Cyber and Information Security Lead (CISO)
Location:
Bath
Salary:
Up to £75,000+ (negotiable depending on experience)
Working pattern:
Hybrid, 3 days in the office.
We are seeking a highly experienced and knowledgeable Cyber and Information Security Lead to join a growing software company. The ideal candidate will be a conscientious and personable leader with commercial experience, preferably within the public sector. This role is perfect for someone who may already be operating at a CISO level in a smaller company or is looking to advance their career.
This is a key position where you will be responsible for developing and implementing a comprehensive security strategy and roadmap to support business objectives and future growth ambitions. You will play a crucial role in ensuring the delivery of our products and services meets the highest standards of compliance and regulation. The company has a flat management structure and a coaching culture, where team members collaborate and support one another. You will need to be able to integrate and provide value to the organisation, working collaboratively rather than simply dictating.
Key Responsibilities:
* Security Strategy:
Design, implement, and maintain a comprehensive security strategy, roadmap, and policies.
* Compliance:
Ensure the company's security posture meets the requirements of frameworks such as Cyber Essentials Plus and ISO27001:2022.
* Risk Management:
Lead the information security risk management program, including the identification, assessment, mitigation, and monitoring of risks across all systems and operations.
* Incident Response:
Develop, implement, and manage the information security incident response plan.
* Leadership:
Provide strong leadership to the governance, risk, and compliance team and mentor security staff.
Essential Skills and Experience:
* Extensive experience (10+ years) in a senior information security role.
* Hands-on experience with the successful implementation, certification, and ongoing maintenance of an ISO 27001 Information Security Management System (ISMS).
* Demonstrated expertise in developing, implementing, and managing information security risk management frameworks.
* Strong understanding and experience of secure software development lifecycles (SDLC) and embedding security by design into product development processes.
* Excellent communication, influencing, and negotiation skills to articulate complex security concepts to both technical and non-technical stakeholders, including senior leadership, product teams, and external partners.
* Proven ability to lead, mentor, and develop a high-performing governance, risk, and compliance (GRC) team.
Desirable Skills and Experience:
* Experience with securing cloud-native applications and infrastructure (e.g., AWS, GCP).
* Relevant industry certifications such as CISSP, CISM, or ISO 27001 Lead Implementer/Auditor.
* Experience in conducting due diligence and ongoing monitoring of third-party security posture, specifically SaaS.
* Experience in leveraging threat intelligence to proactively identify and mitigate security risks.
Benefits:
* 25 days annual leave plus bank holidays (with the option to buy or sell annual leave after probation).
* Private health insurance.
* Life assurance.
* Pension (enhanced after successful completion of probation).
* Personal training and conference budget.
* Onsite gym, parking, and EV charging points.
Work Environment:
This is a full-time position for 37.5 hours per week, Monday to Friday, from 9 am to 5 pm. They have a flexible 'place of work' policy that asks everyone to be where the work of the day is best completed.
To maintain relationships and communication, many people in similar roles find they work in the office three or more days a week, and you are expected to be flexible.
The role is based at our offices in Bath, and you will need to be within a commutable distance.