Head of Information Security required for online retail business. The role will initially be focused on ISO27001 & ISO9001 recertifications.
Responsibilities
* Lead on information security strategy and implementation of security roadmap
* Develop security KPIs and track their progress
* Advise senior management on risk levels and any changes impacting security posture, including emerging threats
* Create, maintain, and implement information security policies
* Continuously validate the firm against policies and procedures to ensure compliance against ISO 27001, ISO 9001, Cyber Essentials+, and GDPR
* Manage and continuously improve of the firms Information Security Management System
* Oversee the information security training and awareness program
* Lead on internal and external audits and track audit findings through to mitigation
* Identify and communicate emerging security threats with relevant stakeholders
* Provide security due diligence in procurement processes and oversee continuous supplier assurance
* Manage security incidents and coordinate incident response processes
* Select and implement GRC controls and assisting in selection and implementation of information security technologies
* Identify security requirements specific to an information technology (IT) system in all phases of the system life cycle
* Develop new, or enhance current, security procedures to reduce or eliminate potential threats
* Ensure that cybersecurity requirements are Embedded into new programs of work
* Providing management and mentorship to security teams and supporting staff
* Create and then lead the Security Operations Centre (SOC), ensuring Real Time monitoring and incident response.
* Drive security awareness training and governance, risk, and compliance (GRC) initiatives.
* Creation and presentation of reporting to senior stakeholders, highlighting threats, compliance gaps, and mitigation progress.
* Conduct risk assessments, maintain risk registers, and design risk treatment plans.
* Support oversight of vulnerability tooling & processes, assess risk and prioritise remediation.
* Lead internal/external audits (ISO 27001 and ISO 9001) and ensure compliance with regulations (GDPR).
* Support wider IT project requirements through management of defined gates, provision of guidance and assessment of controls.
As an ideal candidate, you will have a proven track record of bringing organisations through ISO27001 & ISO 9001 accreditations. ISO27001 lead implementer or auditor qualifications are essential.