Head of Information Security

Head of Information Security required for online retail business. The role will initially be focused on ISO27001 & ISO9001 recertifications.

Responsibilities

• Lead on information security strategy and implementation of security roadmap
• Develop security KPIs and track their progress
• Advise senior management on risk levels and any changes impacting security posture, including emerging threats
• Create, maintain, and implement information security policies
• Continuously validate the firm against policies and procedures to ensure compliance against ISO 27001, ISO 9001, Cyber Essentials+, and GDPR
• Manage and continuously improve of the firms Information Security Management System
• Oversee the information security training and awareness program
• Lead on internal and external audits and track audit findings through to mitigation
• Identify and communicate emerging security threats with relevant stakeholders
• Provide security due diligence in procurement processes and oversee continuous supplier assurance
• Manage security incidents and coordinate incident response processes
• Select and implement GRC controls and assisting in selection and implementation of information security technologies
• Identify security requirements specific to an information technology (IT) system in all phases of the system life cycle
• Develop new, or enhance current, security procedures to reduce or eliminate potential threats
• Ensure that cybersecurity requirements are Embedded into new programs of work
• Providing management and mentorship to security teams and supporting staff
• Create and then lead the Security Operations Centre (SOC), ensuring Real Time monitoring and incident response.
• Drive security awareness training and governance, risk, and compliance (GRC) initiatives.
• Creation and presentation of reporting to senior stakeholders, highlighting threats, compliance gaps, and mitigation progress.
• Conduct risk assessments, maintain risk registers, and design risk treatment plans.
• Support oversight of vulnerability tooling & processes, assess risk and prioritise remediation.
• Lead internal/external audits (ISO 27001 and ISO 9001) and ensure compliance with regulations (GDPR).
• Support wider IT project requirements through management of defined gates, provision of guidance and assessment of controls.

As an ideal candidate, you will have a proven track record of bringing organisations through ISO27001 & ISO 9001 accreditations. ISO27001 lead implementer or auditor qualifications are essential.