The FA, that proactively keeps our customers and our staff safe.
  • Assist in delivering security behavioural change whilst communicating cyber security objectives across the organisation
  • Work with the technical design authority with responsibility for all Info Sec aspects across the FA project portfolio:
    • Design and build all Info Sec projects that deliver process or toolsets specific to Info Sec roadmap
    • Ensure that all projects have defined security standards and are implemented as expected
    • Ensure that all software lifecycle management includes secure coding standards, security validation and testing
    • Validate that any third parties providing solutions or services to the FA meet a minimum set of defined security requirements
  • Ensure the effective governance for InfoSec activities across the FA, aligning all IT partners in the delivery of security controls.
    • Maintain all FA information security policies and standards, including regular reviews and updates
    • Manage an assurance framework to monitor compliance against FA information security policies and standards across the internal FA user base and managed service providers
    • Manage the operational effectiveness of any Info Sec service delivered via IT managed service providers
    • Ensure effective and best practice use of identity and access management and privileged access management tools
    • Manage plans for all BCP and DR with all FA and IT partner teams
  • Act as a security incident responder, assisting in the management and co-ordination of activities for any Info Sec incident, ensuring analysis and effective actions are taken.
  • Manage the planning and delivery of security testing activities, including the co-ordination of remediation tasks for vulnerability findings within the FA networks, applications, and any other related products.
  • Work with IT partners to provide an effective training and awareness program to all FA users
  • Ensure regular and documented meetings are held with the delivery partner to measure delivery performance and implement corrective actions where required
  • Attend the Change Advisory Board, and Architecture Review Board, to ensure all Info Sec requirements have been considered and are provided in any existing or new solutions
  • Execute additional tasks as required in order to meet FA Group changing priorities.
  • Comply with all company policies and procedures to ensure the highest standards of health, safety and wellbeing can be maintained.

What we are looking for


  • Experience in Information Security operations
  • A thorough understanding of best practice within Information Security and risk management.
  • Experience with managing third party service providers and business stakeholders
  • Experience of managing information security incidents
  • In depth knowledge of Info Sec marketplace and solutions
  • Good project and change management skills
  • Excellent knowledge and experience of using MS Office applications to fulfill reporting and analysis tasks
  • Good technology experience and strong info sec technical background in both traditional and cloud (Azure preference) environments
  • Experience with quality improvement processes to drive efficiency
  • Effective presentation skills (written and verbal)

The ideal candidate must hold at least one of the following qualifications:

  • CISM / CISMP / CISSP / ISO 27001 Lead Implementer / ISO 27001 Lead Auditor


  • Technology experience within Football or other sporting associations or a working knowledge of sports administration systems
  • Experience working in a matrix structure/multiple client groups

What we can offer you

  • An exciting and challenging role within a changing, dynamic and world-renowned sports organisation.
  • Attractive benefits and a competitive salary.

Please be aware that unless you are on a homebased contract, your contract with The FA will specify a fixed location of either Wembley Stadium, St. George's Park or our Processing Centre.

We currently work within a hybrid working model whereby the expectation is to work from your contractual location for part of the week, and as and when required by the team. The remaining days can be worked remotely. We will continue to monitor this model and it may be adjusted in future if deemed necessary.

How to Apply

To apply for this role, please click 'Apply Now' to begin the application

Applications close on 29th October 2022

The Football Association Group promotes inclusion and diversity, and welcomes applications from everyone. If you have any particular requirements in respect of the recruitment or interview process please mention this in your application.

Additional Information

Full Time
Job Type
Sports Technology

Still Deciding?
 and come back later!

Related Opportunities

Apply for this role

Drag and drop files here or click to upload

    Please make sure to include any supporting documents if requested in the job description

    Drag and drop your Supporting Documents here