The Position – We are looking for a IT Security & Compliance Officer to embark on a rewarding journey with us at Mpac, where your passion for quality & teamwork will thrive.
Team Mission – Our mission is to create automation ecosystems that enhance the manufacturing world to adapt and grow, effectively and efficiently. We pride ourselves on our exceptional service, and our INTEGRITY & DRIVE make us stand out from the crowd. Our COLLABORATIVE approach fosters an environment of growth & INNOVATION, built upon a solid foundation of industry-leading standards, alongside a diverse team & their EXPERTISE.
Purpose of the role - The IT Security & Compliance officer is a senior IT role responsible for safeguarding Mpac Group’s information assets and ensuring the continuous, secure operation of its critical IT services. The ISCO oversees the organisation’s information security, cyber security, service monitoring, data backup processes, and business continuity planning. This role is pivotal in ensuring that all IT systems are secure, reliable, and resilient against potential threats, disruptions, and disasters. Combining strategic oversight with hands-on management, the ISCO plays a critical role in protecting the organisation’s digital infrastructure and ensuring business continuity.
Core Functions -
· Develop, implement, and maintain the organisation’s information security strategy, policies, and procedures.
· Ensure that all IT systems and data are protected against internal and external threats, including cyberattacks, data breaches, and unauthorised access.
· Conduct regular security audits, vulnerability assessments, and penetration testing to identify and address potential security risks.
· Monitor the organisation’s IT infrastructure for security breaches and respond promptly to any incidents.
· Implement and manage cybersecurity tools and technologies, such as firewalls, intrusion detection/prevention systems (IDPS), and antivirus software.
· Lead incident response efforts, including investigation, containment, eradication, and recovery, and provide detailed reports to senior management.
· Oversee the monitoring of IT services and infrastructure to ensure they are performing optimally and securely.
· Implement and manage service monitoring tools to provide real-time alerts and reporting on system performance and security events.
· Collaborate with IT support teams to proactively address performance issues and ensure the resilience of IT services.
· Design and manage the organisation’s data backup strategy, ensuring all critical data is regularly backed up and securely stored.
· Conduct regular tests of data recovery processes to ensure the organisation can quickly recover from data loss incidents.
· Implement and manage disaster recovery plans to ensure minimal disruption to business operations during a major IT incident.
· Develop, implement, and maintain the organisation’s business continuity plans (BCP) to ensure the continuous operation of critical IT services during disruptions.
· Collaborate with various departments to identify key business processes and systems that require continuity planning.
· Conduct regular BCP drills and exercises to ensure the organisation is prepared to respond effectively to disruptions.
· Ensure the organisation complies with relevant information security regulations, standards, and best practices (e.g., GDPR, ISO 27001).
· Conduct risk assessments to identify potential threats to the organisation’s IT systems and data, and implement mitigation strategies.
· Maintain up-to-date knowledge of the latest security threats, trends, and regulatory changes, and ensure the organisation’s security practices evolve accordingly.
· Collaborate with other IT and business leaders to integrate security practices into all aspects of the organisation’s operations.
· Develop and deliver security awareness training programs to employees at all levels of the organisation.
· Provide regular reports to the Group IT Director and senior management on the status of the organisation’s information security and business continuity efforts.
· Communicate security risks, incidents, and mitigation strategies to stakeholders across the organisation.
· Act as the primary point of contact for external security audits and assessments.
Education: degree in Information Security, Computer Science or equivalent
Experience: At least 6+ years of experience in information security, cybersecurity, or a related field
Certifications: Relevant certifications such as CISSP (Certified Information Systems Security Professional), CISM (Certified Information Security Manager), ISO 27001 Lead Implementer, or equivalent are highly desirable.
Technical Skills:
· Strong knowledge of information security management frameworks (e.g., ISO 27001).
· Proficiency in cybersecurity tools and technologies, such as firewalls, IDPS, antivirus, and SIEM (Security Information and Event Management) systems.
· Experience with service monitoring and data backup/recovery tools.
Soft Skills:
· Strong analytical and problem-solving skills.
· Effective communication skills, with the ability to explain complex security concepts to non-technical stakeholders.
· Ability to work under pressure and manage multiple priorities.
Location and Travel:
This role is based in the UK, with occasional travel to other Mpac Group sites as required.