Information Security Specialist

Information Security Specialist - £65-75K base + benefits DOE - Leatherhead (hybrid)**

We're looking for an experienced Information Security Specialist to join one of our clients based in Leatherhead on a permanent basis. You will help strengthen their governance, risk and compliance (GRC) capability and help to continually improve their ISO 27001 Information Security Management System (ISMS) taking them through to certification. You'll apply hands‑on expertise across both public and private sector programmes-particularly UK government and construction-so that people, data and projects remain secure, compliant and resilient.

Key responsibilities:

Own and implement our ISMS to achieve ISO 27001K accreditation: Develop, implement and maintain our ISO 27001‑aligned ISMS and attain certification; report on control effectiveness and drive continuous improvement.
Assess and reduce risk: Run regular security risk assessments and gap analyses to identify vulnerabilities in policies, procedures and configurations, and track remediation.
Set clear standards: Create and maintain security policies, procedures and controls tailored to construction and government‑related projects.
Be the go‑to partner: Act as the primary liaison to project teams, Built Asset Security Managers and Information Controllers-especially on UK government contracts.
Verify and assure: Lead audits and reviews to confirm conformance with Wates Professional Standards.
Raise capability: Deliver guidance and training on security best practice and supply‑chain compliance across teams and functions.
Secure our supply chain: Conduct supplier due‑diligence and security assessments, ensuring appropriate third‑party controls.
Keep risk visible: Provide monthly Key Risk Indicator (KRI) reporting to the IT Security Manager.Essential certifications & knowledge

ISO 27001 Lead Implementer or Lead Auditor (mandatory).
Strong GRC background with proven delivery of ISO 27001‑compliant ISMS.
Experience with UK government security requirements and procurement processes.
Understanding of construction‑industry security risks and regulation.
Broad knowledge of security frameworks and best practice.Qualifications

Bachelor's degree in computer science (or related discipline).
One of CISSP / CISM (preferred) / CISA (preferred).
Experience with Power BI is an advantage.Additional details:

This role requires the successful candidate to undergo and be eligible for UK Security Vetting at SC level. Clearance sponsorship will be provided where required. Due to the nature of the work, candidates should meet the relevant residency requirements. If applicable, reserved post nationality restrictions will be confirmed by the client. Damia is committed to inclusive recruitment and welcomes applicants from all backgrounds.

Due to the secure nature of the position and working environment, you must have, or be eligible to obtain Security Clearance.

Damia Group Limited acts as an employment agency for permanent recruitment and employment business for the supply of temporary workers. By applying for this job you accept our Data Protection Policy which can be found on our website.

Please note that no terminology in this advert is intended to discriminate on the grounds of a person's gender, marital status, race, religion, colour, age, disability or sexual orientation. Every candidate will be assessed only in accordance with their merits, qualifications and ability to perform the duties of the job.

Damia Group is acting as an Employment Business in relation to this vacancy and in accordance to Conduct Regulations 2003