Salary: £55,600 - 60,000 per year Requirements:
* Significant proven experience in information security and compliance management.
* Familiarity with ITIL practices and risk management methodologies.
* Significant proven experience with cyber security incident management and response.
* Strong knowledge of security standards and regulations, such as GDPR, PCI-DSS, and ISO27001.
* Experience of delivering data protections specifically data loss prevention, sensitivity labeling, and retention (using Microsoft Purview).
* Experience of managing projects through to completion.
* Certified in one of the following: Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), or Certified in Risk and Information Systems Control (CRISC).
* --
Responsibilities:
* I will take responsibility for our information and data protection policies, practices, and settings, including sensitivity labels, data retention policies, and data loss protection policies.
* I will collaborate with the Head of Risk, DPO, and VCISO to identify and manage information security risks and mitigating controls.
* I will lead the wider business areas to ensure security policies and procedures are embedded in all business processes.
* I will take an active role in the containment and reporting of information security incidents, including detection, response, remediation, and communication.
* I will lead on the design and implementation of robust processes for reviewing and addressing the data security posture of third-party suppliers.
* I will manage relationships with vendors and service providers to assess compliance with security and data protection policies and standards.
* I will take the lead on the review process for information security policies, working to agreed review schedules, and ensure all policies are published and made available to all staff and volunteers to increase awareness.
* I will develop policies and procedures in accordance with industry regulations and standards such as the Data Protection Act 2018, PCI-DSS, and ISO27001.
* I will monitor tools for data governance, data security, and compliance to manage information security risks and regulatory requirements and detect and investigate possible information security incidents.
* --
Technologies:
* Embedded
* Support
* ITIL
* Security
More:
We are currently seeking a Head of Information Security and Compliance to join our ambitious, focused, and dynamic team. We are passionate about how technology can enable our staff to deliver incredible support to the armed forces community. As a key player in our organization, you will be instrumental in developing, implementing, and maintaining security policies, procedures, and controls to protect our data and systems. You will play a pivotal role in managing and containing security incidents while ensuring continuous improvement in our security posture and raising awareness among our staff, volunteers, and member communities. Your expertise will help us assess, report, and mitigate risks associated with third parties, focusing on protecting the confidentiality, integrity, and availability of our information assets.
last updated 2 week of 2026