Location: London/Leicester/Essex
Hybrid: 2-3 days in office
Our client is financial service company. They are looking for a passionate and detail-oriented Information & Cyber Security Executive to join the teams.
The role encompasses all aspects of information security including organisational security and governance, people security, physical (site) security and technical security controls. The role will assess evolving technologies and threats and communicate the risks.
They offer salary up to £80k base + £5k car allowance and other benefits.
What You'll Do
* Assess compliance with internal security policies and industry standards (eg, ISO/IEC 27001/2, PCI-DSS).
* Conduct supplier risk assessments and third-party due diligence.
* Support vulnerability assessments, incident investigations, and operational resilience activities.
* Monitor the effectiveness of security controls to ensure confidentiality, integrity, and availability (CIA).
* Assist with security certifications and regulatory frameworks including GDPR.
* Translate technical risks into clear, business-friendly advice.
* Stay on-call during scheduled weeks for incident support and response.
Requirements
Essential
* Cyber Security Concepts - Demonstrates an understanding of cyber security concepts and ability to effectively translate and accurately communicate security and risk implications across technical and non-technical stakeholders so that they are understood and applied.
* Threat landscape - Knowledge and understanding of the threat landscape relating to information governance, privacy and security.
* Analytical thinking - Ability to break down complex problems to derive the root cause and mitigating actions.
* Risk management - Methods and techniques for the assessment and management of business risk including safety-related risk.
* Attention to detail - Completes all aspects of a task. Checks all work thoroughly and corrects any mistakes promptly. Establishes realistic deadlines and then sticks to them.
* Delivers business results - Ensures that own aims are aligned with business plans. Redirects own time and resources to ensure aims are met.
* Using information effectively - able to develop insights and conclusions following risk events
Desirable
* Knowledge of cloud security particularly Microsoft Azure (E5) including defender for endpoint, sentinel, and purview.
* A knowledge of ITIL including incident management and problem management including root cause analysis.
* A knowledge of the data protection act (UK GDPR) and how it applies to information and cyber security
* A knowledge of card payment system security as defined in PCI-DSS V4.0
Qualifications
* A security certification such as CISM, CISMP, CISSP or equivalent would be desirable.
* A relevant IT or security-based degree or equivalent practical experience.