Information Security Officer

Role - Information Security Officer

Location - SE London

Type - Permanent

Structure - Hybrid

Salary - Open to discussion

About the role and responsabilities for the Information Security Officer role:

A well known brand in the automotive and sports car scene is looking for a Information Security Officer to join them permanently. You will be a key member of a small but growing Information Security Team and assist in the development, enhancement, and management of the organisation's information security Governance, Risk, and Compliance (GRC) function.

• Lead in monitoring and managing compliance programs aligned to security frameworks and regulations such as ISO 27001, PCI DSS, GDPR. Where possible, recognising improvements and encouraging efficiencies and automation to controls, evidence gathering, and processes.
• Support the definition and growth of Security Control Frameworks. Taking a proactive approach to designing, assessing, and maintaining effective security controls across our various business functions.
• Provide expertise in risk management and the identification and assessment of security risks, ensuring they are appropriately reported on (through dashboards, reports, and workshops).
• Create, review, and maintain security policies, standards, and procedures; ensuring they are applied across relevant technology projects, systems, and services.
• Support in managing third party supplier security/compliance assessments, building relationships with key suppliers, and outlining steps for security improvements where appropriate.
• Coordinating internal and external security audits/reviews through delivery, evidence gathering, and reporting.
• Work with stakeholders to support the organisations data governance and security strategy across data discovery, processing, storage, classification, retention, and disposal. Support the implementation and maintenance of security controls for the protection of data.
• Define and monitor security GRC related performance metrics, communicating and presenting updates to Senior stakeholders

Requirements:

• Completed Degree.
• Any form of security certifications (ISO 27001 LI/LA, CISM, CISSP).
• Strong background implementing and managing security and regulatory frameworks including ISO27001, PCI DSS, Cyber Essentials, GDPR/DPA
• A good understanding of IT infrastructure, architecture, and associated information security requirements.
• Have experience in security control design and assurance to assess controls against policies, standards, and good practices.
• Background in security governance of a large supply-chain including security audits/assessments, reporting, and defining and implementing improvement plans.
• Experience in defining and implementing data governance projects within organisations, setting out plans and strategies for data discovery, classification, retention, and disposal.
• Data Classification & Loss Prevention – tools/technologies, data discovery & classification, policies & procedures
• Knowledge of security tools & technologies within a large & complex environment including anti-malware / EDR, SIEM, CASB, DLP, etc.
• Experience in implementing security solutions across growing cloud environments and infrastructure.

This is an ideal role for a GRC Analyst who is looking to take a step up into the InfoSec Officer position and has a few years of experience with proficiency in implementing ISO27001 frameworks.