Information Security Officer

Information Security Officer - GRC focused

Permanent - £50k to £55k

Location: Hybrid - Cardiff

Your new company

You will play a key role at a local private sector organisation, who are looking to recruit an Information Security Officer on a permanent basis.
This role is crucial for ensuring IT operations align with regulatory standards and organisational goals. Key areas will include strategic planning, incident response and integrating compliance frameworks (e.g. GDPR, ISO 27001) to protect critical systems.

Your new role

You will act as the Information Security SME on all things GRC and InfoSec. This role is crucial to the company's plans to improve and mature the InfoSec practices within the organisation, and they are looking for someone to come in with ideas and expertise on how to improve and protect their IT and InfoSec estate. You will be responsible for developing risk management processes, crisis plans and vendor oversight, whilst collaborating with stakeholders to implement security measures and enhance compliance. You will have a good level of autonomy and will be the owner of the GRC elements for the organisation.

• Risk & Compliance: Develop IT risk frameworks, perform assessments, and ensure regulatory compliance.
• Incident Response: Maintain an Incident Response Plan and coordinate rapid incident resolution (e.g., cybersecurity breaches, data loss).
• Vendor Risk: Establish a Vendor Risk Management program to assess third-party compliance.
• Security Leadership: Oversee security measures, incident responses, and network security enhancements, including Fortinet solutions.

What you'll need to succeed

You will need to have performed a similar role previously. This could be a good fit for someone who has worked in a larger organisation, who is looking to take ownership of InfoSec policies and procedures, or someone who's currently leading in a similar role but would like a new challenge or environment.

• Certifications such as CRISC, CISA, CISM, ISO 27001 Lead Auditor, or equivalent will be beneficial, but not essential. However, the experience of having performed a similar role will be essential.
• Strong knowledge of regulatory requirements (e.g. GDPR, ISO 27001, Data Protection Act 2018), including Data Protection Impact Assessments (DPIAs) and familiarity with frameworks such as Cyber Essentials or ISO 27005.
• Proficiency with MS 365, Intune, VMWare and Fortinet technologies

What you'll get in return

As well as strong autonomy and the support needed to make a difference in the role, you will get an annual salary of £50,000 - £55,000. The role will be on a hybrid basis, with it most likely being 3 days on site in Cardiff, but this could be flexible. However, it cannot be fully remote, nor can the company offer sponsorship.

• 28 days annual leave + bank holidays.
• Industry-leading training
• Employee Assistance Program - free 24/7 confidential helpline (domestic, financial, legal, health support etc)
• High street retail discount scheme

What you need to do now

If you're interested in this role, click 'apply now' to forward an up-to-date copy of your CV.
If this job isn't quite right for you, but you are looking for a new position, please contact us for a confidential discussion about your career.

Hays Specialist Recruitment Limited acts as an employment agency for permanent recruitment and employment business for the supply of temporary workers. By applying for this job you accept the T&C's, Privacy Policy and Disclaimers which can be found at hays.co.uk