At a Glance
- Tasks: Lead and manage our Information Security Management System while ensuring compliance and security.
- Company: Dynamic organisation focused on innovative security solutions and collaborative culture.
- Benefits: Competitive salary, hybrid working model, and opportunities for professional growth.
- Other info: Engage with cutting-edge technologies and diverse business stakeholders.
- Why this job: Shape the future of security strategy and make a real impact in a forward-thinking environment.
- Qualifications: Experience in information security, cybersecurity strategy, and policy development.
The predicted salary is between 65000 - 65000 £ per year.
We are seeking an experienced Information Security Manager to oversee and manage our Information Security Management System (ISMS). Reporting to the ISMS sponsors, you will drive continuous improvement, ensuring ongoing compliance and readiness for surveillance audits and recertification. This is a pivotal role combining governance, architecture, risk management, and stakeholder engagement, with the opportunity to shape and influence the organisation's security posture.
Key Areas of Responsibility
- Manage and operate the ISMS framework, including developing and maintaining information security policies, standards, and procedures.
- Advise management and project teams to ensure security standards and procedures align with organisational policies.
- Ensure all employees are aware of their responsibilities regarding information security.
- Develop and deliver information security training, education, and awareness programmes.
- Design and maintain current and future state security architectures.
- Support application and platform design to ensure compliance with cybersecurity best practices.
- Develop IT control procedures and contribute to the evolution of security policies.
- Create frameworks to support engineering teams in delivering secure solutions.
- Act as the incident owner and decision-maker for cybersecurity incidents, leading response and escalation activities.
- Define security requirements for new applications, systems, and services.
- Monitor the external threat landscape and advise on emerging risks and mitigation strategies.
- Manage relationships with cybersecurity partners and industry bodies to enhance organisational capability.
Additional Responsibilities
- Act as an internal subject matter expert, supporting customer and prospect queries, including completion of security questionnaires.
- Conduct security and risk assessments across systems and services.
- Perform internal audits and continuously review the effectiveness of policies and controls.
- Prepare reports for the Audit & Risk Management Committee (including ISMS risks, audits, and incidents).
- Ensure compliance with information security and data privacy policies.
- Undertake Data Protection Officer (DPO) responsibilities, including policy maintenance, compliance, and training.
Skills & Knowledge
- Strong technical and architectural understanding of IT security, including networks, operating systems, firewalls, VPNs, databases, cryptography, IDS/IPS, and access management.
- Knowledge of penetration testing methodologies.
- Familiarity with information security frameworks such as ISO 27001 and PCI DSS.
- Experience working with AWS and/or Microsoft Azure cloud environments.
- Up-to-date knowledge of security best practices for cloud and modern architectures.
Experience Required
- Proven commercial experience in information security and cybersecurity strategy.
- Demonstrable experience developing, implementing, and maintaining security policies and procedures.
- Track record of delivering training and embedding security practices across organisations.
What's on Offer
- Salary up to £65,000.
- Hybrid working model (Witney-based with flexibility).
- Opportunity to lead and shape security strategy.
- Exposure to a broad range of technologies and business stakeholders.
- Collaborative and forward-thinking environment.
Information Security Officer & Data Protection Officer in Witney employer: Webexpenses
Join a forward-thinking organisation in Witney as an Information Security Officer & Data Protection Officer, where you will play a crucial role in shaping the security strategy and ensuring compliance within a collaborative work culture. With a competitive salary of up to £65,000 and a hybrid working model, you will have the opportunity to grow your skills while working with a diverse range of technologies and stakeholders, making a meaningful impact on the organisation's security posture.
StudySmarter Expert Advice🤫
We think this is how you could land Information Security Officer & Data Protection Officer in Witney
✨Tip Number 1
Network like a pro! Reach out to folks in the industry on LinkedIn or at local meetups. You never know who might have the inside scoop on job openings or can put in a good word for you.
✨Tip Number 2
Prepare for interviews by researching the company and its security practices. Show them you’re not just another candidate; you’re genuinely interested in their mission and how you can contribute to their security posture.
✨Tip Number 3
Practice your responses to common interview questions, especially those related to information security scenarios. We want you to feel confident and ready to showcase your expertise when it counts!
✨Tip Number 4
Don’t forget to apply through our website! It’s the best way to ensure your application gets seen by the right people. Plus, we love seeing candidates who are proactive about their job search.
We think you need these skills to ace Information Security Officer & Data Protection Officer in Witney
Some tips for your application 🫡
Tailor Your CV:Make sure your CV is tailored to the Information Security Officer & Data Protection Officer role. Highlight your experience with ISMS, security policies, and any relevant certifications. We want to see how your skills align with what we're looking for!
Craft a Compelling Cover Letter:Your cover letter is your chance to shine! Use it to explain why you're passionate about information security and how your background makes you a perfect fit for our team. Don’t forget to mention specific projects or achievements that relate to the job description.
Showcase Your Technical Skills:We’re looking for someone with strong technical knowledge in IT security. Be sure to include any experience you have with networks, firewalls, and cloud environments like AWS or Azure. This will help us see your expertise right away!
Apply Through Our Website:We encourage you to apply through our website for the best chance of getting noticed. It’s super easy, and you’ll be able to upload your CV and cover letter directly. Plus, it helps us keep everything organised!
How to prepare for a job interview at Webexpenses
✨Know Your Stuff
Make sure you brush up on your knowledge of information security frameworks like ISO 27001 and PCI DSS. Be ready to discuss how you've implemented these in past roles, as well as your understanding of current security best practices, especially in cloud environments like AWS and Azure.
✨Showcase Your Experience
Prepare specific examples from your previous roles where you've developed and maintained security policies or led training programmes. Use the STAR method (Situation, Task, Action, Result) to structure your answers and highlight your achievements.
✨Engage with Stakeholders
Since this role involves a lot of stakeholder engagement, think about how you've successfully communicated security standards to non-technical teams. Be ready to share strategies you've used to ensure everyone understands their responsibilities regarding information security.
✨Stay Current
Keep an eye on the latest trends in cybersecurity and be prepared to discuss emerging risks and mitigation strategies. Showing that you're proactive about staying informed will demonstrate your commitment to continuous improvement in the field.
