• Profile
GET IN TOUCH: 01789 290900

Information Security & Compliance Officer

South East
Salary Details:
£25,000 - £35,000 plus excellent benefits
08 Oct 2019
Vacancy Type:
Job Description


This is a great time to join the UK's leading teleradiology company and drive forward the strategic security & compliance programme. Our client is high growth PLC with an exciting future. They have a rare opportunity to join their Information Security & Risk team based in their office in Hastings, East Sussex.

Joining an established team and reporting to the Head of Information Security & Risk, you will have the opportunity to play a key part in developing, managing & maintaining information security and quality management systems (ISMS & QMS) whilst helping to deliver the wider strategic programme. This role offers a wide variety of work:

  • Administration and maintenance of their management systems (certified to ISO 27001 & ISO 9001).
  • Plan, prepare and undertake internal audit activities and producing high quality audit reports.
  • Produce & maintain high quality policy, process and procedure documents.
  • Assist the business to create & supervise remedial action plans to reduce or mitigate risk.
  • Assist with their annual submission of the NHS Data Security & Protection Toolkit and our Cyber Essentials certification.
  • Assist with their data protection programme including maintaining records of processing.
  • Developing and maintaining relationships with business peers to embed and encourage positive culture for information security & data protection.
  • Supporting the team with other information security, data protection, risk and compliance related activities, when required.
  • Deputise for the Head of Information Security & Risk when required.


Benefits of working for this client:

  • Annual performance related bonus scheme.
  • Access to a private pension with company contributions.
  • Group life assurance scheme.
  • Opportunity to acquire company shares through the ShareSave scheme.
  • Career progression and ongoing personal development.
  • An engaged & supportive management team.
  • Company funded staff social events.

Ideally you will have SOME of the following experience & skills:

  • A degree qualification in Information Security, Cyber Security, Risk Management, Quality Management or other relevant subject.
  • A good understanding of best practice in the fields of information security and/or data protection, in particular ISO 27001, GDPR and the principles of risk assessment.
  • Able to communicate ideas or concepts as appropriate to the audience.
  • The ability to review documents and publications and summarise the key points relating to the business and/or department.
  • Confidence to communicate with people at all levels in person or over the phone.
  • Carrying out security risk assessments or data protection impact assessments (DPIA).
  • Excellent time management skills to self-manage and successfully see through multiple tasks or projects within agreed timescales.
  • A willingness & keenness to self-develop and learn, in particular about the wider information security & data protection domains.
  • The ability to embrace and encourage change.
  • Experience of managing an information security and/or quality management system.

Any of the following would be desirable but is NOT essential:

  • Experience of completing data protection impact assessments.
  • Experience of completing security assurance questionnaires.
  • Internal audit & report writing experience.
  • Experience of dealing with external auditors.
  • Experience of working within a regulated industry.
  • Experience of delivering security or data protection awareness training.
  • A technical understanding of computer systems, networks, protocols and security standards.
  • Experience or an understanding of applying security frameworks (e.g. ISO 27001, NIST or CIS).
  • Experience or an understanding of vulnerability management and penetration testing.
  • Experience or an understanding of the Quality Standard for Imaging (formally ISAS).
  • An understanding of the healthcare industry (NHS)

We will also consider candidates who can demonstrate transferable strengths or skills that can be effectively applied to this position.