Accessibility
Home
Jobs
Upload CV
Find Talent
Careers
Head of Information Security
Head of Information Security required for online retail business. The role will initially be focused on ISO27001 & ISO9001 recertifications.
Responsibilities
- Lead on information security strategy and implementation of security roadmap
- Develop security KPIs and track their progress
- Advise senior management on risk levels and any changes impacting security posture, including emerging threats
- Create, maintain, and implement information security policies
- Continuously validate the firm against policies and procedures to ensure compliance against ISO 27001, ISO 9001, Cyber Essentials+, and GDPR
- Manage and continuously improve of the firms Information Security Management System
- Oversee the information security training and awareness program
- Lead on internal and external audits and track audit findings through to mitigation
- Identify and communicate emerging security threats with relevant stakeholders
- Provide security due diligence in procurement processes and oversee continuous supplier assurance
- Manage security incidents and coordinate incident response processes
- Select and implement GRC controls and assisting in selection and implementation of information security technologies
- Identify security requirements specific to an information technology (IT) system in all phases of the system life cycle
- Develop new, or enhance current, security procedures to reduce or eliminate potential threats
- Ensure that cybersecurity requirements are Embedded into new programs of work
- Providing management and mentorship to security teams and supporting staff
- Create and then lead the Security Operations Centre (SOC), ensuring Real Time monitoring and incident response.
- Drive security awareness training and governance, risk, and compliance (GRC) initiatives.
- Creation and presentation of reporting to senior stakeholders, highlighting threats, compliance gaps, and mitigation progress.
- Conduct risk assessments, maintain risk registers, and design risk treatment plans.
- Support oversight of vulnerability tooling & processes, assess risk and prioritise remediation.
- Lead internal/external audits (ISO 27001 and ISO 9001) and ensure compliance with regulations (GDPR).
- Support wider IT project requirements through management of defined gates, provision of guidance and assessment of controls.
As an ideal candidate, you will have a proven track record of bringing organisations through ISO27001 & ISO 9001 accreditations. ISO27001 lead implementer or auditor qualifications are essential.
We seek individuals from a diverse talent pool and encourage applicants from underrepresented groups to apply to our vacancies. Our commitment to fair recruitment processes means that we welcome applicants from all backgrounds, regardless of their lived experience or personal characteristics. We also invite applicants who meet most of the listed requirements, even if not all, to apply. If you require any adjustments to the application process, please let us know.
Barclay Simpson acts as an Employment Agency for permanent positions and an Employment Business for temporary/contract engagements.
