Find a job 
Featured Companies 
Featured Universities 
For Companies At a Glance
- Tasks: Lead InfoSec initiatives, develop risk management processes, and enhance compliance frameworks.
- Company: Join a local private sector organisation focused on improving IT security practices.
- Benefits: Enjoy a competitive salary, hybrid work options, 28 days leave, and industry-leading training.
- Why this job: Make a real impact in InfoSec while enjoying autonomy and a supportive work culture.
- Qualifications: Experience in a similar role is essential; certifications like CRISC or CISA are a plus.
- Other info: This role offers flexibility with on-site work in Cardiff, but cannot be fully remote.
The predicted salary is between 50000 - 55000 £ per year.
You will play a key role at a local private sector organisation, who are looking to recruit an Information Security Officer on a permanent basis. This role is crucial for ensuring IT operations align with regulatory standards and organisational goals. Key areas will include strategic planning, incident response and integrating compliance frameworks (e.g. GDPR, ISO 27001) to protect critical systems.
You will act as the Information Security SME on all things GRC and InfoSec. This role is crucial to the company's plans to improve and mature the InfoSec practices within the organisation, and they are looking for someone to come in with ideas and expertise on how to improve and protect their IT and InfoSec estate. You will be responsible for developing risk management processes, crisis plans and vendor oversight, whilst collaborating with stakeholders to implement security measures and enhance compliance. You will have a good level of autonomy and will be the owner of the GRC elements for the organisation.
- Risk & Compliance: Develop IT risk frameworks, perform assessments, and ensure regulatory compliance.
- Incident Response: Maintain an Incident Response Plan and coordinate rapid incident resolution (e.g., cybersecurity breaches, data loss).
- Vendor Risk: Establish a Vendor Risk Management program to assess third-party compliance.
- Security Leadership: Oversee security measures, incident responses, and network security enhancements, including Fortinet solutions.
You will need to have performed a similar role previously. This could be a good fit for someone who has worked in a larger organisation, who is looking to take ownership of InfoSec policies and procedures, or someone who’s currently leading in a similar role but would like a new challenge or environment.
Certifications such as CRISC, CISA, CISM, ISO 27001 Lead Auditor, or equivalent will be beneficial, but not essential. However, the experience of having performed a similar role will be essential. Strong knowledge of regulatory requirements (e.g. GDPR, ISO 27001, Data Protection Act 2018), including Data Protection Impact Assessments (DPIAs) and familiarity with frameworks such as Cyber Essentials or ISO 27005. Proficiency with MS 365, Intune, VMWare and Fortinet technologies.
As well as strong autonomy and the support needed to make a difference in the role, you will get an annual salary of £50,000 - £55,000. The role will be on a hybrid basis, with it most likely being 3 days on site in Cardiff, but this could be flexible. However, it cannot be fully remote, nor can the company offer sponsorship.
28 days annual leave + bank holidays. Industry-leading training Employee Assistance Program - free 24/7 confidential helpline (domestic, financial, legal, health support etc) High street retail discount scheme.
If you’re interested in this role, click 'apply now' to forward an up-to-date copy of your CV. If this job isn’t quite right for you, but you are looking for a new position, please contact us for a confidential discussion about your career.
Information Security Officer employer: Hays
Contact Detail:
Hays Recruiting Team
StudySmarter Expert Advice 🤫
We think this is how you could land Information Security Officer
✨Tip Number 1
Familiarise yourself with the specific compliance frameworks mentioned in the job description, such as GDPR and ISO 27001. Being able to discuss these frameworks in detail during your interview will demonstrate your expertise and readiness for the role.
✨Tip Number 2
Showcase your experience with incident response and risk management processes. Prepare examples of how you've successfully handled security incidents or developed risk frameworks in previous roles, as this will highlight your practical knowledge and problem-solving skills.
✨Tip Number 3
Network with professionals in the information security field, especially those who have experience in GRC roles. Engaging with industry groups or attending relevant events can provide insights and connections that may help you stand out during the application process.
✨Tip Number 4
Research the company’s current InfoSec practices and any recent news related to their security measures. This knowledge will allow you to tailor your discussions during interviews, showing that you're genuinely interested in contributing to their security goals.
We think you need these skills to ace Information Security Officer
Some tips for your application 🫡
Tailor Your CV: Make sure your CV highlights relevant experience in information security, particularly in GRC (Governance, Risk, and Compliance). Emphasise any previous roles where you developed risk management processes or incident response plans.
Craft a Strong Cover Letter: Write a cover letter that showcases your expertise in regulatory compliance frameworks like GDPR and ISO 27001. Mention specific examples of how you've improved InfoSec practices in past roles to demonstrate your capability.
Highlight Relevant Certifications: If you have certifications such as CRISC, CISA, or CISM, make sure to include them prominently in your application. Even if they are not essential, they can set you apart from other candidates.
Showcase Technical Proficiency: Mention your proficiency with technologies like MS 365, Intune, VMWare, and Fortinet. Providing specific examples of how you've used these tools in your previous roles can strengthen your application.
How to prepare for a job interview at Hays
✨Showcase Your Expertise in GRC
Make sure to highlight your experience with Governance, Risk, and Compliance (GRC) frameworks during the interview. Be prepared to discuss specific examples of how you've developed risk management processes or integrated compliance frameworks like GDPR and ISO 27001 in your previous roles.
✨Demonstrate Incident Response Knowledge
Since incident response is a key part of the role, be ready to talk about your experience in maintaining an Incident Response Plan. Share any relevant incidents you've managed, detailing how you coordinated rapid resolutions and what lessons were learned.
✨Discuss Vendor Risk Management
The company is looking for someone to establish a Vendor Risk Management program. Prepare to discuss your approach to assessing third-party compliance and any frameworks you've used to ensure vendor security aligns with organisational standards.
✨Familiarise Yourself with Relevant Technologies
Brush up on your knowledge of technologies mentioned in the job description, such as MS 365, Intune, VMWare, and Fortinet solutions. Being able to speak confidently about these tools will demonstrate your technical proficiency and readiness for the role.
