Information Security Officer

Cavendish Maine Recruitment
£50,000 per annum
09 Sep 2017
23 Oct 2017
Contract Type
Full Time

Job Title: Information Security Officer

Location: Staffordshire

Salary: £50,000 - £55,000 + Excellent Benefits

Job Sector: Information Security and Risk Management

Job Function: Group Information Security Officer

Experience Level: Manager

Contract Type: Full Time, Permanent

Job Ref: AR/J19294

Nationwide Claims Management Solution Provider, who specialise in the handling of commercial claims across all classes of business, is recruiting for an Information Security Officer. This senior role will be based in Stoke on Trent and provide full UK support including Ireland.

The role will be responsible for the development and delivery of a comprehensive information security and privacy programme for the Group. The ISO will be required to provide support and advice to the business on all aspects of information risk including information security, data protection and privacy. In addition the role is to manage information security governance projects and initiatives and assist the business to define appropriate controls to manage risks associated with all information (including personal and business data). The scope of this is Group wide and includes information primarily in electronic format with a smaller percentage of manual data. The role will report to the Corporate Services Director.

Position Duties will be as follows:


  • Coordinate the development of the Groups information security policies, standards and procedures.
  • Work with key IT stakeholders and the Information Security and Business Continuity Group to develop such policies.
  • Ensure that policies support compliance with external requirements.

Education and Training:

  • Coordinate the development and delivery of an education and training programme on information security and privacy matters for employees and suppliers.


  • Serve as the Groups Information Security officer with the Groups Clients.
  • Responsible for the Group Data Protection.
  • Work with Clients at the tender stage and throughout the life time of the Client contract for information security changes and audits.
  • Oversee Data Subject Access requests. Manage the Group’s ISO27001 accreditation to ensure maintenance and compliance with accreditation requirements.

Risk Management:

  • Manage and complete information risk and information security reviews, including due diligence of third parties.

Incident Response:

  • Develop and implement an Incident Reporting and Response System to address security incidents (breaches), respond to alleged policy violations or complaints from external parties.
  • Serve as the Groups official contact point for information security, privacy infringement incidents.

Official Contact:

  • Serve as the Groups designated representative on Information Security matters, including external and internal audits, client requests on security, data and privacy matters.

Business Continuity:

  • Input to the development, implementation and enhancement of the Business Continuity Framework.
  • Information Security and Business Continuity Group (IS&BC Group).
  • Manage the Groups IS&BC Group.

Maintain Knowledgebase:

  • Keep abreast of latest security, data and privacy legislation, regulation in particular ISO27001 and GDPR

To be successful in the role, you will have relevant experience in an IT and IT Information Security role as well as extensive knowledge of Information Security and Cyber risk and control frameworks. You will also have practical experience of implementing risk management improvements or performing oversight. You will be an excellent communicator both written and verbally at all levels, and have a strong track record of building positive relationships at a senior level providing constructive support and challenge to Directors.

Sound practical knowledge of Information Technology Standards including ISO27001, PCI accreditation,


Preferable but not essential to hold a recognised information security qualification such as Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP), ISO audit qualification or similar


Experience of the Data Protection Act and new GDPR

5 years experience in a senior technical IT infrastructure role

Experience in a similar Information Security role

Driving Licence essential