Information Security Officer & Data Protection Officer

Information Security Manager and Data Protection Officer

Witney (Hybrid Working) – Up to £65,000 per annum

Job Purpose

We are seeking an experienced Information Security Manager to oversee and manage our Information Security Management System (ISMS). Reporting to the ISMS sponsors, you will drive continuous improvement, ensuring ongoing compliance and readiness for surveillance audits and recertification. This is a pivotal role combining governance, architecture, risk management, and stakeholder engagement, with the opportunity to shape and influence the organisation’s security posture.

Key Areas of Responsibility

• Manage and operate the ISMS framework, including developing and maintaining information security policies, standards, and procedures
• Advise management and project teams to ensure security standards and procedures align with organisational policies
• Ensure all employees are aware of their responsibilities regarding information security
• Develop and deliver information security training, education, and awareness programmes
• Design and maintain current and future state security architectures
• Support application and platform design to ensure compliance with cybersecurity best practices
• Develop IT control procedures and contribute to the evolution of security policies
• Create frameworks to support engineering teams in delivering secure solutions
• Act as the incident owner and decision-maker for cybersecurity incidents, leading response and escalation activities
• Define security requirements for new applications, systems, and services
• Monitor the external threat landscape and advise on emerging risks and mitigation strategies
• Manage relationships with cybersecurity partners and industry bodies to enhance organisational capability

Additional Responsibilities

• Act as an internal subject matter expert, supporting customer and prospect queries, including completion of security questionnaires
• Conduct security and risk assessments across systems and services
• Perform internal audits and continuously review the effectiveness of policies and controls
• Prepare reports for the Audit & Risk Management Committee (including ISMS risks, audits, and incidents)
• Ensure compliance with information security and data privacy policies
• Undertake Data Protection Officer (DPO) responsibilities, including policy maintenance, compliance, and training

Skills & Knowledge

• Strong technical and architectural understanding of IT security, including networks, operating systems, firewalls, VPNs, databases, cryptography, IDS/IPS, and access management
• Knowledge of penetration testing methodologies
• Familiarity with information security frameworks such as ISO 27001 and PCI DSS
• Experience working with AWS and/or Microsoft Azure cloud environments
• Up-to-date knowledge of security best practices for cloud and modern architectures

Experience Required

• Proven commercial experience in information security and cybersecurity strategy
• Demonstrable experience developing, implementing, and maintaining security policies and procedures
• Track record of delivering training and embedding security practices across organisations

What’s on Offer

• Salary up to £65,000
• Hybrid working model (Witney-based with flexibility)
• Opportunity to lead and shape security strategy
• Exposure to a broad range of technologies and business stakeholders
• Collaborative and forward-thinking environment

#J-18808-Ljbffr…