Senior Information Security Administrator

My client is hiring an Information Security Lead to help shape and implement its cybersecurity operations, governance, and risk framework. Reporting to the IT Operations & Security Manager, this role is critical in maintaining the organisation's security posture, ensuring compliance, and supporting ongoing IT service resilience.

Key Responsibilities

• Oversee third-party security tools and services (e.g. firewalls, IDS/IPS, endpoint protection) and monitor vendor SLA adherence.
• Conduct risk assessments, maintain the security risk register, and manage remediation activities.
• Lead incident response processes including detection, containment, investigation, and resolution.
• Develop, implement, and maintain information security policies, procedures, and standards.
• Ensure compliance with ISO 27001, NIS2, and other regulatory requirements; manage documentation and audits.
• Coordinate change, risk, and incident management activities across IT security functions.
• Support secure design and delivery of IT projects and solutions.
• Manage internal security testing schedules and ensure timely execution and review.
• Deliver cybersecurity awareness initiatives, training sessions, and effectiveness reporting.
• Collaborate with vendors and contribute to security procurement and tendering processes.
• Monitor emerging threats and recommend improvements to maintain a strong security posture.
• Contribute to the development of long-term IT security strategy and continuous improvement efforts.

Qualifications and Experience

• Degree in Computer Science, Information Security, or a related field.
• Minimum 5 years' experience in IT security roles, ideally within regulated or public sector environments.
• Solid knowledge of ISO 27001 and related frameworks; experience with certified environments.
• Strong understanding of risk, incident, and change management.
• Familiarity with security technologies such as SIEM, MFA, encryption, and vulnerability management.
• Ability to communicate technical issues clearly to non-technical stakeholders.

Preferred

• Certifications such as CISSP, CISM, or ISO 27001 Lead Implementer.
• Project management qualifications (Agile, PMP, or Prince2).
• Understanding of public sector IT governance and regulatory requirements.
• Knowledge of current threat landscapes, business continuity, and cyber resilience practices.

GCS is acting as an Employment Agency in relation to this vacancy.