Once For All is a high-growth, cloud-based, SaaS subscription business. Our technology helps our customers to manage their supply chain governance, risk management and compliance. We work across public and private sector and have over 250k customers across the UK across 20 different sectors including construction, transport, retail, hospitality education, facility and property management, manufacturing, local and central government.
Role Summary
The Information Security Officer is responsible for implementing, maintaining, and overseeing information security and cybersecurity policies, procedures, and controls to protect the organization's digital assets. They work closely with the CISO, Legal, Compliance, technical and business teams to ensure proactive protection against cyber threats, regulatory compliance, risk management and response to security incidents.
The role will build relationships with departments to ensure identification and continuous progression of security threats in our fast-paced SaaS technology business. This role blends operational security, threat intelligence, and user education to support a
robust security posture across the organisation.
Job Responsibilities
* Develop, integrate, maintain, and establish information security policies, standards, and procedures or guidelines across the organisation.
* Development of new organizational processes within the organization.
* Ensure the organization's internal regulatory compliance.
* Monitor compliance with regulations such as ISO27001, NIST, NIS2, SOC2, ENS, or ANSSI.
* Maintenance of Information Security KPIs for the maintenance of existing certifications.
* Analysis and management of the authorization of HR, IT, TECH and business processes.
* Identify and manage potential risks and threats.
* Deliver Information Security and Cybersecurity project management.
* Monitor and manage digital access controls across cloud platforms, internal systems, and third-party tools.
* Assist in the detection, investigation, and response to security incidents, including unauthorized access, phishing attempts, and data anomalies.
* Collaborate with cybersecurity teams and other third parties to analyse threat intelligence feeds and proactively identify emerging risks.
* Participate in vulnerability assessments and support external/internal penetration testing efforts.
* Conduct regular audits of user permissions, authentication logs, and endpoint security compliance.
* Develop and deliver security awareness training programs for employees, including social engineering simulations and best practices.
* Maintain detailed records of incidents, access violations, and remediation actions.
* Perform risk assessments, policy reviews and development, and continuous improvement of security operations.
Cybersecurity Management:
* Supervise technological security measures including SIEM, DLP, IDS/IPS, Firewall, WAF, cryptological mechanisms, EDR
* Analyse security alerts and conduct technical incident investigations.
* Run and monitor vulnerability tests and periodic scans of key assets
* Collaborate on managing security patches and updates with Internal IT, CloudOps and Engineering teams
* Document technical findings and generate reports for IT, tech, security, and compliance teams.
* Automate security tasks using scripting.
* To choose and advise on the purchase of security and IT technology solutions that meet the regulatory criteria of European laws.
Crisis Management And Incident Response
* Coordinate response to cybersecurity incidents.
* Collaborate with business departments to identify key assets and build and test contingency plans to ensure they can be
executed effectively. Security Assessments and Risk Management:
* Carry out periodic risk assessments in the organization based on international methodologies.
* Identify vulnerabilities and implement security measures to mitigate risk.
* Conduct information security audits and monitor compliance with security standards, laws, and regulations.
* Collaborate with Internal Compliance team to undertake internal and external information security audits.
Support for Sales processes and suppliers:
* Review contract information security clauses and customer annexes.
* Management, governance and security approval of suppliers.
* Creation and Management of a security knowledge base to provide quick answers to Customer questionnaires and queries.
Training and awareness:
* Deliver Cyber Security employee training and awareness content
* Ensure the correct level of employee awareness by conducting continuous assessments.
Candidate Requirements
* Minimum of 3 years in a similar cybersecurity role.
* Experience of developing and implementing security policies and procedures to meet ISO and other standards.
* Experience in protecting confidential and sensitive information.
* Working knowledge of networks, operating systems, firewalls, proxies, EDR, SIEM, Cryptology and AI.
* Experience in crisis management and incident response.
* Up-to-date knowledge of emerging security trends and technologies.
* Ability to develop and integrate contingency plans.
* Experience in Cybersecurity risk assessment and management.
* Knowledge of security audits and supervision in accordance with European and International regulations.
* Proven experience of protecting SaaS environments.
* Proven skills in analysis and teamwork.
* Ability to speak English (C1) and French (B2).
* Ability to speak Spanish to C1 level desired.
* Ability to communicate clearly with technical and non-technical stakeholders at all levels of the business.
* Experience supporting SOC 2,NIS2, ISO 27001, or GDPR compliance programs.
* Knowledge of SaaS architecture and cloud platforms (e.g., AWS, Azure, GCP).
* Familiarity with penetration testing methodologies and remediation workflows.
* Passion for educating others and promoting a security-first culture.
* Discreet and ethical approach to handling sensitive information.
* Proactive mindset with a passion for continuous improvement in security practices.
* May require occasional availability during out of hours support for incident response.
What We Offer
As well as a career in a fast paced environment within a expanding business, we also offer the below benefits as standard:
* Wellness fund or Private Medical Insurance (dependent upon role)
* Pension
* Life Assurance x 3
* 25 days holiday plus 8 Bank Holidays
* Ongoing continual professional development (CPD)
* Holiday purchase Scheme up to 5 days
* 1 paid and 1 unpaid volunteering day
* 24/7 and 365 Days Employee Assistance Programme
* Team and company offsite events
* Headspace mindfulness and meditation app
* Specsavers eye care voucher
* Free Tea, Coffee and fruit every week Basingstoke office
LNKD1_UKTJ #J-18808-Ljbffr