Find a job 
Featured Companies 
Featured Universities 
For Companies At a Glance
- Tasks: Enhance our security and compliance by coordinating activities and managing third-party risks.
- Company: Join a forward-thinking organisation committed to security excellence and inclusivity.
- Benefits: Flexible working, competitive salary, and opportunities for professional growth.
- Other info: We embrace diversity and support career returners in a dynamic work environment.
- Why this job: Make a real difference in organisational security while collaborating with diverse teams.
- Qualifications: 3-5 years in information security or compliance, with strong communication skills.
The predicted salary is between 50000 - 65000 £ per year.
We are seeking an Information Security & Compliance Officer to support and strengthen our organisation’s security and compliance posture. This role is responsible for coordinating security activities across the business, supporting compliance initiatives, managing third‑party risk, and acting as the internal liaison with our outsourced Security Operations Centre (SOC) and Virtual CISO. The successful candidate will help implement security governance, risk management, and compliance frameworks while ensuring security best practices are embedded across the organisation. This role is ideal for someone with experience in security operations, governance, risk, and compliance (GRC) who enjoys working across teams to improve organisational security maturity.
Key Responsibilities
- Security Operations Oversight
- Act as the primary internal liaison with the outsourced SOC provider
- Monitor and coordinate responses to alerts generated through Microsoft Sentinel and Microsoft Defender
- Support incident response coordination and internal communications
- Track remediation of security vulnerabilities and incidents
- Governance, Risk & Compliance
- Support the implementation and maintenance of security frameworks such as:
- ISO 27001
- Cyber Essentials Plus
- NIST / CIS frameworks
- Maintain and develop security policies, standards, and procedures
- Conduct risk assessments and track remediation actions
- Coordinate internal and external security audits
- Coordinate with other governance teams to ensure alignment around key initiatives
- Lead the rollout and ongoing management of a Third Party Risk Management programme
- Perform vendor security assessments and due diligence
- Maintain vendor risk registers and track remediation activities
- Work with procurement and legal teams to embed security requirements into supplier onboarding
- Support security awareness and training initiatives across the organisation
- Work with IT and engineering teams to ensure security best practices are followed
- Maintain risk registers and compliance documentation
- Provide reporting and metrics on security posture to leadership
- Support compliance initiatives and security improvement programmes
- Work with the virtual CISO to implement strategic security improvements
- Assist with policy development and control implementation
- Help coordinate vulnerability management and remediation programmes
- Provide input into client security questionnaires and audits where appropriate
About You
Skills & Experience
- 3–5 years experience in information security, IT security, or compliance
- Understanding of security governance, risk, and compliance (GRC)
- Experience with Microsoft security tooling (Sentinel, Defender, or Microsoft Security stack)
- Familiarity with security frameworks (ISO 27001, NIST, CIS, Cyber Essentials)
- Experience working with third‑party vendors or supplier risk assessments
- Strong communication and stakeholder management skills
- Ability to translate security requirements into practical business processes
Desirable
- Experience working with outsourced SOC providers
- Knowledge of Third Party Risk Management (TPRM) programmes
- Experience supporting ISO 27001 certification or audits
- Certifications such as:
- ISO 27001 Lead Implementer / Lead Auditor
- CISSP
- CISM
- Security+
Key Competencies
- Strong organisational and documentation skills
- Ability to manage multiple compliance initiatives simultaneously
- Analytical thinking and risk assessment capability
- Collaborative approach to working across technical and non‑technical teams
- Proactive mindset with a focus on continuous improvement
What Success Looks Like
- Establish a structured Third Party Risk Management programme
- Improve visibility and reporting of security risks
- Strengthen security governance processes
- Develop ISO 27001 implementation roadmap and compliance processes to ensure group compliance can evolve to a recognised standard within the next 12‑18 months.
- Improve collaboration between internal teams, the SOC provider, and the virtual CISO
Equal Opportunity
We value diverse talent and welcome applications from everyone – regardless of background. We are an equal opportunity employer and our inclusive culture at PEI is reflected in every stage of the recruitment journey. Please inform us at initial stages of the recruitment process if you require any reasonable adjustments and we can accommodate this. PEI supports flexible working arrangements, and we welcome career returners.
Information Security & Compliance Officer employer: PEI Group
Contact Detail:
PEI Group Recruiting Team
StudySmarter Expert Advice 🤫
We think this is how you could land Information Security & Compliance Officer
✨Tip Number 1
Network like a pro! Reach out to folks in the industry, attend events, and connect with people on LinkedIn. You never know who might have the inside scoop on job openings or can put in a good word for you.
✨Tip Number 2
Prepare for interviews by researching the company and its security practices. Show us that you understand their needs and how your experience aligns with their goals. Tailor your responses to highlight your skills in GRC and third-party risk management.
✨Tip Number 3
Practice makes perfect! Conduct mock interviews with friends or mentors to refine your answers and boost your confidence. Focus on articulating your experience with Microsoft security tools and frameworks like ISO 27001.
✨Tip Number 4
Don’t forget to apply through our website! It’s the best way to ensure your application gets noticed. Plus, we love seeing candidates who are genuinely interested in joining our team.
We think you need these skills to ace Information Security & Compliance Officer
Some tips for your application 🫡
Tailor Your CV: Make sure your CV is tailored to the Information Security & Compliance Officer role. Highlight your experience in security operations, governance, risk, and compliance (GRC) to show us you’re the right fit for the job.
Craft a Compelling Cover Letter: Your cover letter should tell us why you’re passionate about security and compliance. Share specific examples of how you've improved security processes or managed risks in previous roles to grab our attention.
Showcase Relevant Skills: Don’t forget to showcase your skills with Microsoft security tools like Sentinel and Defender. We want to see how your technical expertise aligns with our needs, so be sure to mention any relevant certifications too!
Apply Through Our Website: We encourage you to apply through our website for a smoother application process. It helps us keep track of your application and ensures you don’t miss out on any important updates from us!
How to prepare for a job interview at PEI Group
✨Know Your Security Frameworks
Make sure you’re well-versed in the security frameworks mentioned in the job description, like ISO 27001 and NIST. Brush up on how these frameworks apply to real-world scenarios, as you might be asked to discuss how you would implement or maintain them.
✨Showcase Your Communication Skills
As this role involves liaising with various teams and external vendors, practice articulating complex security concepts in simple terms. Prepare examples of how you've successfully communicated security requirements to non-technical stakeholders in the past.
✨Prepare for Scenario-Based Questions
Expect questions that ask you to solve hypothetical security incidents or compliance challenges. Think through your past experiences and be ready to explain your thought process and the steps you would take to address these situations.
✨Demonstrate a Proactive Mindset
Highlight instances where you took the initiative to improve security processes or compliance measures. Discuss any projects where you led efforts to enhance security governance or risk management, showing that you’re not just reactive but also proactive in your approach.