Information Security Officer

The Information Security Officer will lead the organisation's cybersecurity strategy and operations, protecting digital assets, data, and infrastructure. This position combines strategic security planning with hands-on implementation of security controls, threat monitoring, and incident response. The role ensures compliance with data protection regulations whilst maintaining robust protection against cyber threats.

Key Responsibilities

• Security Strategy Development - Create and maintain comprehensive information security policies, standards, and procedures aligned with industry frameworks (Cyber Essentials, ISO 27001).
• Risk Management - Conduct regular security risk assessments, vulnerability analyses, and maintain the information security management system (ISMS).
• Threat Detection & Monitoring - Implement and monitor SIEM systems, develop threat intelligence capabilities and threat hunting programmes.
• Incident Response Leadership - Lead response activities for security breaches, conduct forensic analysis, and coordinate with external agencies when required.
• Infrastructure Security - Oversee firewalls, intrusion detection systems, endpoint protection, and identity/access management systems.
• Cloud & Network Security - Ensure secure configuration of cloud services, hybrid environments, and implement encryption standards.
• DevSecOps Integration - Coordinate with DevOps teams to implement secure CI/CD pipelines and development practices.
• Disaster Recovery Planning - Develop and maintain DR/business continuity plans, conduct testing, and manage backup strategies.
• GDPR & Data Protection Compliance - Ensure compliance with GDPR, UK Data Protection Act, conduct Privacy Impact Assessments.
• Third-Party Risk Management - Conduct security due diligence for vendors, manage risk assessments and vendor monitoring.
• Physical Security Coordination - Monitor CCTV systems, coordinate access control, and manage visitor/contractor procedures.
• Security Training & Awareness - Deliver cybersecurity training, conduct phishing simulations, and create security documentation.
• Business Development Support - Provide security expertise for tenders, respond to client security questions, and support pre-sales.
• Budget & Performance Management - Manage security budgets, develop KPIs, and provide cost-benefit analyses for investments.
• Stakeholder Reporting - Prepare security reports for senior management, present to board committees, and manage vendor relationships.

Qualifications and Experience

• Minimum 5 years' experience in cybersecurity, information security, or related field.
• Professional security certification (CISSP, CISM, CISA, or equivalent).
• Understanding of network security, firewalls, and intrusion detection systems.
• Experience with security monitoring tools, SIEM platforms, and incident response.
• Knowledge of cloud security (AWS, Azure, or Google Cloud).
• Understanding of data protection regulations (GDPR, UK DPA 2018).
• Demonstrated experience in security risk assessment and management.

Key Skills and Competencies

Technical Skills

• Proficiency with security tools (firewalls, SIEM, IDS/IPS, endpoint protection).
• Understanding of operating systems security (Windows, Linux, macOS).
• Knowledge of network protocols, encryption, and PKI.
• Experience with cloud security controls and configurations.
• Database security and application security principles.
• Risk assessment and threat modelling methodologies.

Analytical and Communication Skills

• Strong problem-solving and analytical thinking abilities.
• Attention to detail and ability to identify security weaknesses.
• Capability to analyse complex security incidents and data.
• Excellent communication skills for technical and non-technical audiences.
• Ability to present to senior management and board-level stakeholders.
• Project management and vendor relationship management experience.

Don't tick every box? No problem – if you believe your skills and experience would make you a valuable addition to our team, we'd still love to hear from you.

Seniority level

• Seniority levelExecutive

Employment type

• Employment typeFull-time

Job function

• Job functionInformation Technology

Referrals increase your chances of interviewing at Trace Solutions Ltd by 2x

Get notified about new Information Security Officer jobs in Farringdon, England, United Kingdom.

Exeter, England, United Kingdom 1 week ago

East Devon, England, United Kingdom 1 day ago

High Performance Computing (HPC) Systems Administrator

Beer, England, United Kingdom 5 months ago

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

#J-18808-Ljbffr