Job Description

Information Security Officer

About Us

At Charis we work in partnership with our clients to improve the lives of vulnerable people by applying compassion, creativity and care to the safe delivery of financial support, products and services.

We are a vibrant business with a talented team who are dedicated to the work that we do.

We are based in Peterborough and have a fabulous new office where we collaborate, innovate and share ideas.

We want people who work with Charis to grow, innovate, excel, and learn. We have tech people, creative people and people-people, all focused on providing a superior client experience.

We value, support and champion those we work with, promoting personal growth and happiness. We get that our success is dependent on the collective energy, intelligence and contributions of all our people, and we are committed to ensuring our work environment is the best it can be.

Main Purpose of the Job

To play a crucial role in safeguarding our processes, systems, and data. To be responsible for developing and implementing risk management strategies, ensuring compliance with industry standards, and protecting the company from cyber threats.

Main Responsibilities

Risk Management and Governance

Develop, implement, and maintain the information security strategy and policies to comply with applicable laws and regulations. Evaluate risks associated with third-party vendors (such as cloud service providers or software suppliers). Implement due diligence processes to assess vendor security practices and contractual obligations. Stay informed about industry standards, legal regulations, and compliance frameworks (such as GDPR, CE+, and ISO 27001). Ensure our software development practices, and third-party vendors, adhere to these standards. Manage external audits, including ISO and CE+, conducting internal audits as needed to support compliance. Regularly maintain and review the IT Risk Register, developing strategies to reduce and mitigate known risks. Work with the Data Protection Officer and lead on all Data Protection topics including governance, strategy and incidents.

Security Monitoring and Incident Response

Define an appropriate target security posture, considering risks, threats, and vulnerabilities. Lead the efforts to monitor our computer networks for security issues. Collaborate with our third-party support provider to detect security events such as failed login attempts, malware infections, or unusual network traffic patterns. Stay informed about emerging threats, attack techniques, and vulnerabilities. Leverage threat intelligence feeds and collaborate with external partners.

Vulnerability Management and Mitigation

Co-ordinate yearly Penetration Tests on our Web Shop platform. Ensure a regular patching schedule is in place for our workstations and servers, with minimal disruption to our userbase. Provide training and education on cyber security topics to employees. Identify system vulnerabilities and develop strategies to mitigate them.

Strategic Planning and Roadmap Development

Develop and maintain a comprehensive information security strategy aligned with the business' overall goals. The strategy will outline the medium- to long-term vision for security. Create a security roadmap that charts the path toward achieving strategic security objectives. The roadmap will include milestones, initiatives, and resource allocation. Ensure that security initiatives directly support business objectives, digital transformation, and growth.

Knowledge, Experience and Competencies

Degree in Computer Science, Information Technology or Information Security, or qualified by experience. Professional qualification, or working towards CISSP, CISM, CRISC or equivalent 5+ years' experience in an information security role, with proven experience in governance, risk management or audit functions. Pro-active, results-driven individual with high levels of energy, flexibility, and commitment to deliver the business and functional objectives at pace. Demonstrable ability to multi-task to deliver according to identified business priorities. Excellent track record of embracing change and innovating to improve processes and ways of working. Demonstrable ability to learn new technology for the benefit of the business. An effective communicator and influencer with excellent written and verbal presentation skills. Demonstrable attention to detail. Strong collaboration skills. Ability to build relationships with business stakeholders.
You will be joining at a very exciting time - with continued investment and expansion driving growth. What are you waiting for? Apply today.

Unfortunately we cannot sponsor visa applications now or in the future. You must have the right to work in the UK.

Job Types: Full-time, Permanent

Pay: 40,000.00-50,000.00 per year

Benefits:

Additional leave Canteen Casual dress Company pension Cycle to work scheme Discounted or free food Employee discount Free parking Life insurance On-site gym On-site parking Paid volunteer time Referral programme
Application question(s):

Do you live within 30 miles of Peterborough? Will you require our support to obtain a visa, either now or in the future?
Education:

Diploma of Higher Education (required)
Experience:

information security: 5 years (required)
Language:

English fluently (required)
Work authorisation:

United Kingdom (required)
Work Location: In person