Head of Information Security (Hiring Immediately)

Head of Information Security required for an online retail business. The role will initially focus on ISO27001 & ISO9001 recertifications.

1. Lead information security strategy and implement security roadmaps.
2. Develop and track security KPIs.
3. Advise senior management on risk levels and emerging threats.
4. Create, maintain, and implement information security policies.
5. Ensure compliance with ISO 27001, ISO 9001, Cyber Essentials+, and GDPR through continuous validation.
6. Manage and improve the Information Security Management System.
7. Oversee security training and awareness programs.
8. Lead internal and external audits, tracking findings and mitigation efforts.
9. Identify and communicate emerging security threats.
10. Conduct security due diligence in procurement and oversee supplier assurance.
11. Manage security incidents and coordinate response processes.
12. Select and implement GRC controls and security technologies.
13. Identify security requirements throughout the system lifecycle.
14. Develop or enhance security procedures to mitigate threats.
15. Embed cybersecurity requirements into new projects.
16. Provide management and mentorship to security teams.
17. Create and lead the Security Operations Centre (SOC) with real-time monitoring and incident response.
18. Drive security awareness, governance, risk, and compliance initiatives.
19. Report to senior stakeholders on threats, compliance, and mitigation progress.
20. Conduct risk assessments, maintain risk registers, and develop risk treatment plans.
21. Oversee vulnerability management processes and prioritize remediation.
22. Lead ISO 27001 and ISO 9001 audits, ensuring regulatory compliance.
23. Support IT projects by managing controls and providing guidance.

Ideal candidates will have a proven track record of leading organizations through ISO27001 & ISO 9001 certifications, with ISO27001 lead implementer or auditor qualifications.