Information Security Officer

• Develop, integrate, maintain, and establish information security policies, standards, and procedures or guidelines across the organisation.
• Development of new organizational processes within the organization.
• Ensure the organization's internal regulatory compliance.
• Monitor compliance with regulations such as ISO27001, NIST, NIS2, SOC2, ENS, or ANSSI.
• Maintenance of Information Security KPIs for the maintenance of existing certifications.
• Analysis and management of the authorization of HR, IT, TECH and business processes.
• Identify and manage potential risks and threats.
• Deliver Information Security and Cybersecurity project management.
• Monitor and manage digital access controls across cloud platforms, internal systems, and third-party tools.
• Assist in the detection, investigation, and response to security incidents, including unauthorized access, phishing attempts, and data anomalies.
• Collaborate with cybersecurity teams and other third parties to analyse threat intelligence feeds and proactively identify emerging risks.
• Participate in vulnerability assessments and support external/internal penetration testing efforts.
• Conduct regular audits of user permissions, authentication logs, and endpoint security compliance.
• Develop and deliver security awareness training programs for employees, including social engineering simulations and best practices.
• Maintain detailed records of incidents, access violations, and remediation actions.
• Perform risk assessments, policy reviews and development, and continuous improvement of security operations.

• Supervise technological security measures including SIEM, DLP, IDS/IPS, Firewall, WAF, cryptological mechanisms, EDR…
• Analyse security alerts and conduct technical incident investigations.
• Run and monitor vulnerability tests and periodic scans of key assets
• Collaborate on managing security patches and updates with Internal IT, CloudOps and Engineering teams
• Document technical findings and generate reports for IT, tech, security, and compliance teams.
• Automate security tasks using scripting.
• To choose and advise on the purchase of security and IT technology solutions that meet the regulatory criteria of European laws.

• Coordinate response to cybersecurity incidents.
• Collaborate with business departments to identify key assets and build and test contingency plans to ensure they can be

• Carry out periodic risk assessments in the organization based on international methodologies.
• Identify vulnerabilities and implement security measures to mitigate risk.
• Conduct information security audits and monitor compliance with security standards, laws, and regulations.
• Collaborate with Internal Compliance team to undertake internal and external information security audits.

• Review contract information security clauses and customer annexes.
• Management, governance and security approval of suppliers.
• Creation and Management of a security knowledge base to provide quick answers to Customer questionnaires and queries.

• Deliver Cyber Security employee training and awareness content
• Ensure the correct level of employee awareness by conducting continuous assessments.

• Wellness fund or *Private Medical Insurance (dependent upon role)
• Pension
• Life Assurance x 3
• 25 days holiday plus 8 Bank Holidays
• Ongoing continual professional development (CPD)
• Holiday purchase Scheme up to 5 days
• 1 paid and 1 unpaid volunteering day
• 24/7 and 365 Days Employee Assistance Programme
• Team and company offsite events
• Headspace – mindfulness and meditation app
• Specsavers eye care voucher
• Free Tea, Coffee and fruit every week – Basingstoke office

Once For All UK