Contact
Search Jobs
Register

Information Security Officer

455
Nationwide
Permanent
Competitive Salary and excellent benefits package
Sorry, this advert is now closed. Click here to view our live vacancies.

Apply now

 

Why choose us?

Choosing to work for SMS means choosing to make a difference. We are changing how businesses and consumers use energy for the better, helping achieve a greener, sustainable, and more affordable energy system for everyone. Through our range of innovative energy solutions, we are delivering the future of smart energy – working closely with private and public sector partners we are playing a critical role in transforming and decarbonising the UK economy by 2050. 

 

What's in it for you?

  • 25 personal holiday days per year (with additional 8 public holidays) increasing to 30 personal days after 5 years of service (includes options to buy and sell)
  • Hybrid working options.
  • Enhanced Maternity and Adoption leave.
  • 24/7 free and confidential employee assistance service.
  • Medicash health plan offers a wide variety of benefits from cashback on everyday healthcare treatments like optical, dental and physio treatments. Discounted gym memberships and free 24/7 online GP.
  • Share Incentive Plan.
  • Life Insurance (4 x annual salary)
  • Pension matching scheme (upto 5% of salary)
  • Developing our people is important to us - we support and encourage development by offering internal and external accredited courses, secondments and study support.

 

 

 Visit Our People page

 

 

What's the role?

As an Information Security Officer, you will work as part of a wider Information Security team, handling the day-to-day administration of internal infosec, ISMS, audits, including implementation/ adherence to Information Security standards including ISO27001, Cyber Essentials Plus and NIST CSF. Compliance with GDPR regulations and reporting on the implementation of technical controls as needed.

You will be the main point of contact for responding to customer and supplier audits, tracking the results, and ensuring any remedial actions are carried out as well as generating management information for various steering level groups. Furthermore, you will be involved in other consulting works as part of the wider InfoSec and IT teams.

You will report into the Head of Information Security, the scope will cover the SMS PLC group and its subsidiaries to carry out the key responsibilities specified below. Building relationships with both internal and external stakeholders are key in delivering against the key metrics within the information security team.

In summary, the role is about collaborating with others to enhance the maturity of the organisations IT & Information Security function enabling the business to operate securely and efficiently without compromising productivity. A successful candidate will be able to work independently and within a group dynamic to deliver against key goals set out in the SecOps roadmap. 

Work Schedule - Hybrid working Monday to Friday 8:45 to 17:00, at times you may be required to travel to sites across the UK to perform onsite security audits facilitating both internal and external parties.

 

Key responsibilities:

  • ISO27001 + SMETS 2 Audits and evidence collation and Conduct Internal Assessments against ISO 27001
  • Management the Information Security Management System, including writing policies, standards or procedures and supply guidance to Business stakeholders around Information Security/GDPR/Data privacy concerns.  Report Generation across Information Security areas of responsibility
  • Managing External Audit Request Process
  • Driving maturity against information security standards including ISO27001 and NIST Cyber Security Framework (CSF).
  • Maintaining the IT Risk Register by carrying out regular risk assessments across the group.
  • Data Governance response tasks and data cleansing
  • Third party supplier management, RFCs, due diligence

 

To be considered for this role, we would love you to have:

  • ISO27001 Lead Auditor/Implementer Certification - Essential
  • Experience of ISO27001 implementation and Auditing - Essential
  • Certified Information Systems Auditor (CISA) (or equivalent) 
  • A degree in Information Technology/Computer Information Systems (or equivalent)
  • Experience of Cyber Essentials Plus
  • Clear understanding of IT audit methodologies.
  • Experience within an Information Security role, with extensive experience on Information Security processes and regulations
  • Experience of managing/ implementing IT Risk Management frameworks
  • Ability to work under pressure in a fast-paced and developing environment.
  • Strong attention to detail with an analytical mind and outstanding problem-solving skills.
  • Broad awareness and interest of Information Security trends.
  • Software Application and Cloud Security principals and practice
  • General and broad IT knowledge across Infrastructure, Development and Service Management 
  • Previous working experience within an information security governance risk and compliance role

 

 

#LI-Remote

Register
Phone
Cookies on this website
We to ensure that we give you the best experience on our website. If you wish you can restrict or block cookies by changing your browser setting. If you continue without changing your settings, we'll assume that you are happy to receive all cookies on this website.

View our Cookie Policy

Accept Essential OnlyAccept All