Job Description

All candidates must have full right to work in the UK.

All candidates must be able to drive as it is a rural location

Office based - 40 hours per week

Position Overview:

The Security Engineer is a key role responsible for overseeing and managing the security functions within an organisation. This role plays a critical part in ensuring the protection of company assets, data, and systems, as well as maintaining compliance with relevant standards. The Security Engineer collaborates with cross-functional teams to develop, implement, and maintain security policies and procedures while promoting a culture of security awareness and best practices.

Key Responsibilities:

Responsibilities:

1. Security Strategy, Planning and Reporting:

Develop and implement a comprehensive security strategy aligned with business objectives. Assess risks, vulnerabilities, and potential threats to information systems and assets. Maintain and define security policies, standards, and procedures to ensure the confidentiality, integrity, and availability of data. Track key security KPIs for executive reporting. Prepare monthly security status reports and risk posture updates for the COO and leadership team. Collaborate with stakeholders to establish security requirements and ensure their integration into system designs and processes.

2. Security Operations:

Run the day-to-day (BAU) operations of the security function, ensuring consistent execution of routine tasks such as access reviews, patching oversight, monitoring alerts, and maintaining security logs. Oversee the implementation and management of security controls, including firewalls, intrusion detection systems, access controls, and encryption mechanisms. Establish incident response procedures and lead investigations in the event of security incidents or breaches. Drive improvements to the centralized monitoring system for insider threats, anomalous behaviours, and access violations. Manage Privileged Access Management (PAM) and Privileged Identity Management (PIM) controls, including ongoing monitoring and exception handling. Stay up to date with emerging threats and vulnerabilities and proactively address potential risks. Conduct security awareness training and education programs for employees.

3. Collaboration and Stakeholder Management:

Collaborate with cross-functional teams, including Risk & compliance, IT, legal, human resources, and operations, to ensure security and compliance requirements are met. Engage with industry groups to maintain awareness of best practices and emerging trends. Provide guidance and recommendations to management and employees on security-related matters. Foster a culture of security awareness and accountability throughout the organisation.

Qualifications & Experience

Bachelor's degree in information security, Cybersecurity, Computer Science, or a related field. Master's degree or relevant postgraduate qualifications are a plus. 5+ years of progressive experience in information security, risk management, or compliance roles, ideally within regulated or cloud-first environments. Working knowledge of information security management systems (ISMS), particularly ISO/IEC 27001 and SOC 2 Type 2. Hands-on experience preparing for and supporting SOC 2 Type 2 audits, including control implementation, evidence collection, and auditor coordination. Demonstrated expertise in implementing and managing security controls across cloud and on-premises environments. Solid understanding of data protection regulations (e.g., GDPR, HIPAA) and how to operationalize compliance within modern SaaS businesses. Proven track record in incident response planning, investigation, and mitigation. Familiarity with security frameworks such as NIST CSF, CIS Controls, or COBIT is desirable.

Certifications (Preferred or Strongly Advantageous)

Information Security

: Certified Information Systems Security Professional (CISSP) Certified Information Security Manager (CISM) ISO/IEC 27001 Lead Implementer or Lead Auditor Certified Information Systems Auditor (CISA)

Compliance & Risk

: Certified in Risk and Information Systems Control (CRISC) GDPR Practitioner or CIPP/E (for privacy compliance)

Soft Skills and Leadership

Leadership, communication, and stakeholder engagement skills across technical and non-technical teams Ability to influence and educate teams on security awareness and compliance best practices Comfortable working in high-trust, regulated environments with executive-level visibility Highly organized, analytical, and proactive in identifying and mitigating risks
Job Type: Full-time

Pay: 35,000.00-40,000.00 per year

Benefits:

Casual dress Company pension Free parking Gym membership Health & wellbeing programme On-site gym On-site parking Private dental insurance Private medical insurance Sick pay
Ability to commute/relocate:

Knutsford WA16: reliably commute or plan to relocate before starting work (required)
Work authorisation:

United Kingdom (required)
Work Location: In person