Job Description

Job Title: Information Security Officer

Company Overview

Trace Solutions is an employee-owned PropTech company specialising in property management solutions. Based in Clerkenwell, central London, we serve approximately 300 organisations with our established software products: TRAMPS, BlueBox, 06ix, Mojo, and Estateman. With 60 staff members, we are recognised as a leading innovator in the property technology sector, with growth in our web-based applications and integration capabilities.

At Trace Solutions, we prioritise the well-being of our employees as a cornerstone of our success. We believe that a healthy work-life balance leads to greater productivity and job satisfaction. To support this, we offer a hybrid working environment and a comprehensive benefits package. Our commitment to fostering a supportive and inclusive environment ensures that every team member can thrive both personally and professionally.

Role Summary

The Information Security Officer will lead the organisation's cybersecurity strategy and operations, protecting digital assets, data, and infrastructure. This position combines strategic security planning with hands-on implementation of security controls, threat monitoring, and incident response. The role ensures compliance with data protection regulations whilst maintaining robust protection against cyber threats.

Key Responsibilities

Information & Cybersecurity Management (75%)

Security Strategy & Governance

Develop, implement, and maintain comprehensive information security policies, standards, and procedures Conduct regular security risk assessments and vulnerability analyses across IT systems and networks Design and implement security controls aligned with industry frameworks (Cyber Essentials, ISO 27001) Monitor and respond to emerging cyber threats and security vulnerabilities Maintain and update the information security management system (ISMS) Manage security budgets and provide cost-benefit analyses for security investments Develop security metrics, KPIs, and management reporting dashboards

Threat Detection & Incident Response

Implement and monitor security information and event management (SIEM) systems Lead incident response activities for security breaches and cyber attacks Conduct forensic analysis and post-incident reviews Coordinate with external security agencies and law enforcement when required Maintain and test incident response and business continuity plans Coordinate penetration testing and vulnerability assessments with external firms Develop threat intelligence capabilities and threat hunting programmes

Infrastructure & Network Security

Oversee firewall configuration, intrusion detection/prevention systems, and endpoint protection Manage identity and access management (IAM) systems and privileged access controls Ensure secure configuration of cloud services and hybrid environments Implement and maintain encryption standards for data at rest and in transit Oversee security aspects of remote working technologies Coordinate with DevOps teams to implement DevSecOps practices and secure CI/CD pipelines

Disaster Recovery & Business Continuity

Develop, implement, and maintain disaster recovery and business continuity plans Conduct regular DR testing and establish recovery time and point objectives Design and manage backup strategies for critical systems and data Oversee disaster recovery site management and failover procedures

Data Protection & Compliance (20%)

Regulatory Compliance

Ensure compliance with GDPR, UK Data Protection Act 2018, and relevant industry regulations Conduct Privacy Impact Assessments (PIAs) for new systems and processes Maintain Records of Processing Activities (RoPA) and data inventory Handle data subject access requests and data protection inquiries Coordinate with external auditors and manage regulatory inspections Ensure compliance with Cyber Essentials and other industry-specific standards

Data Governance & Third-Party Risk Management

Implement data classification and handling procedures Monitor data retention and secure disposal practices Oversee data loss prevention (DLP) technologies and policies Conduct security due diligence for new vendors and service providers Manage third-party risk assessments and ongoing vendor security monitoring Maintain vendor risk registers and risk treatment plans

Physical Security Coordination (5%)

Monitor and maintain CCTV surveillance systems Coordinate with facilities management on access control systems Liaise with alarm monitoring companies and security contractors Manage visitor access procedures and contractor security clearance Ensure physical security measures complement cybersecurity controls

Cross-Functional Responsibilities

Security Awareness & Training

Develop and deliver cybersecurity awareness training programmes Conduct phishing simulation exercises and security awareness campaigns Provide security guidance to development teams and business units Create security documentation and user guides

Business Development Support

Provide security expertise and documentation for tender processes Respond to security-related questions from potential customers Prepare security documentation and certifications for client proposals Support pre-sales activities by demonstrating security capabilities

Stakeholder Management & Reporting

Manage relationships with cybersecurity vendors and service providers Prepare regular security reports and metrics for senior management Present security updates to board and executive committees Coordinate security communications during incidents

Required Qualifications and Experience

Essential Requirements

Minimum 5 years' experience in cybersecurity, information security, or related field Professional security certification (CISSP, CISM, CISA, or equivalent) Understanding of network security, firewalls, and intrusion detection systems Experience with security monitoring tools, SIEM platforms, and incident response Knowledge of cloud security (AWS, Azure, or Google Cloud) Understanding of data protection regulations (GDPR, UK DPA 2018) Demonstrated experience in security risk assessment and management

Highly Desirable

Experience with security frameworks (Cyber Essentials, ISO 27001) Knowledge of penetration testing and vulnerability assessment tools Experience with DevSecOps and secure software development lifecycle Knowledge of threat intelligence platforms and threat hunting methodologies Experience with security architecture and design reviews Background in compliance and regulatory audit management

Key Skills and Competencies

Technical Skills

Proficiency with security tools (firewalls, SIEM, IDS/IPS, endpoint protection) Understanding of operating systems security (Windows, Linux, macOS) Knowledge of network protocols, encryption, and PKI Experience with cloud security controls and configurations Database security and application security principles Risk assessment and threat modelling methodologies

Analytical and Communication Skills

Strong problem-solving and analytical thinking abilities Attention to detail and ability to identify security weaknesses Capability to analyse complex security incidents and data Excellent communication skills for technical and non-technical audiences Ability to present to senior management and board-level stakeholders Project management and vendor relationship management experience
Job Type: Full-time

Pay: 50,000.00-60,000.00 per year

Benefits:

Company pension Cycle to work scheme Flexitime Free flu jabs Gym membership Life insurance Referral programme Sick pay
Work Location: Hybrid remote in London EC1V 0DU