The Opportunity Are you passionate about safeguarding information and driving secure practices in a dynamic global environment? At William Grant and Sons, we’re looking for an Information Security Specialist who will play a pivotal role in protecting our business and brands. This is your chance to join a team where innovation meets heritage, and where your expertise will help maintain the integrity of our iconic portfolio What you will be doing As an Information Security Specialist, you will: Lead the design, implementation, and monitoring of robust information security measures. Collaborate with cross-functional teams to identify and mitigate risks across business units. Support the development and delivery of security awareness training to promote a strong security culture. Provide expert guidance on compliance with industry standards such as ISO 27001, NIST SP 800-53 and GDPR. Manage security assessments for third-party vendors, ensuring alignment with company values and standards. Play an integral role in projects involving sensitive data, ensuring security is embedded from the outset. About You You are a proactive professional with a strong analytical mind and a passion for information security. To excel in this role, you should have: Proven expertise in implementing and managing security frameworks such as ISO, NIST, and GDPR, ensuring compliance and robust security practices. Strong technical skills in designing, implementing, and operating security controls that align with organisational standards and objectives. Demonstrated ability to create clear, high-quality technical documentation for complex security technologies. Exceptional problem-solving abilities, with the capability to translate technical concepts into actionable insights for diverse audiences. Skilled at fostering collaboration within teams, inspiring colleagues, and contributing to shared objectives, plans, and continuous improvement initiatives. Proactive in supporting team development, driving continuous improvement, and aligning security objectives with organisational goals. Experience in designing, managing, and analysing phishing simulation exercises to enhance security awareness and response. Experience with conducting third-party security reviews. Desirable but not essential: Certifications such as CISM or equivalent. Experience with OT security frameworks (such as IEC 62443). Experience in the spirits or manufacturing industry. Experience working with Marketing and Brand teams. Performing GAP analysis. Experience of reviewing penetration testing and vulnerability scanning results, and making recommendations.