Information Security Officer

Information Security Officer

  • Location

    London, England

  • Sector:

    Cyber Security & IT Risk

  • Job type:


  • Salary:


  • Contact:

    Andrew Nitek

  • Contact email:


  • Job ref:


  • Consultant:


Hugely exciting opportunity to join a well established central London based end user in a greenfield role. The successful canidate will play a key role in defining the organisation's information security posture, from both a strategic and technical perspective.

On a day to day basis the role will involve:

  • Oversee, evaluate, and support the documentation, validation and assessment of Information Security Management System (ISMS) processes necessary to assure that existing and new information and information processing systems meet the organisation's cybersecurity and risk requirements.
  • Ensure that the appropriate treatment of risk, compliance, and assurance is followed from both internal and external perspectives
  • Conduct comprehensive assessments of the management, operational, and technical security controls and control enhancements deployed within or inherited by an information and information processing systems, advising and assisting the Infrastructure Services team to prioritise corrective actions
  • Manage the agenda of the Information Security Steering Committee (a new function)
  • Manage the internal audit plan leading to Cyber Essentials Plus certification with a view to a future ISO27001 certification
  • Lead, coordinate, communicate, integrate, and be accountable for the overall success of the risk management program, ensuring alignment with agency or enterprise priorities
  • Works with stakeholders when required to ensure compliance with GDPR requirements and provides IT information and assistance as necessary
  • Monitors compliance with security policies, standards, guidelines and procedures
  • Reviews risk assessments, analyses the effectiveness of information security control activities, and reports on them with actionable recommendations
  • Assesses threats and vulnerabilities regarding information assets and recommends the appropriate information security controls and measures
  • Coordinates the development of information security disaster recovery test plans, testing, and documentation for each application
  • Leads and responds to security incidents and investigations, targets reviews of suspect areas
  • Produces regular (monthly) reporting on Cyber Security events to highlight trends and effectiveness of threat prevention in place
  • Leads and reviews application security risk assessments for new or updated internal or third-party applications

The requirements :



  • Knowledge of NIST family of standards
  • Knowledge of applicable business processes and operations of customer organizations
  • Knowledge of the specific operational impacts of cybersecurity lapses
  • Practical experience of applying ISO 27001 controls in anoperational environment
  • Formal education or qualifications in Information Security preferred (e.g. CISSP)
  • Able to maintain awareness of the cyber security market place and of improvements in technology that will support opportunities for the stakeholders to take advantage of these


  • Broad understanding, hands on experience and evidence of working in the IT Industry and within the IT security compliance and governance agenda
  • Good infrastructure framework experience e.g. HyperV, client and server operating systems, application, desktop and server virtualisation, storage, networking, software and hardware upgrades, database, systems management
  • Working successfully with colleagues and 3rd parties to evangelise good cyber defence practices
  • Significant experience in developing, documenting, planning and implementing information security architectures and roadmaps and ensuring effective compliance by all staff
  • Providing professional consultancy, advice and designs for new requirements, impact assessments, technical queries, in a cyber security setting
  • Experience in writing and presenting reports for and to a variety of purposes and audiences


  • Demonstrable knowledge and previous work experience of managing cyber and risk processes (e.g., methods for assessing and mitigating risk)
  • Demonstrable knowledge and previous work experience of Cyber Essential Plus framework and the ISO 27000 family of standards
  • Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy
  • Proficiency in developing and applying ISO 27001 standards in an operational infrastructure environment
  • Ability to communicate complex information, concepts, or ideas in a confident and well organised manner using 'plain' non-technical language