Information Security Officer

Information Security Officer
This is an exciting opportunity for an experienced Information Security professional to join as our Information Security Officer (ISO). The role holder will be responsible for driving our compliance and assurance capabilities that range from our internal data protection and Information Security requirements and those driven through our independent certification to industry frameworks (such as ISO 27001 etc), to our customer specified security requirements. The role holder will be responsible for driving our compliance capabilities and our assurance internally and with our supply chain. Supporting the maintenance of our suite of security policies, standards, processes, procedures and guidance will be integral to the role.
Key Responsibilities

• Provide advice and guidance concerning data protection and Information Security
• Develop and deliver training and awareness materials and communications concerning data protection and Information Security
• Support the completion, review and maintenance of Data Protection Impact Assessments
• Support Information Security Risk Assessments and associated Risk Treatment activities
• Engage with customers and other external bodies
• Conduct maturity assessments of security capabilities and controls
• Develop plans to implement, develop and enforce security requirements
• Develop and maintain assurance function and capabilities incorporating risk management
• Support the maintenance of security policies, standards, processes, procedures and guidance
• Lead customer engagements and internal workshops
• Provide advice and guidance as our authority and SME on GRC related matters
• Conduct Internal Audits
• Engage, support, and facilitate any compliance and external audit requirements
• Support business development initiatives
• Participate in security investigations as needed

What you\'ll need to succeed

• At least 3 years previous experience in a data protection / GRC / Information Security assurance role
• A relevant professional certification such as: CISM, CRISC, CISA etc.
• A good understanding of the UK-GDPR, DPA'18, ISO 27001 and associated security controls (technical, procedural, personnel and physical)
• Excellent communication skills, both written and verbal
• Excellent analytical and problem-solving skills
• An effective decision maker, who utilises evidence, available data and personal knowledge to provide clear, accurate and professional decisions
• Ability to prioritise workload and work well under pressure to meet deadlines and manage business expectations
• Effective influencing and negotiation skills
• Understanding and experience of business and technical Information Security concepts including risk management, defence in depth, and accreditation demands
• Practical experience of ISO 27001 and Cyber Essentials.

Demonstratable commitment to ongoing professional development.
What you\'ll get in return
Hybrid Work - Warrington (3 days on-site per week).
Salary of up to £45000 per annum.
Benefit list on request.
If you\'re interested in this role, click \'apply now\' to forward an up-to-date copy of your CV, or call us now.
If this job isn\'t quite right for you, but you are looking for a new position, please contact us for a confidential discussion on your career.

Hays Specialist Recruitment Limited acts as an employment agency for permanent recruitment and employment business for the supply of temporary workers. By applying for this job you accept the T&C's, Privacy Policy and Disclaimers which can be found at hays.co.uk