Head of Information Security
3-6 Months
Remote
£600-£800pd
THE ROLE
As the Head of Information Security, you will play a crucial role in protecting the company's information assets and ensuring compliance with industry regulations. Your primary objective will be to develop, implement, and manage the company's information security program, including policies, procedures, and controls designed to protect digital files and vital electronic infrastructure. This role involves strategic leadership, risk management, and the implementation of advanced security measures.
Key Responsibilities:
Strategic Leadership:
Develop and implement a comprehensive information security strategy aligned with business goals.
Lead and manage a team of information security professionals.
Risk Management:
Identify, assess, and mitigate information security risks.
Conduct regular security risk assessments and audits.
Policy and Compliance:
Establish and enforce information security policies and procedures.
Ensure compliance with relevant legal and regulatory requirements (e.g., GDPR, ISO 27001).
Incident Response:
Develop and maintain an incident response plan.
Lead the response to information security incidents, including investigation and remediation.
Security Operations:
Oversee the deployment, integration, and initial configuration of all new security solutions.
Monitor security infrastructure and respond to security breaches.
Training and Awareness:
Implement security training programs for employees.
Promote security awareness across the organisation.
KEY SKILLS AND REQUIREMENTS:
Proven experience in a senior information security role, preferably within the retail sector.
Strong knowledge of information security management frameworks (e.g., ISO/IEC 27001, NIST).
Experience with risk management and compliance in a highly regulated environment.
Expertise in developing and implementing security policies and procedures.
Proficient in incident response and crisis management.
Strong leadership skills with the ability to manage and mentor a team.
Excellent communication skills, with the ability to relay complex security issues to non-technical stakeholders.
Relevant certifications such as CISSP, CISM, or CISA are highly desirable.