Information Security Officer – GRC focused
Permanent – £50k to £60k
Location: Hybrid – Cardiff
Your new company:
You will play a key role at a local private sector organisation, who are looking to recruit an Information Security Officer on a permanent basis. This role is crucial for ensuring IT operations align with regulatory standards and organisational goals. Key areas will include strategic planning, incident response and integrating compliance frameworks (e.g. GDPR, ISO 27001) to protect critical systems.
The role responsibilities:
You will act as the Information Security SME on all things GRC and InfoSec. This role is crucial to the business’s plans to improve and mature the InfoSec practices within the organisation, and they are looking for someone to come in with ideas and expertise on how to improve and protect their IT and InfoSec estate. You will be responsible for developing risk management processes, crisis plans and vendor oversight, whilst collaborating with stakeholders to implement security measures and enhance compliance. You will have a good level of autonomy and will be the owner of the GRC elements for the organisation.
* Risk & Compliance: Develop IT risk frameworks, perform assessments, and ensure regulatory compliance.
* Incident Response: Maintain an Incident Response Plan and coordinate rapid incident resolution (e.g., cybersecurity breaches, data loss).
* Vendor Risk: Establish a Vendor Risk Management program to assess third-party compliance.
* Security Leadership: Oversee security measures, incident responses, and network security enhancements, including Fortinet solutions.
You will need:
You will need to have performed a similar role previously. This could be a good fit for someone who has worked in a larger organisation, who is looking to take ownership of InfoSec policies and procedures, or someone who’s currently leading in a similar role but would like a new challenge or environment.
* Certifications such as CRISC, CISA, CISM, ISO 27001 Lead Auditor, or equivalent will be beneficial, but not essential. However, the experience of having performed a similar role will be essential.
* Strong knowledge of regulatory requirements (e.g. GDPR, ISO 27001, Data Protection Act 2018), including Data Protection Impact Assessments (DPIAs) and familiarity with frameworks such as Cyber Essentials or ISO 27005.
* Proficiency with MS 365, Intune, VMWare and Fortinet technologies
What you’ll get in return:
As well as strong autonomy and the support needed to make a difference in the role, you will get an annual salary of £50,000 - £60,000. The role will be on a hybrid basis, with it most likely being 3 days on site in Cardiff, but this could be flexible. However, it cannot be fully remote, nor can the company offer sponsorship.
* 28 days annual leave + bank holidays.
* Industry leading training
* Employee Assistance Program - free 24/7 confidential helpline (domestic, financial, legal, health support etc)
* High street retail discount scheme
* Staff benefits, wellbeing and recognition platform
* Free on-site parking
* Friendly and supportive work environment