At a Glance
- Tasks: Lead the charge in safeguarding our digital assets and managing cybersecurity policies.
- Company: Join Once For All, a fast-growing SaaS company revolutionising supply chain governance.
- Benefits: Enjoy perks like private medical insurance, wellness funds, and 25 days holiday plus bank holidays.
- Other info: Opportunity for continuous professional development and a vibrant office culture.
- Why this job: Be part of a dynamic team making a real impact in cybersecurity across various sectors.
- Qualifications: 3+ years in cybersecurity, with experience in policy development and risk management required.
The predicted salary is between 36000 - 60000 Β£ per year.
Once For All is a high-growth, cloud-based, SaaS subscription business. Our technology helps our customers to manage their supply chain governance, risk management and compliance. We work across public and private sector and have over 250k customers across the UK across 20 different sectors including construction, transport, retail, hospitality education, facility and property management, manufacturing, local and central government.
Role Summary :
The Information Security Officer is responsible for implementing, maintaining, and overseeing information security andcybersecurity policies, procedures, and controls to protect the organization\'s digital assets. They work closely with the CISO,Legal, Compliance, technical and business teams to ensure proactive protection against cyber threats, regulatory compliance,risk management and response to security incidents.
The role will build relationships with departments to ensure identification and continuous progression of security threats in ourfast-paced SaaS technology business. This role blends operational security, threat intelligence, and user education to support a
robust security posture across the organisation.
Job Responsibilities:
β’ Develop, integrate, maintain, and establish information security policies, standards, and procedures or guidelines acrossthe organisation.
β’ Development of new organizational processes within the organization.
β’ Ensure the organization\'s internal regulatory compliance.
β’ Monitor compliance with regulations such as ISO27001, NIST, NIS2, SOC2, ENS, or ANSSI.
β’ Maintenance of Information Security KPIs for the maintenance of existing certifications.
β’ Analysis and management of the authorization of HR, IT, TECH and business processes.
β’ Identify and manage potential risks and threats.
β’ Deliver Information Security and Cybersecurity project management.
β’ Monitor and manage digital access controls across cloud platforms, internal systems, and third-party tools.
β’ Assist in the detection, investigation, and response to security incidents, including unauthorized access, phishingattempts, and data anomalies.
β’ Collaborate with cybersecurity teams and other third parties to analyse threat intelligence feeds and proactively identifyemerging risks.
β’ Participate in vulnerability assessments and support external/internal penetration testing efforts.
β’ Conduct regular audits of user permissions, authentication logs, and endpoint security compliance.
β’ Develop and deliver security awareness training programs for employees, including social engineeringsimulations and best practices.
β’ Maintain detailed records of incidents, access violations, and remediation actions.
β’ Perform risk assessments, policy reviews and development, and continuous improvement of security operations.
Cybersecurity Management:
β’ Supervise technological security measures including SIEM, DLP, IDS/IPS, Firewall, WAF, cryptological mechanisms, EDRβ¦
β’ Analyse security alerts and conduct technical incident investigations.
β’ Run and monitor vulnerability tests and periodic scans of key assets
β’ Collaborate on managing security patches and updates with Internal IT, CloudOps and Engineering teams
β’ Document technical findings and generate reports for IT, tech, security, and compliance teams.
β’ Automate security tasks using scripting.
β’ To choose and advise on the purchase of security and IT technology solutions that meet the regulatory criteria ofEuropean laws.
Crisis Management and Incident Response:
β’ Coordinate response to cybersecurity incidents.
β’ Collaborate with business departments to identify key assets and build and test contingency plans to ensure they can be
executed effectively.
Security Assessments and Risk Management:
β’ Carry out periodic risk assessments in the organization based on international methodologies.
β’ Identify vulnerabilities and implement security measures to mitigate risk.
β’ Conduct information security audits and monitor compliance with security standards, laws, and regulations.
β’ Collaborate with Internal Compliance team to undertake internal and external information security audits.
Support for Sales processes and suppliers:
β’ Review contract information security clauses and customer annexes.
β’ Management, governance and security approval of suppliers.
β’ Creation and Management of a security knowledge base to provide quick answers to Customer questionnaires andqueries.
Training and awareness:
β’ Deliver Cyber Security employee training and awareness content
β’ Ensure the correct level of employee awareness by conducting continuous assessments.
Candidate Requirements:
β Minimum of 3 years in a similar cybersecurity role.
β Experience of developing and implementing security policies and procedures to meet ISO and other standards.
β Experience in protecting confidential and sensitive information.
β Working knowledge of networks, operating systems, firewalls, proxies, EDR, SIEM, Cryptology and AI.
β Experience in crisis management and incident response.
β Up-to-date knowledge of emerging security trends and technologies.
β Ability to develop and integrate contingency plans.
β Experience in Cybersecurity risk assessment and management.
β Knowledge of security audits and supervision in accordance with European and International regulations.
β Proven experience of protecting SaaS environments.
β Proven skills in analysis and teamwork.
β Ability to speak English (C1) and French (B2).
β Ability to speak Spanish to C1 level desired.
β Ability to communicate clearly with technical and non-technical stakeholders at all levels of the business.
β Experience supporting SOC 2,NIS2, ISO 27001, or GDPR compliance programs.
β Knowledge of SaaS architecture and cloud platforms (e.g., AWS, Azure, GCP).
β Familiarity with penetration testing methodologies and remediation workflows.
β Passion for educating others and promoting a security-first culture.
β Discreet and ethical approach to handling sensitive information.
β Proactive mindset with a passion for continuous improvement in security practices.
β May require occasional availability during out of hours support for incident response.
What we offer:
As well as a career in a fast paced environment within a expanding business, we also offer the below benefits as standard:
- Wellness fund or *Private Medical Insurance (dependent upon role)
- Pension
- Life Assurance x 3
- 25 days holiday plus 8 Bank Holidays
- Ongoing continual professional development (CPD)
- Holiday purchase Scheme up to 5 days
- 1 paid and 1 unpaid volunteering day
- 24/7 and365 Days Employee Assistance Programme
- Team and company offsite events
- Headspace β mindfulness and meditation app
- Specsavers eye care voucher
- Free Tea, Coffee and fruit every week β Basingstoke office
Information Security Officer UK Head Office - Basingstoke Β· employer: Once For All Limited
Once For All is an exceptional employer, offering a dynamic work environment in Basingstoke that fosters professional growth and innovation in the fast-evolving SaaS sector. Employees benefit from a comprehensive wellness fund, private medical insurance, and generous holiday allowances, alongside opportunities for continuous professional development and team-building events. With a strong emphasis on a security-first culture, the company encourages collaboration and proactive engagement, making it an ideal place for those passionate about cybersecurity and making a meaningful impact.
StudySmarter Expert Adviceπ€«
We think this is how you could land Information Security Officer UK Head Office - Basingstoke Β·
β¨Tip Number 1
Familiarise yourself with the specific cybersecurity frameworks mentioned in the job description, such as ISO27001 and NIST. Understanding these standards will not only help you in interviews but also demonstrate your commitment to compliance and security best practices.
β¨Tip Number 2
Network with professionals in the cybersecurity field, especially those who have experience in SaaS environments. Engaging with industry peers can provide insights into the role and may even lead to referrals or recommendations.
β¨Tip Number 3
Stay updated on the latest trends and technologies in cybersecurity. Being knowledgeable about emerging threats and solutions will position you as a proactive candidate who is ready to tackle the challenges of the role.
β¨Tip Number 4
Prepare to discuss your experience with incident response and crisis management in detail. Be ready to share specific examples of how you've handled security incidents in the past, as this will showcase your practical skills and readiness for the role.
We think you need these skills to ace Information Security Officer UK Head Office - Basingstoke Β·
Some tips for your application π«‘
Tailor Your CV:Make sure your CV highlights relevant experience in cybersecurity, particularly in developing and implementing security policies. Use keywords from the job description to demonstrate your fit for the role.
Craft a Compelling Cover Letter:Write a cover letter that showcases your passion for information security and your understanding of the SaaS environment. Mention specific experiences that align with the responsibilities outlined in the job description.
Highlight Relevant Certifications:If you have certifications related to ISO27001, NIST, or SOC2, be sure to mention them prominently. This will show your commitment to maintaining high standards in information security.
Showcase Soft Skills:In addition to technical skills, emphasise your ability to communicate effectively with both technical and non-technical stakeholders. Provide examples of how you've successfully collaborated with teams in previous roles.
How to prepare for a job interview at Once For All Limited
β¨Understand the Role and Responsibilities
Make sure you thoroughly understand the job description and responsibilities of the Information Security Officer. Familiarise yourself with key terms like ISO27001, NIST, and SOC2, as well as the specific security measures mentioned. This will help you demonstrate your knowledge and show that you're genuinely interested in the role.
β¨Prepare for Technical Questions
Expect to be asked technical questions related to cybersecurity practices, risk management, and incident response. Brush up on your knowledge of networks, operating systems, and cloud platforms like AWS or Azure. Being able to discuss your experience with these technologies will set you apart from other candidates.
β¨Showcase Your Soft Skills
While technical skills are crucial, don't forget to highlight your soft skills. The role requires collaboration with various departments, so be prepared to discuss how you've effectively communicated with both technical and non-technical stakeholders in the past. Examples of teamwork and leadership can make a strong impression.
β¨Demonstrate a Proactive Mindset
The company values a proactive approach to security. Be ready to share examples of how you've identified potential risks and implemented measures to mitigate them. Discuss any initiatives you've taken to improve security practices or educate others about cybersecurity, as this aligns with the company's focus on promoting a security-first culture.
