Information Security Officer
Posted 1 day ago by Westcoast Limited
£57,000 Per year
Undetermined
Undetermined
England, United Kingdom
Summary: The Information Security Officer at Westcoast will report to the Director of Cyber Security, focusing on security consultancy and risk management to enhance compliance and risk posture. The role involves leading security engagements, managing ISMS frameworks, and supporting a security transformation program. The ideal candidate will possess strong technical skills and experience in GRC, with a commitment to continuous improvement in security practices. Regular travel to UK offices is required, along with the ability to pass security vetting.
Key Responsibilities:
- Conduct security assessments and manage Westcoast's hosted and cloud infrastructure, networks, endpoints, and applications against threat models.
- Develop testing and remediation plans, tracking their implementation with system owners.
- Collaborate with the Technical Design Board to develop security architecture and patterns.
- Steward information security risks and work with the Business Assurance team on reporting.
- Focus on crown jewel systems to ensure risk posture and cyber resiliency.
- Manage technical risks from Data Protection Impact Assessments.
- Record and manage policy exceptions and risks on risk registers.
- Maintain and audit Information Security Management System Policies and Procedures.
- Operate a vendor risk management program, including surveillance of critical suppliers.
- Engage in External Attack Surface reduction activities.
- Create and maintain a security awareness program.
- Provide management reporting and real-time dashboards for compliance assurance.
- Execute the Security Improvement Plan related to security operations and engineering activities.
- Provide end-to-end assurance of compliance with existing Information Security policies and standards as needed.
Key Skills:
- Minimum of 3 years’ experience in a relevant full-time security position.
- Security professional qualification such as CISSP, CISM, CCSP, CISA, ISO27001 Lead Implementor/Auditor, CEH, or equivalent.
- Degree from NCSC-certified programs.
- Knowledge of security frameworks like ISO27001, NIST, CIS Controls, and PCI-DSS compliance.
- Understanding of HMG security standards (e.g., Security Policy Framework, Cyber Essentials Plus).
- Experience managing security incidents and investigations, including APT threat actors.
- Experience with enterprise-level IT and network teams, systems, and processes.
- Familiarity with security products (e.g., firewalls, web filtering, anti-virus).
- Knowledge of specialized security tools (e.g., Palo Alto, Tenable, Defender, Sentinel).
- Cloud Computing experience from multiple vendors (O365, Azure, AWS, Google).
- Able to prioritize risks and understand technical resolutions.
- Inquisitive nature with a commitment to ongoing personal development in security knowledge.
Salary (Rate): £57,000.00 yearly
City: undetermined
Country: United Kingdom
Working Arrangements: undetermined
IR35 Status: undetermined
Seniority Level: undetermined
Industry: IT
At Westcoast, we take pride in distributing some of the most renowned global IT brands to resellers, retailers, and organizations across the UK and beyond. As an innovative and inclusive company, we thrive on teamwork and the diverse talents of our people. We invite you to turn your passion into a rewarding career with us!
The Job Role
Reporting to the Director of Cyber Security you will work on security consultancy and risk activities with external and internal stakeholders continually improving the risk posture and compliance. Additional you will support a security transformation program playing an essential role in delivering initiatives. We are looking for someone who can shape change and has an experience in GRC, and project consultancy. Our ideal candidate will have a focus on improvement, a passion security and strong technical skills. Experience in managing ISMS frameworks to ISO27001 and Cyber Essentials Plus standards is key to the role. As an experienced security consultant, you will lead on the security engagements ensuring security risks and vulnerabilities are identified and remediated, an ensure continued security through audit and testing of deployed systems. You will be the subject matter expert on security controls in your realm of authority, authorizing changes as required. This will include maintaining the Information Security Management System policies and procedures. Using the security tooling and reporting you provide management reporting and meaningful metrics, working towards KPIs linked to the organization’s security improvement plan (SIP) and objectives. The role holds the responsibility for delivery of parts of the SIP as it applies to security compliance and consultancy functions. Lastly, the role will develop capabilities in line with continuous improvement and the threat landscape. Regular travel to UK based offices is required in this role. You must be able to achieve Westcoast security vetting.
Your Day-to-Day Responsibilities Will Include
- Security assessment and management of Westcoast hosted and cloud infrastructure, networks, endpoints, and applications and data against threat models. Including developing testing and remediation plans with tracking.
- Working with system owners to drive the implementation of identity good practice and in particular single sign on and federated services.
- Working with the Technical Design Board on developing security architecture and patterns.
- Stewardship of information security risks working with the Business Assurance team on reporting.
- Focusing on crown jewel systems ensuring risk posture and cyber resiliency needs.
- Ensuring technical risks form Data Protection Impact Assessments are managed.
- Ensure policy exceptions and risks are recorded and managed on risk registers.
- Maintenance and audit of Information Security Management System Policies and Procedures.
- Operating a vendor risk management program including surveillance of critical suppliers. This is to also include External Attack Surface reduction activities.
- Creation and maintenance of a security awareness program.
- Security Reporting providing management reporting and real time dashboards, to provide the security team business and management assurance of the compliance of projects and IT security controls.
- Execution the Security Improvement Plan as it applies to security operations and engineering activities.
- Where requested on contracts - Provide end to end assurance of compliance with existing Information Security policies and standards (attend meetings with customers etc.).
Is this the role for you?
Skills
To be successful in this role you will have some of the following skills and experience and the desire to develop in other areas:
- Minimum of 3 years’ experience in a relevant full time security position.
- A security professional qualification such as CISSP, CISM, CCSP, CISA, ISO27001 Lead Implementor/Auditor, CEH or equivalent Or an equivalent recognized Information Security discipline.
- Degree: NCSC-certified degrees - NCSC.GOV.UK.
- Previous experience and knowledge of security frameworks i.e. ISO27001, NIST, CIS Controls and PCI-DSS compliance.
- An understanding of HMG security standards (e.g. Security Policy Framework, Cyber Essentials Plus, Cloud security principles etc.).
- Experience of managing Security incident and investigations including APT threat actors.
- Experience of working with enterprise level IT and network teams, systems and processes.
- Experience of security products, e.g., firewalls, web filtering, anti-virus etc.
- Some knowledge of specialized security tools would be highly desirable (e.g. Palo Alto, Tenable, Defender, Sentinel tools). would be very beneficial.
- Cloud Computing experience from multiple vendors (O365, Azure, AWS, Google, etc.).
- Able to prioritise risks and understand technical resolution in order to estimate time required to fix.
- Works through and supervise tasks accurately, thoroughly and methodically.
- Inquisitive by nature, committed to on-going personal development and increasing security knowledge and capability.
What’s in It for You?
This is a fantastic opportunity to immerse yourself in the IT industry, build lasting relationships, and grow with a Sunday Times Top Track 100 company.
Growth Opportunities: We offer training and development opportunities to help you reach your full potential. Whether it’s funded apprenticeships, work-based studies, or professional qualifications, we’ve got you covered.
Generous Benefits Package: Enjoy 25 days of holiday, employee referral bonuses, perks and discounts. (Theale only – New fully equipped gym available 24/7).
Wellbeing Support: Access to Westcoast Wellbeing services including mental health counselling, virtual GP services, physiotherapy, life insurance, eye care schemes, and more.
Community & Connection: Our teams enjoy social and charitable events throughout the year, fostering a strong sense of belonging.
What’s Next?
If you’re ready to join a company that values its people and rewards success, click apply to start the quick application process (5-6 mins). Please note: Due to the high volume of applications, we may not be able to provide individual feedback for every candidate. If you don’t hear from us within 14 working days, we’ve moved forward with other applicants for this role, but we encourage you to explore future opportunities with us.