Information Security Manager

At Nido we create more than just student accommodation we build vibrant communities where students can thrive. As a fast-growing student housing provider in Europe we put people and the planet first delivering exceptional spaces conscious communities and unparalleled experiences.

We are on an ambitious journey to become Europes leading provider of Purpose-Built Student Accommodation (PBSA). With a strong portfolio of over 12000 beds across 32 properties in the Iberian Peninsula and active expansion into key markets including Germany and Italy we are laying the foundations for long-term pan-European growth.

As part of this growth we are seeking an experienced Information Security Manager to lead the design implementation integration and continuous improvement of our information security strategy.

This role is critical to ensuring the protection of sensitive data regulatory compliance and business continuity in a complex multi-country digital environment. The Information Security Manager will oversee cybersecurity governance across all entities coordinate risk assessments define and enforce internal security policies and procedures and act as the primary point of contact for all data protection and information security matters across the business

KEY TASKS & RESPONSIBILITIES (include but are not limited to)

• Develop and deliver a multi-year cybersecurity roadmap aligned with business growth.
• Lead cybersecurity integration efforts ensuring consistent security standards governance and controls.
• Harmonize data protection and privacy practices across jurisdictions (e.g. GDPR UK Data Protection Act) to ensure unified compliance.
• Establish and maintain the Information Security Management System (ISMS) in line with ISO 27001 NIST and GDPR.
• Conduct risk assessments and manage mitigation plans across both entities maintaining unified security policies and procedures.
• Oversee security operations across all systems ensuring consistent monitoring and response capabilities.
• Lead incident response and business continuity coordinating cross-entity response processes and communication.
• Manage vendor and third-party security risks ensuring consistent due diligence and contract standards across both organizations.
• Integrate cybersecurity into enterprise risk management reporting key risks and progress to executive management and the board.
• Ensure compliance with EU UK and local cybersecurity regulations (e.g. NIS2 ENS UK NCSC guidance).
• Conduct vulnerability management penetration testing and threat monitoring to proactively identify and address risks.
• Collaborate with IT and business teams to ensure secure systems networks and applications across both entities.
• Promote a unified security culture delivering awareness and training programs across all regions.
• Stay current with emerging threats technologies and regulatory changes relevant to both UK and EU operations

• Bachelors degree in Computer Science IT Cybersecurity or a related field.
• 5 years of experience in information security with proven success implementing and maintaining ISMS and compliance programs (e.g. ISO 27001 GDPR).
• Strong knowledge of security frameworks and regulations (ISO 27001 NIST NIS2 ENS UK NCSC).
• Experience in multi-country or multi-site operations ideally within real estate hospitality or student housing.
• Expertise in cybersecurity and technology infrastructure including networks systems and cloud.
• Proven ability in incident response business continuity and risk management across multiple jurisdictions.
• Experience managing MSSPs and external security providers across different geographies.
• Strong leadership communication and stakeholder management skills with the ability to align diverse teams and cultures.
• Change management experience in integrating cybersecurity programs during mergers or organizational transitions.
• Certifications such as CISM CISSP ISO 27001 Lead Implementer or DPO preferred; others (CISA CRISC CCSP ISO 22301) are an asset.
• Fluent in English; Spanish German and/or Italian are strong advantages

KEY PERSONAL SKILLS & TRAITS

• Integrity: Commitment to upholding ethical standards honesty and integrity in managing sensitive information and ensuring compliance with security and data protection regulations fostering a culture of transparency and accountability.
• Analytical Thinking: Proficiency in analysing complex security risks threats and vulnerabilities and interpreting technical findings to support strategic decision-making.
• Problem-Solving: Capacity to identify security issues assess alternative solutions and implement effective remediation strategies to address threats incidents and control gaps.
• Resilience: Ability to remain composed and focused under pressure demonstrating resilience in managing security incidents regulatory audits and multiple projects simultaneously under tight deadlines.
• Collaboration and Communication: Excellent communication skills with the ability to explain technical security matters clearly to both technical and non-technical stakeholders and to collaborate effectively with IT legal compliance and business teams across multiple locations.
• Personality: Proactive self-motivated and results-oriented with a strong sense of ownership and accountability in driving security initiatives

Required Experience:

Manager