Information Security Officer

Information Security Officer required by a rapidly expanding, software house based in Cardiff. This is a hybrid role with 1-2 days a week onsite with flexibility.

The Information Security Officer will be integral to protecting our client’s information assets. The successful candidate will require a combination of technical expertise, strategic thinking, and effective communication to successfully safeguard against ever-evolving cyber threats.

Main Responsibilities:

• Create and implement policies and procedures to protect sensitive information.
• Ensure compliance with legal and regulatory requirements.
• Identify and assess security risks to the organisation’s information assets.
• Develop and implement strategies to mitigate these risks.
• Educate employees about security policies and best practices.
• Conduct regular training sessions to keep staff informed about new threats and security measures.
• Develop and manage incident response plans to handle security breaches.
• Coordinate with IT and other departments to respond to and recover from security incidents.
• Monitor networks and systems for security breaches.
• Analyse security logs and reports to identify potential threats and vulnerabilities.
• Work with other executives and stakeholders to ensure security measures align with business objectives.
• Communicate security issues and recommendations to senior management and the board of directors.
• Stay updated with the latest security trends, technologies, and regulatory requirements.
• Continuously improve the organization's security posture through research and adopting new solutions.

• Strong understanding of IT infrastructure, network security, and cybersecurity principles.
• Familiarity with various security frameworks and standards such as ISO 27001, NIST, and CIS.
• Ability to analyse complex information and identify key security risks.
• Strong problem-solving skills to address and mitigate security threats.
• Excellent written and verbal communication skills to effectively convey security information to non-technical stakeholders.
• Ability to present complex security concepts in a clear and concise manner.
• Relevant certifications such as CISSP (Certified Information Systems Security Professional), CISM (Certified Information Security Manager), or CEH (Certified Ethical Hacker) are often preferred or required.
• A relevant bachelor's or master's degree in information technology, computer science, cybersecurity, or a related field (Desirable)

This fantastic role comes with a competitive basic salary and is accompanied with a 10-15% annual bonus, 25 days paid holiday, a flexible pension scheme, flexible working opportunities, childcare vouchers, 6 months maternity leave, continued investment in your career, Bike to Work, discounts and many more.