Overview
Monday – Friday (37.5 hours per week - hybrid).
Benefits
* 25 days holiday (rising to 28 after 3 years’ service) plus bank holidays.
* Private Medical - via vitality, with reward schemes paid for you and your family.
* Health cash plan - via Simply Health for employees and children.
* Pension – Oodle will contribute 5% of your salary into your pension pot.
* Free breakfast, drinks and fruit in the office.
* Employee discounts for major shops.
* 1 day volunteer day per year.
* Mental health care – 6 free counselling sessions via our EAP.
* Paid sick leave – enhanced company sick pay.
* Enhanced family leave – enhanced leave for primary and secondary caregivers.
What you’ll be getting up to
* Maintain and operate the Cyber Risk Register, ensuring timely tracking and treatment of issues. Provide reporting for key governance committees.
* Deliver the Information Risk Assessment Programme, engaging business and technical stakeholders to assess and manage cyber threats and risks.
* Deliver Supplier Risk Assessments, working with procurement and business teams to assess and monitor third-party risk through the supplier life-cycle.
* Facilitate and document Security Risk Exceptions.
* Cyber Training and Awareness: Contribute to the design and rollout of security awareness content and phishing simulation programmes to embed a strong cyber culture.
* Security Policy Framework: Support ongoing development, maintenance, and communication of the organisation’s Security Policy framework, reviewing and updating policies and procedures.
* Cyber Security & Resilience Compliance: Coordinate compliance efforts across standards such as PCI-DSS, audits, user access reviews, and FCA operational resilience requirements. Work with stakeholders to manage remediation actions and audit responses.
* Support Cyber Incident Management: Act as a supporting resource in cyber incident response activities, logging, tracking and learning from incidents and near misses.
Qualifications
* A minimum of two years' experience in a cyber risk / information security role.
* Working knowledge of cyber risk frameworks (e.g. ISO 27001, NIST CSF).
* Experience maintaining risk registers and conducting information risk assessments, including supplier risk assessments.
* Understanding of regulatory and compliance requirements (e.g. PCI-DSS).
* Excellent communication skills, with the ability to articulate technical and risk concepts to diverse stakeholders.
* Proactive and structured approach to managing tasks and stakeholders.
* Collaborative mindset to strengthen the organisation’s security posture, in line with business objectives.
* Certified qualifications such as CRISC, CISMP, CISM, CISSP, ISO 27001 Lead Implementer, or equivalent.
* Experience with GRC tools (e.g. OneTrust, Archer, Protecht).
* Awareness of cloud platforms and SaaS (e.g. Microsoft Azure, M365, AWS) and associated security risks.
* Understanding of SYSC15 Operational Resilience (FCA Handbook).
* Exposure to incident management or data breach support.
Our values
* Embrace being human
* Strive for awesome
* Everyone’s a builder
* Bravely honest
* Think customer
Oodle is proud to be an inclusive workplace and recognises diversity of experience, thoughts and backgrounds leads to better outcomes. We have DEI networks to support our culture.
#J-18808-Ljbffr