Information Security Officer

Who are LRQA? LRQA stands for dedication to clients, market firsts, and deep expertise in risk management. We’ve grown to become a leading global assurance provider, bringing together outstanding expertise in certification, customised assurance, cybersecurity, inspection and training. While we’re proud of our heritage, it’s who we are today that really matters, because that’s what shapes who we and our clients can become tomorrow. By staying true to our shared values and combining decades of collective experience, we support our clients in building a safer and more sustainable future. LRQA currently operates across 50 countries, has more than 2,500 colleagues, generates £315m in revenue, and supports more than 60,000 clients across a diverse range of sectors and markets.

Role Purpose: An Information Security Officer (ISO) is required to support LRQA’s global operations, to develop, improve and maintain the organisation's Information Security capability. Working closely with the Global CISO, the role will support the creation, development and implementation of the Information Security strategy and operations. The Information Security Officer will play a crucial role in servicing client requirements relating to information security (including Military, Defence and Critical National Infrastructure) whilst working with stakeholders across the globe to identify, manage and assess information security risks. The ISO will work proactively with Clients, IT Operations, Security Operations, Legal, Procurement, Learning and Delivery Teams to reduce and manage risk, increase awareness and champion adherence to our Information Security processes, policies, and procedures.

Key Responsibilities:

• Developing and maturing our supply chain verification.
• Working with suppliers and clients to ensure our security requirements and those of our clients are being proactively evidenced and managed.
• Manage, maintain, and continually improve LRQA's ISMS.
• Identifying areas for improvement within the ISMS and take ownership of developing and executing plans for their resolution.
• Lead and manage all certification activities related to ISO 27001:2022.
• Ensure that any business changes, acquisitions, or transformations are accounted for within the scope of certification, through proactive risk identification and management with IT assets owners.
• Development and championing all Information Security Policies, Procedures and relevant standards, and produce supporting documentation and training material to ensure organizational compliance.
• Orchestrate continual improvement cycle using the 3 lines of defence to monitor and manage IT risk.
• Advocate for information security and provide guidance on its impact to business operations.
• Work with newly acquired businesses to understand their existing security posture.
• Establish risk monitoring processes and integrate security practices in line with the overall organization’s framework.
• Proactively identify information security deficiencies or opportunities for improvement and facilitate development of pragmatic solutions.
• Work with the DPO to ensure appropriate security is applied to data and provide reports / subject access requests.
• Design and deliver continual education and training to our colleagues to support them in identifying risks in their day-to-day operations, using Phishing Simulations and awareness campaigns.
• Manage the security training, induction and awareness program for staff and volunteers across the organization.
• Provide advisory and consulting support to help the organization improve its security posture and adhere to security policies, expected controls & regulatory requirements.

To conclude, the ISO is expected to keep up to date with the latest cyber security developments, news, market trends, and use this information to support the continual improvement in information security across LRQA Group. The ISO is expected to be highly autonomous, technology astute and able to shape their own learning based on industry trends to aid LRQA in delivering secure solutions to their clients.

The successful candidate should be able to demonstrate the following key skills:

• Strong problem-solving skills with the ability to think strategically.
• Detail-oriented with the ability to manage multiple projects and tasks effectively.
• Ability to drive cultural change and promote security best practices across the organization.
• Experience working in a global, multi-business environment is a plus.

Technical/Professional Qualification requirements:

• Proven experience in Information Security Management and IT risk management.
• In-depth knowledge of ISO27001 to Lead Auditor standard.
• Knowledge of relevant regulations (Data Protection, DORA, NIS2).
• Knowledge of Three Lines of Defence Model and its application.
• Knowledge of vulnerability management and Identity and Access management.
• A recognised IS qualification (e.g. CISA, CISM, CISSP, ISO 27001 Lead Auditor).

Our Values:

• We care about the safety of everyone.
• We respect each other and the wider communities we work in.
• We’re passionate about giving back to society, leaving the world a better place than we found it.
• We care about each other, our customers, and the environment.
• We share our expertise.
• We strive to be the leaders in our profession with unparalleled expertise.
• We’re committed to quality and work together to find the best solution.
• We’re inquisitive and curious and never stop learning to further our knowledge.
• We share our expertise with each other, with our customers and with all of our stakeholders.
• We do the right thing.
• We’re independent and impartial.
• We show integrity in everything we do.
• We’re brave and courageous and we never compromise on standards or safety.
• We do the right thing in every situation.

Diversity and Inclusion at LRQA: We are on a mission to be the place where we all want to work and we are passionate about embracing different perspectives because we understand the value this brings to our business, our clients and each other. We are all about creating a safer and more sustainable future and our inclusive culture is right at the heart of our business. Together our employees make our communities better and we want you to be part of our diverse team!

LRQA is a leading global assurance provider. The integrity and expertise we bring to our partnership with clients support their journey to a safer, more secure and more sustainable future.