Head of Information Security

The company:

A private TechForGood business in the North East is going through a process of global expansion and is looking for a Head of Information Security to drive excellence across security practices. Over the past 4 years, they have grown from a team of 20 to 250 and have quadrupled their profits. They work across a range of practices within a specific sector, and the use of technology makes a genuine difference in people's lives. Over the next 4 years, they plan to replicate this success and are looking for innovative and proactive people to joint them on the journey.

The role:

You will be responsible for ensuring that the software and applications that the clients are onboarded onto are secure and compliant.  You will have a focus on the protection of data for customers, business partners, employees and third parties. This is going to be a fast-paced role, so the ability to zoom out, prioritise and lead projects will be key, as multiple clients may be being onboarded at one time. You will need to develop, implement, and monitor a strategic, comprehensive enterprise information security and IT risk management program across the whole group. Collaborating with the senior leadership team and key stakeholders will be a large part of this role, so excellent communication will be key.

Day-to-day tasks will include…

• Secure information assets and ensure information security and compliance with relevant legislation and legal interpretation.
• Facilitate risk assessment and risk management processes.
• Develop and implement group-wide adoption of ISO 27001 and Cyber Essentials Plus
• Ensure group-wide compliance with PCI, GDPR, NHS DSP Toolkit
• Raise awareness of risk management concerns.
• Ensure best practice from a security perspective in the development practices, for example driving secure coding practices, communicating OWASP top 10 etc
• Stay up-to-date with information security issues and regulatory changes
• Monitor all security incidents and act as the primary control point during significant information security incidents.
• Coaching and mentoring IT and Engineering teams regarding security best practices
• Maintain continual growth in professional skills and knowledge

Experience required:

• Possess extensive knowledge and experience of IT security and compliance frameworks at all levels.
• Have strong experience with SaaS/Cloud-based solutions.
• Demonstrate a strong technical background covering IT, Infrastructure, and Software Development with experience across a broad range of architectures, technologies, and development practices.
• Exhibit strong team leadership skills, including motivation, performance management, cultural awareness, coaching, and development.
• Have extensive stakeholder management experience up to board level.

Benefits include:

• 28 Days annual leave + public holidays
• Holiday buy scheme
• Enhanced company pension
• Company bonus scheme
• Share options
• Sick pay scheme
• Income protection
• Private health insurance cash plan
• Life assurance
• Flexible benefits including discounted gym, cycle to work, technology scheme, shopping discounts etc.

Permanent/ 37.5 hours/ 1 day per week in office/ Monday – Friday/ CISO

Next Steps? If you would like to know anything more about this role or even just want to hear what other Infrastructure, Cloud and Security positions I have that may also be a good match for you then please apply to this advert / or catch me on LinkedIn "Hayley Bee