Information Security Officer
Information Security Officer Overview We are seeking an experienced Information Security Officer to play a pivotal role in managing and enhancing our clients security posture. The successful candidate will be responsible for overseeing information security risks, leading security operations and governance, and maintaining our ISO27001 and Cyber Essentials Plus certifications.Working closely with the IT leadership team, this role will ensure the right security controls are embedded into the systems designed, build and operate. Also acting as a company-wide champion for information security—supporting teams, raising awareness, and ensuring compliance with legal, regulatory and contractual obligations.Role & Responsibilities
- Manage and maintain the Information Security Management System (ISMS) aligned to ISO27001.
- Oversee external certification processes and manage external audit programmes.
- Deliver the internal information security audit programme.
- Own monthly and quarterly information security governance forums.
- Define and continuously evolve the organisation’s information security strategy.
- Act as security architecture SME to support system development and change initiatives.
- Advise operational teams on the implementation and improvement of security controls.
- Develop and deliver a company-wide information security training and awareness programme.
- Serve as the Primary Incident Response Manager for information security incidents.
- Manage and review information security risks across the organisation.
- Lead information security improvement initiatives.
- Oversee supply chain information security risks and vendor assessments.
- Strong experience in policy and standards development.
- Cyber incident response expertise.
- Security architecture knowledge.
- In-depth understanding of ISO27001 controls.
- Experience with Cyber Essentials Plus certification.
- Strong risk management capability.
- Proven ability to communicate with and influence senior stakeholders.
- Audit process management.
- Supplier risk reviews.
- Degree-level education preferred but not essential.
- Minimum 5 years' experience in an information security role.
- CISSP (or equivalent) required.
- C|CISO certification desirable.