This role is fully remote. My growing client are seeking an experienced Information Security Officer to join them on a six month fixed term contract basis. Working closely with the Information Security Manager, you will be responsible forsafeguarding the organisation's information systems and data from security breaches, unauthorised access, and cyber threats across their business units. You will also be developing and implementing security policies, procedures, and controls, as well as auditing business units. Role Responsibilities: Working with the leadership team to support the implementation of the group-wide information security strategy and road mapping Identify security risks and develop mitigation strategies. Ensure compliance with relevant industry standards and regulations (e.g. GDPR and ISO 27001). Stay up-to-date with emerging security threats, vulnerabilities, technologies and industry best practices to recommend improvements. Assist in the establishing and enforcement of group-wide security policies, standards, and procedures. Assess and manage security risks associated with third-party vendors and service providers. Ensure vendors comply with group security requirements. Work with bid teams and customers to discuss requirements and evidence of compliance. Manage and monitor compliance with applicable security accreditations. Planning and preparation to determine audit scope, objectives, and schedule. Develop group wide audit plans and checklists based on ISO, Cyber Essentials or other required standards. Review and understand existing policies, procedures and documentation related to security and identify opportunities for standardisation between BUs and across group. Work with personnel to review in-place security practices, processes and controls and opportunities for standardisation. Evaluate the effectiveness of information security controls, risk management practices and incident response procedures. Evaluate Business Continuity Plans and IT Disaster Recovery plan compliance. Identify potential vulnerabilities, threats, and areas for improvement in information security. Run required external surveillance meetings with agreed 3rd party auditors. Document audit findings, observations, and recommendations in a clear and concise manner. across all security areas Prepare and present audit reports detailing the organisation's compliance status, identified risks, and suggested corrective actions along with any agreed key performance indicators. Collaborate with internal teams and external auditors to ensure accurate representation of findings and agree required remediation strategies and actions. Schedule and drive both monthly and quarterly business and technical review meetings. Analyse identified vulnerabilities and risks to determine their potential impact on the organisation. Work with relevant teams to develop strategies for mitigating and addressing identified risks. Provide guidance on the implementation of effective information security controls and best practices. Develop and deliver security awareness programs for employees. Report on staff training around security protocols and procedures. Conduct training sessions or workshops to increase awareness of information security practices. Educate personnel on the importance of compliance with ISO 27001 and other relevant standards. Requirements: Bachelor's degree or 5 years professional experience in Information Technology, Computer Science, Cybersecurity, or similar (including an ISCA qualification. CISM and CISSP are nice to have) Experience understanding an organisation's business goals, objectives, and industry landscape to align security strategies withpriorities, as well as with Mergers and Acquisitions. Experience in conducting information security audits, risk assessments, and vulnerability assessments. In-depth knowledge of security frameworks and standards (e.g. NIST, ISO 27001, ISO 9001, Cyber Essentials standards) and their underpinning controls and best practices. Strong problem solving, analytical, communication, and report writing skills. Understanding of network security, cryptography and risk management. Able to collaborate with cross-functional teams and communicate technical concepts to non-technical stakeholders Able to work with and understand the needs and concerns of vendors, partners and customers in order to discuss and tailor security measures and agree necessary protection is in place ISO Lead auditor certification (Desirable) If this sounds like you, please apply now