Information Security Officer
At Westcoast, we take pride in distributing some of the most renowned global IT brands to resellers, retailers, and organizations across the UK and beyond. As an innovative and inclusive company, we thrive on teamwork and the diverse talents of our people. We invite you to turn your passion into a rewarding career with us!
The Job Role
Reporting to the Director of Cyber Security you will work on security consultancy and risk activities with external and internal stakeholders continually improving the risk posture and compliance. Additional you will support a security transformation program playing an essential role in delivering initiatives. We are looking for someone who can shape change and has an experience in GRC, and project consultancy. Our ideal candidate will have a focus on improvement, a passion security and strong technical skills. Experience in managing ISMS frameworks to ISO27001 and Cyber Essentials Plus standards is key to the role.
As an experienced security consultant, you will lead on the security engagements ensuring security risks and vulnerabilities are identified and remediated, an ensure continued security through audit and testing of deployed systems. You will be the subject matter expert on security controls in your realm of authority, authorizing changes as required. This will include maintaining the Information Security Management System policies and procedures.
Using the security tooling and reporting you provide management reporting and meaningful metrics, working towards KPIs linked to the organization's security improvement plan (SIP) and objectives. The role holds the responsibility for delivery of parts of the SIP as it applies to security compliance and consultancy functions. Lastly, the role will develop capabilities in line with continuous improvement and the threat landscape.
Regular travel to UK based offices is required in this role. You must be able to achieve Westcoast security vetting.
Your Day-to-Day Responsibilities Will Include
Skills
To be successful in this role you will have some of the following skills and experience and the desire to develop in other areas:
This is a fantastic opportunity to immerse yourself in the IT industry, build lasting relationships, and grow with a Sunday Times Top Track 100 company.
If you're ready to join a company that values its people and rewards success, click apply to start the quick application process (5-6 mins).
Please note: Due to the high volume of applications, we may not be able to provide individual feedback for every candidate. If you don't hear from us within 14 working days, we've moved forward with other applicants for this role, but we encourage you to explore future opportunities with us.
The Job Role
Reporting to the Director of Cyber Security you will work on security consultancy and risk activities with external and internal stakeholders continually improving the risk posture and compliance. Additional you will support a security transformation program playing an essential role in delivering initiatives. We are looking for someone who can shape change and has an experience in GRC, and project consultancy. Our ideal candidate will have a focus on improvement, a passion security and strong technical skills. Experience in managing ISMS frameworks to ISO27001 and Cyber Essentials Plus standards is key to the role.
As an experienced security consultant, you will lead on the security engagements ensuring security risks and vulnerabilities are identified and remediated, an ensure continued security through audit and testing of deployed systems. You will be the subject matter expert on security controls in your realm of authority, authorizing changes as required. This will include maintaining the Information Security Management System policies and procedures.
Using the security tooling and reporting you provide management reporting and meaningful metrics, working towards KPIs linked to the organization's security improvement plan (SIP) and objectives. The role holds the responsibility for delivery of parts of the SIP as it applies to security compliance and consultancy functions. Lastly, the role will develop capabilities in line with continuous improvement and the threat landscape.
Regular travel to UK based offices is required in this role. You must be able to achieve Westcoast security vetting.
Your Day-to-Day Responsibilities Will Include
- Security assessment and management of Westcoast hosted and cloud infrastructure, networks, endpoints, and applications and data against threat models. Including developing testing and remediation plans with tracking.
- Working with system owners to drive the implementation of identity good practice and in particular single sign on and federated services
- Working with the Technical Design Board on developing security architecture and patterns.
- Stewardship of information security risks working with the Business Assurance team on reporting. Focusing on crown jewel systems ensuring risk posture and cyber resiliency needs.
- Ensuring technical risks form Data Protection Impact Assessments are managed
- Ensure policy exceptions and risks are recorded and managed on risk registers.
- Maintenance and audit of Information Security Management System Policies and Procedures
- Operating a vendor risk management program including surveillance of critical suppliers. This is to also include External Attack Surface reduction activities
- Creation and maintenance of a security awareness program
- Security Reporting providing management reporting and real time dashboards, to provide the security team business and management assurance of the compliance of projects and IT security controls.
- Execution the Security Improvement Plan as it applies to security operations and engineering activities.
- Where requested on contracts - Provide end to end assurance of compliance with existing Information Security policies and standards (attend meetings with customers etc.).
Skills
To be successful in this role you will have some of the following skills and experience and the desire to develop in other areas:
- Minimum of 3 years' experience in a relevant full time security position
- A security professional qualification such as CISSP, CISM, CCSP, CISA, ISO27001 Lead Implementor/Auditor, CEH or equivalent
- Or an equivalent recognized Information Security discipline Degree: NCSC-certified degrees - NCSC.GOV.UK
- Previous experience and knowledge of security frameworks i.e. ISO27001, NIST, CIS Controls and PCI-DSS compliance
- An understanding of HMG security standards (e.g. Security Policy Framework, Cyber Essentials Plus, Cloud security principles etc.).
- Experience of managing Security incident and investigations including APT threat actors
- Experience of working with enterprise level IT and network teams, systems and processes
- Experience of security products, e.g., firewalls, web filtering, anti-virus etc.
- Some knowledge of specialized security tools would be highly desirable (e.g. Palo Alto, Tenable, Defender, Sentinel tools). would be very beneficial
- Cloud Computing experience from multiple vendors (O365, Azure, AWS, Google, etc.)
- Able to prioritise risks and understand technical resolution in order to estimate time required to fix
- Works through and supervise tasks accurately, thoroughly and methodically
- Inquisitive by nature, committed to on-going personal development and increasing security knowledge and capability
This is a fantastic opportunity to immerse yourself in the IT industry, build lasting relationships, and grow with a Sunday Times Top Track 100 company.
- Growth Opportunities: We offer training and development opportunities to help you reach your full potential. Whether it's funded apprenticeships, work-based studies, or professional qualifications, we've got you covered.
- Generous Benefits Package: Enjoy 25 days of holiday, employee referral bonuses, perks and discounts. (Theale only – New fully equipped gym available 24/7).
- Wellbeing Support: Access to Westcoast Wellbeing services including mental health counselling, virtual GP services, physiotherapy, life insurance, eye care schemes, and more.
- Community & Connection: Our teams enjoy social and charitable events throughout the year, fostering a strong sense of belonging.
If you're ready to join a company that values its people and rewards success, click apply to start the quick application process (5-6 mins).
Please note: Due to the high volume of applications, we may not be able to provide individual feedback for every candidate. If you don't hear from us within 14 working days, we've moved forward with other applicants for this role, but we encourage you to explore future opportunities with us.