Overview
Technology, Defence and National Security Recruiter | Building Brighter Futures, Together
Cyber and Information Security Lead (CISO)
Location: Bath
Salary: Up to £75,000+ (negotiable depending on experience)
Working pattern: Hybrid, 3 days in the office.
We are seeking a highly experienced and knowledgeable Cyber and Information Security Lead to join a growing software company. The ideal candidate will be a conscientious and personable leader with commercial experience, preferably within the public sector. This role is suitable for someone who may already be operating at a CISO level in a smaller company or is looking to advance their career.
This is a key position where you will be responsible for developing and implementing a comprehensive security strategy and roadmap to support business objectives and future growth. You will play a crucial role in ensuring the delivery of our products and services meet the highest standards of compliance and regulation. The company has a flat management structure and a coaching culture, where team members collaborate and support one another. You will need to integrate and provide value to the organisation, working collaboratively rather than simply dictating.
Key Responsibilities
* Security Strategy: Design, implement, and maintain a comprehensive security strategy, roadmap, and policies.
* Compliance: Ensure the company's security posture meets the requirements of frameworks such as Cyber Essentials Plus and ISO27001:2022.
* Risk Management: Lead the information security risk management program, including the identification, assessment, mitigation, and monitoring of risks across all systems and operations.
* Incident Response: Develop, implement, and manage the information security incident response plan.
* Leadership: Provide strong leadership to the governance, risk, and compliance team and mentor security staff.
Essential Skills and Experience
* Extensive experience (10+ years) in a senior information security role.
* Hands-on experience with the successful implementation, certification, and ongoing maintenance of an ISO 27001 Information Security Management System (ISMS).
* Demonstrated expertise in developing, implementing, and managing information security risk management frameworks.
* Strong understanding and experience of secure software development lifecycles (SDLC) and embedding security by design into product development processes.
* Excellent communication, influencing, and negotiation skills to articulate complex security concepts to both technical and non-technical stakeholders, including senior leadership, product teams, and external partners.
* Proven ability to lead, mentor, and develop a high-performing governance, risk, and compliance (GRC) team.
Desirable Skills and Experience
* Experience with securing cloud-native applications and infrastructure (e.g., AWS, GCP).
* Relevant industry certifications such as CISSP, CISM, or ISO 27001 Lead Implementer/Auditor.
* Experience in conducting due diligence and ongoing monitoring of third-party security posture, specifically SaaS.
* Experience in leveraging threat intelligence to proactively identify and mitigate security risks.
* 25 days annual leave plus bank holidays (with the option to buy or sell annual leave after probation).
* Private health insurance.
* Life assurance.
* Pension (enhanced after successful completion of probation).
* Personal training and conference budget.
* Onsite gym, parking, and EV charging points.
Employment Details
* Full-time position for 37.5 hours per week, Monday to Friday, from 9 am to 5 pm.
* Flexible place of work policy; active in-office presence is common, with some roles requiring three or more days per week in the office.
* Based at offices in Bath; commutable distance required.
#J-18808-Ljbffr