Information Security
* Maintain and improve the ISMS.
* Review and update ISMS policies, procedures, standards, and guidance.
* Coordinate internal ISMS reviews and audits.
* Facilitate supplier onboarding and conduct annual security assessments.
* Develop and deliver security awareness initiatives.
* Monitor security alerts and incidents, escalating when necessary.
* Prepare reports on security incidents, risks, and vulnerabilities.
* Schedule penetration tests and vulnerability scans, supporting remediation efforts.
Technology
* Analyze external vulnerability bulletins and coordinate remediation.
* Assist in evaluating cybersecurity tools.
* Use third‑party assessment platforms for risk and compliance.
* Operate and improve the online ISMS platform.
Project Delivery
* Support Senior Information Security Analyst with project.
* Participate actively in project teams to implement security initiatives.
Framework Management & Monitoring
* Monitor and maintain evidence of control effectiveness.
* Support audits by coordinating evidence collection.
* Evaluate controls and document nonconformities.
* Respond to audit findings ensuring timely remediation.
Stakeholder Engagement
* Build relationships with internal and external stakeholders to support security objectives.
* Collaborate with IT teams to prioritize and track remediation of vulnerabilities.
Communication and Reporting
* Produce clear reports on security activities and projects.
* Document and report incidents with root cause analysis.
* Generate ISMS reports using defined metrics for governance.
* Communicate risks effectively tailored to audience technical levels.
Insight and Continuous Improvement
* Support ongoing ISMS review and enhancement.
* Research and recommend new security tools and practices.
* Keep colleagues and managers informed of security issues and implications.
Risk and Compliance
* Assist in targeted information security risk assessments.
* Participate in risk meetings and prepare reports.
* Report risks, incidents, and breaches in line with policies.
* Documentation & Attention to Detail: Ability to translate technical information into business‑relevant language with strong accuracy.
* Communication: Excellent verbal and written skills for technical and non‑technical audiences.
* Teamwork: Collaborative and professional in building strong working relationships.
* Time Management: Effective multitasking and independent work with minimal supervision.
* Influencing & Negotiating: Builds trust and uses interpersonal skills to influence and build consensus.
* Problem Solving: Applies initiative and critical thinking with adaptability and curiosity.
Key Expertise
* Understanding of information security principles, frameworks (e.g., ISO/IEC 27001), and risk management.
* Familiarity with ISMS operations.
* Experience with third‑party security assessment platforms and GRC tools is desirable.
* Exposure to vulnerability management and audit involvement is advantageous.
* Relevant education or professional qualifications in risk, compliance, or information security.
Key Information, Benefits and Remuneration
* Hybrid working model with a minimum of two days per week at the Reigate, Surrey office.
* Salary range between £40,000 – £45,000 depending on experience.
* Eligibility for an annual bonus of up to 15%.
* 25 days holiday plus bank holidays, with flexible holiday options and additional leave after five years.
* Company pension with generous contributions.
* Voluntary benefits allowance of £500 per annum.
* Family support benefits including death in service and income protection.
* Discounted voluntary healthcare benefits and company‑sponsored private medical insurance after one year.
* Employee car scheme.
* Employee assistance program.
* Enhanced family‑friendly policies and flexible working opportunities.
#J-18808-Ljbffr