Information security is, as called – about information, while IT is about technology. If you take a look at ISO 27001 – Requirements for information security management, you will see that all security measures should be deployed in order to secure information. Some of them are technical, but some are not.
However, in todays world most information is stored in IT systems and therefore most of the measures are technical.
You can consider IT security as all security measures aimed to ensure confidentiality, integrity and availbility of information in IT systems, while information secuirty is also about securing information outside IT systems (paper, brain…).