Job description
Information Security & Compliance Officer
£33K to £45K plus LWA of £6, to £8, (only applicable in London)
Onsite/Hybrid working - London or Glasgow based
Permanent opportunity
My client are a leading Charity organisation who is seeking an experienced Information Security and Compliance Officer to join their IT team. This critical role will be responsible for maintaining information security policies and controls, conducting security reviews, and ensuring the protection of all information security assets.
Key Responsibilities:
Work closely with the Head of IT and Data Protection Officer to provide security guidance for IT and departmental projects.
Design and implement security standards, policies, guidelines, and architectural principles to meet the organisation's cyber security goals.
Develop and implement data loss prevention (DLP) policies, data retention, classification, and archiving processes.
Support the Data Protection Officer with data breach incidents and subject access request tasks.
Audit external platforms and ensure they meet the organisation's security standards.
Be part of the Cyber Security Incident Response team and respond to security inquiries.
Promote cyber security awareness through training and internal phishing campaigns.
Perform security and user permissions audits, organise penetration testing, and ensure corrective actions are taken.
Monitor core platforms, network infrastructure, and systems for unusual activity and insider threats.
Qualifications and Experience:
Degree-level education.
Certified in CISSP or CISM, or working towards certification.
Strong understanding of IT networking, firewalls, protocols, and access management concepts.
Broad knowledge of various IT systems, including cloud computing platforms (Microsoft and Azure), with a deep understanding of associated security risks.
Experience working with and deploying SIEM and CASB systems, intrusion detection/prevention, and Microsoft conditional access policies.
Familiarity with information security principles and best practices (e.g., ISO, ISF Standards of Good Practice for Information Security).
Understanding of and practical experience with GDPR, Freedom of Information Act, and related legislation.
Ability to present security topics to non-technical audiences and communicate business and technical risks effectively.
Self-motivated and proactive approach.
Morgan Hunt is a multi-award-winning recruitment business for interim, contract and temporary recruitment and acts as an Employment Agency in relation to permanent vacancies. Morgan Hunt is an equal opportunities employer. Job suitability is assessed on merit in accordance with the individual's skills, qualifications and abilities to perform the relevant duties required in a particular role.
