Head of Information Security
Apply NowJob details
Job Title: Head of Information Security Roly Type: Permanent Salary: £75,000 - £85,000 Start Date: ASAP Location: Edinburgh/Hybrid The Role: Work with Security team to maintain an ISO 27001 certified ISMS, broadening out scope of the certification across the company's subsidiaries and international territories. Responsible for compliance to the GDPR and maintain and grow Cyber Essentials certification, in addition to responding to future strategic compliance investments the company may choose to make. responsible for driving and supporting the PCI DSS Compliance Program, for ensuring the necessary internal controls, policies and processes are defined, embedded, distributed (via The Local) and operating effectively. Ensure an effective incident notification and response processes are in place and communicated to the necessary stakeholders accordingly. Work with internal teams as an internal auditor and trusted advisor, with customers, responding to their Information Security, Data Protection and PCI audits and enquiries and with auditing bodies for external validation and certification. Key Skills: 4 years of experience in an information security role, with a particular focus on ISO 27001. Extensive experience in ISO 27001, including implementation, maintenance, and certification of an ISMS within a technology organization. Certification as an ISO 27001 Lead Implementer is advantageous. Proven track record of working with external UKAS-accredited auditing bodies, effectively managing and owning the ISO 27001 external audit program. In-depth experience as an internal ISMS auditor. ISO 27001 Lead Auditor certification is highly desirable. Practical experience with the application of controls and compliance standards, including PCI DSS and Cyber Essentials. Strong knowledge of IT security-related hardware, software, and vendor solutions, with the ability to apply best practice security principles to mitigate and manage risks. Solid understanding of network protocols and the secure software development lifecycle, including web and mobile applications. Experience in providing security sign-off on product design is essential. Extensive experience working with diverse teams across an organization to integrate and enforce information security requirements. Hands-on experience in implementing and maintaining a Privacy Information Management System (PIMS) in line with GDPR compliance. Attention to detail is critical, ensuring all documentation is precise and error-free. Experience with the following standards is beneficial: PCI DSS, UK Cyber Essentials Plus, ISO 27701 (Privacy Information Management), ISO 27017 (Cloud Security), ISO 9001 (Quality Management), and ISO 22301 (Business Continuity). Research indicates that men will apply to a role when they only meet 50-60% of the descriptions, however, when looking at women and other minority groups, they can look for up to a 99% match in order to apply to a role. If you feel you are a fit for our role, please still apply, don’t worry if you don’t tick every single box. We’d still love to hear from you. We encourage underrepresented talent to apply to all our roles & support accessibility needs’.
Apply Now