Information Security Officer

Our client, a leading banking and financial services organisation, is seeking an Information Security Officer to support the ongoing development and management of its Information Security and Cyber Security framework.

The successful candidate will play a key role in cyber risk management, security governance, policy management, audit support, third-party risk assessment, and security operations. Working closely with internal stakeholders, offshore teams, and external service providers, this individual will help ensure the organisation maintains a strong security posture and complies with regulatory and internal security requirements.

• Maintain and monitor information security risk registers, ensuring risks, vulnerabilities, and remediation activities are appropriately tracked.
• Support the delivery of security and risk assessments for new and existing technologies, applications, infrastructure, and third-party suppliers.
• Review, maintain, and update Information Security and Cyber Security policies, standards, and procedures.
• Assist in ensuring security controls are implemented and operating effectively across the organisation.
• Contribute to the continuous improvement of the organisation's cyber security maturity framework.

• Coordinate security assessments, including vulnerability assessments, penetration testing, ethical hacking exercises, and cyber security reviews.
• Support internal audits, external audits, regulatory reviews, and security assurance activities.
• Prepare risk assessment reports, management information, and Key Risk Indicator (KRI) dashboards for senior stakeholders.
• Ensure compliance with relevant Information Security policies, regulatory requirements, and internal governance standards.
• Support the coordination of security governance committees, including documentation and reporting.

• Assist with the management and resolution of information security incidents, ensuring timely investigation, escalation, and closure.
• Liaise with offshore security and technology teams regarding security matters and risk remediation activities.
• Support ongoing monitoring of security controls and risk mitigation programmes.

• Review vendor security questionnaires, due diligence documentation, and security assessments.
• Evaluate risks associated with third-party suppliers and outsourced services.
• Work closely with internal procurement, technology, and business teams to ensure third-party security requirements are met.

• Support the delivery of information security awareness and cyber security training programmes across the business.
• Build effective relationships with business users, technology teams, offshore teams, and external service providers.
• Provide guidance and support to stakeholders on information security best practices and risk management.

• Experience within Information Security, Cyber Security, Technology Risk, or IT Risk Management.
• Good understanding of cyber security principles, risk management, and security governance.
• Knowledge of networking concepts, operating systems, and cloud-based technologies.
• Experience supporting security audits, risk assessments, compliance activities, or security assurance programmes.
• Strong analytical and problem-solving skills.
• Excellent written and verbal communication skills.
• Ability to communicate technical concepts to both technical and non-technical audiences.
• Strong organisational skills with the ability to manage multiple priorities effectively.

• Experience within banking, financial services, or another regulated environment.
• Familiarity with industry standards and frameworks such as ISO 27001, NIST, COBIT, or CIS Controls.
• Exposure to vulnerability management, penetration testing, incident management, or third-party risk assessments.
• Relevant security certifications such as Security+, ISO 27001, CISM, CRISC, CISSP, or equivalent.

• Proactive and eager to learn.
• Strong attention to detail and a methodical approach to problem-solving.
• Able to work independently while collaborating effectively with wider teams.
• Comfortable operating within a regulated and governance-driven environment.
• Flexible and willing to support critical security activities when required.

This is an excellent opportunity to join a well-established financial services organisation and gain broad exposure across cyber security, information security governance, risk management, compliance, and operational security within a highly regulated environment.