Role Profile – Information Security Officer

The ideal candidate will already be an experienced information security practitioner, with the knowledge required to drive forward a compliance orientated and risk-focused security agenda in a complex, fast paced environment.


  • Lead on the development of a Group-wide Information Security Management System, aligned with the requirements of ISO27001 and the ISF’s Standard of Good Practice.
  • Implement and maintain an information security policy framework (policy, standards and guidelines), reflective of statutory, regulatory and contractual security requirements.
  • Operate the policy exemption process and manage local variances in accordance with perceived levels of risk.
  • Deliver information security audits to assess the status of information security across the Group.
  • Track and maintain compliance reports and actions needed to achieve compliance against policies, applicable regulations and internal / external findings.
  • Implement and maintain the information risk management framework including risk assessment methodology and templates.
  • Maintain the information risk register consisting of asset, threats and vulnerabilities, including likelihood and impact.
  • Support the delivery of information risk assessments across the Group.
  • Deliver the information security education and awareness programme aligned to PSL requirements and commercial best practice.
  • Create and distribute information security communications, including articles, alert and hot topic information.
  • Coordinate the implementation of information security policies and procedures across the Group.
  • Liaise with the relevant parts of the administration, including Legal, Finance, Facilities and HR.


Knowledge skills & experience

  • Experience of establishing and maintaining an Information Security Management System in a large, complex environment.
  • Proven track record of supporting the development of information security policies which are easily understood, effective and economical to implement.
  • Thorough understanding of security technologies and associated functionality.
  • Demonstrable experience in assessing and managing information security risk in a complex environment.
  • Demonstrable experience in delivering information security training and awareness activities to a diverse range of stakeholders.
  • Thorough understanding of the principles of end-to-end information security.
  • Exhibit excellent analytical skills, the ability to manage multiple projects under strict timelines, as well as the ability to work well in a demanding, dynamic environment and meet overall objectives.
  • High level of personal integrity, as well as the ability to handle confidential matters, and show an appropriate level of judgment and maturity.
  • Excellent written and oral communication skills, interpersonal and collaborative skills, and the ability to communicate information security and risk-related concepts to technical and non-technical audiences.
  • Graduate calibre with appropriate qualifications, such as CISA, CISM, CISSP.


The Person

The ideal candidate will be able to demonstrate the following qualities:

  • Educated to bachelor’s degree level or holds a relevant professional qualification or has a proven level of experience.
  • Aware of the application of automated systems to the support of specific business functions or processes.
  • Interacts with people, establishing relationships and maintaining contacts with people from a variety of backgrounds. Effective and sensitive communicator.
  • Exhibits knowledge of architectural principles for IT infrastructure (hardware, databases, operating systems, local area networks etc).
  • Uses discretion in identifying and resolving complex problems and assignments. Determines when issues should be escalated to a higher level.
  • Interacts with and influences department/project team members. Has working level contact with customers and suppliers. Makes decisions which may impact on the work assigned to individuals or phases of projects.
  • Performs a broad range of work, sometimes complex and non-routine, in a variety of environments. Applies methodical approach to problem definition and resolution.