Job Title: Head of Information Security
Location: Remote (Occasional travel to office)
Duration: Perm
Salary: Up to £80k
Start Date: ASAP
Key Responsibilities:
* Act as a security champion by consistently applying and promoting security best practices across the organization.
* Use KPIs and metrics to track security initiatives and provide regular reports to the CISO.
* Ensure security best practices are integrated throughout the software development lifecycle, working with architects, developers, and product teams.
* Oversee infrastructure and cloud initiatives, ensuring security standards are implemented by technical teams.
* Prioritize and remediate software, network, and infrastructure vulnerabilities based on SLAs, using these as learning opportunities.
* Manage relationships with key security vendors, including external SOC and penetration testers.
* Lead security incident response, containment, resolution, and documentation of root causes, with a focus on implementing preventative measures.
* Manage vulnerability scanning (DAST and SAST) and penetration testing, coordinating within budgets and preparing teams.
* Conduct internal security audits and assessments as needed.
* Ensure partners and suppliers meet required security standards.
Key Skills
* Experience in an ISO27001 ISMS environment, participating in audits.
* Strong communication, interpersonal, and leadership skills to influence and engage stakeholders.
* Proven ability to manage and deliver security projects, with strong collaboration and organizational abilities.
* Knowledge of IT security tools, software, and hardware solutions.
* Understanding of secure software development practices and experience mentoring others in security.
* Experience with security architecture for IT networks, firewalls, and cloud security, particularly in Azure.
* Analytical mindset with strong problem-solving skills and attention to detail.
* Ability to lead security incidents, staying calm under pressure and resolving issues efficiently.
* Experience with network security audits, penetration testing, and ethical hacking.
* Strong documentation and reporting skills, with a focus on clear communication to stakeholders.