Head of Information Security
Apply NowJob details
JLA is a mission critical infrastructure solutions business offering services Laundry, Catering, Heating, Fire Safety, Infection Control and Air Conditioning. The company offers an end-to-end, on premise, machine supply and breakdown service proposition under the name Total Care, and additional products and services. JLA is driven by a world class Sales & Marketing engine, owns and maintains all assets, and has an efficient on-site operations team working daily with customers. When you join the JLA family, you'll also gain access to an extensive benefits package. We care about our people and take your well-being seriously, which is why we offer a range of supportive tools for health and wellbeing, financial guidance, and legal advice. Our Employee Assistance Programme, 24/7 Wellness and Lifestyle App plus a dedicated team of Mental Health First Aiders are there to support you through life's challenges. We also offer up to 8 counseling sessions, which can be in-person or remote, providing you with the support and flexibility to suit your own personal needs. You can reach any fitness goals with our free onsite gym at head office along with a range of other gym membership discounts available. To offer financial support, we not only provide life assurance coverage, company sick pay, and a company pension scheme, we offer a range of added benefits such as free office parking, eye care vouchers, a cycle-to-work scheme, and exclusive discounts through our staff benefits hub. We really pride ourselves in offering a healthy work-life balance and believe it is important to have time away to recharge which is why we provide 25 days of annual leave plus bank holidays, flexible working options, and enhanced family leave policies. We are a company that appreciates you and invests in your success and even have a Colleague Recognition Scheme to celebrate your achievements. We're dedicated to your growth, offering support in career development and training. We value your referrals, and through our Refer a Friend scheme, you can earn up to £1,000 in bonus rewards About the role JLA is committed to maintaining a secure and compliant business. As part of this ongoing commitment we are looking for an experienced Information Security professional to take responsibility for our vision, strategy, and the overall program to keep our information assets and operational systems protected. The Head of Information Security will oversee the development and implementation of JLA’s information security strategy, including policies, procedures and tools designed to protect enterprise communications, systems, and assets from both internal and external threats. Importantly they will be responsible for understanding the evolving threat, compliance and technology landscape and owning JLA’s response to these risks alongside the technology and legal functions. Key Responsibilities: Leadership and Strategy: Develop, implement, and monitor a strategic, comprehensive best-practice enterprise information security and IT risk management program. Work directly with the business units to facilitate risk assessment and risk management processes. Develop and enhance an information security management framework and associated policies. Governance, Risk, and Compliance: Ensure compliance with relevant security policies, standards, regulations, and laws. Ensure applicable data is classified, managed, stored and retained in accordance with best-practice and applicable laws. Oversee the approval, training, and dissemination of security policies and practices. Take responsibility for statutory attestations and achieving key information security accreditations to demonstrate best-practice. Incident Readiness and BCP: Oversee the ongoing development of JLA’s disaster recovery and business continuity plan. Develop and manage the cross-functional information security incident response team and ensure efficient and effective incident management processes are in place. Run incident response test and simulations to ensure there are adequate mitigations in place to minimize recovery time. Security Operations: Monitor the security and compliance environment continuously, managing third-party vendors and monitoring tools. Evaluate and provide recommendations for security, compliance and information governance technologies and solutions. Vendor and Third-Party Management: Manage security vendors and service providers. Work with the procurement team to ensure that third-party providers are compliant with the organization's security policies and contractual obligations. Skills and Experience Proven ability to develop and execute a comprehensive information security strategy. Proven experience in developing and managing security policies and procedures Experience with cloud security, in particular Azure and hybrid Azure environments. Strong working knowledge of the Azure Entra and Microsoft Security and Compliance tools, and applying these across M365. In-depth knowledge of information security frameworks (e.g., ISO 27001, NIST). Strong understanding of relevant legal and regulatory requirements, such as GDPR, and PCI-DSS. Excellent leadership, communication, and project management skills. Ability to handle high-stress situations and make sound decisions under pressure. Qualifications: Education and Experience: Bachelor’s degree in Computer Science, Information Systems, or a related field. Minimum of 10 years of experience in a combination of risk management, information security, and IT roles. At least 3 years in a senior information security role. Certifications: The ideal candidate will have one or more of the following certifications: CISSP (Certified Information Systems Security Professional) CISM (Certified Information Security Manager) CRISC (Certified in Risk and Information Systems Control) Other relevant certifications are a plus.
Apply Now