Information Security Officer

Our client, a provider of IT Managed Services and IT infrastructure solutions, is looking for an experienced Information Security Officer to join their team. With clients across the UK, Europe, and APAC, including private corporations and government organizations, the company operates a security-first culture, which is crucial to its success. Their IT solutions focus on Dell products, Cisco networking, Citrix, Microsoft, and their in-house cloud platform.

In this role, you will maintain, improve, and operate the Information Security Management System (ISMS) while helping to strengthen the company's security-first approach. You'll work closely with the Director of Security to implement security policies, provide user training, raise security awareness, and manage auditing processes.

• Maintain the ISMS & ISO27001 Certification: Ensure the organisation meets industry standards and regulations, including ISO27001 and Cyber Essentials Plus.
• Conduct Security Audits: Oversee internal audits, ensuring compliance across all departments and with partners.
• Risk Management: Identify, assess, and manage security risks, developing strategies for risk mitigation and managing risk throughout its lifecycle.
• Security Policy Implementation: Create, update, and manage security policies, ensuring they align with the latest industry standards and regulatory requirements.
• Compliance Management: Keep up to date with evolving laws and regulations (GDPR, ISO27001, Cyber Essentials) and ensure organisational compliance.
• Security Awareness & Training: Develop training initiatives and promote company-wide security awareness, helping employees stay informed about security risks and best practices.
• Support Security Operations: Assist teams in improving customer security capabilities and managing compliance audits.
• Continuous Improvement: Proactively drive improvements in the company's security framework and reduce security incidents through a forward-looking risk management process.

• Maintaining ISO27001 and Cyber Essentials Plus certifications
• Expanding the ISO27001 scope to cover data centres, cloud services, and other growing areas of the business
• Proactively identifying and mitigating security risks
• Enhancing security awareness across the company
• Continuous improvement in security processes and a reduction in security incidents

Essential:

• Experience managing and maintaining an ISO27001 information management system
• A minimum of 3 years in an information security role
• Strong understanding of information security risks and experience presenting to senior management
• Expertise in the Cyber Security industry and strong communication skills to simplify complex risk issues
• Passionate about information security

Desirable:

• ISO27001 Lead Auditor or Implementer qualification
• Certifications: CISSP, CISM, CRISK, ISSMP, NIST, or similar
• Experience managing Cyber Essentials and Cyber Essentials Plus certifications
• Demonstrable commitment to personal and professional development

• 25 days paid leave + Bank Holidays
• Contributory Pension Scheme (up to 7% with length of service)
• Tailored personal development plans
• Fully or partially funded training
• Free parking (if office-based)
• Laptop and company mobile phone

If you're a skilled security professional with a passion for driving forward a security-first culture, we'd love to hear from you. Apply now by submitting your CV and any other relevant information.

In Technology Group Ltd is acting as an Employment Agency in relation to this vacancy.