Job Summary
We are seeking an Information Security Specialist to join our team. This is a challenging role that requires strong technical expertise, excellent communication skills, and the ability to work collaboratively with various stakeholders.
The successful candidate will be responsible for managing security tasks such as risk management and security reviews of SaaS tools and new system implementations. They will also deliver Information Security Awareness training, establish a security-focused culture, and implement activities to promote this culture throughout the organization.
In addition, they will recommend and implement security improvements to existing processes and our SaaS tool stack. They will manage, update, and communicate security policies and documentation in line with ISO 27001 standards.
They will respond to day-to-day security questions and incidents from across the organization. They will support compliance initiatives and security audits, including SOC 2 Type II certification maintenance. They will conduct security risk assessments for new business requirements and system changes.
They will work closely with IT Teams, TPRM, and Legal departments to ensure safety and compliance.
Key Responsibilities:
* Manage security tasks such as risk management and security reviews of SaaS tools and new system implementations.
* Deliver Information Security Awareness training and establish a security-focused culture.
* Recommend and implement security improvements to existing processes and our SaaS tool stack.
* Manage, update, and communicate security policies and documentation in line with ISO 27001 standards.
* Respond to day-to-day security questions and incidents from across the organization.
* Support compliance initiatives and security audits, including SOC 2 Type II certification maintenance.
* Conduct security risk assessments for new business requirements and system changes.
Requirements
1. Bachelor's degree in Computer Science, Cybersecurity, Engineering, or related field, or equivalent practical experience.
2. 2-3 years of professional experience in Information Security.
3. Experience with SOC 2 Type II or ISO 27001 audits and compliance frameworks.
4. Strong understanding of security best practices including encryption, access controls, and network security.
5. Knowledge of cloud security principles, preferably AWS.
6. Experience with security tools and technologies such as vulnerability scanning, GRC, SIEM, and monitoring platforms.
7. Understanding of risk management frameworks and security assessment methodologies.
8. Familiarity with regulatory requirements including GDPR, Data Protection Act 2018, and PCI-DSS.
9. Strong problem-solving skills and attention to detail.
10. Excellent communication abilities and proven track record of successful team collaboration.