Information Security Officer

Exciting opportunity for an experienced Information Security Officer to join global professional services organisation based in Glasgow.



You will have a key role in ensuring the security of their systems and data by evaluating the risks associated with third-party vendors and internal projects and recommending appropriate risk mitigation strategies. You will work closely with cross-functional teams across the organisation to ensure compliance with security standards and best practices. Key responsibilities will include:

• Conduct vendor risk assessments and project security risk assessments based on established methodologies and frameworks.
• Evaluate security risks associated with third-party vendors and internal projects, considering factors such as security, privacy, and compliance.
• Identify vulnerabilities and potential risks and provide recommendations for risk mitigation strategies.
• Ensure compliance with security policies, standards, and procedures in vendor relationships and project activities.
• Develop and maintain security assessment frameworks and methodologies for vendor risk assessments and project security risk assessments.
• Collaborate with procurement teams to assess and manage security risks associated with vendors.
• Review vendor security documentation, such as questionnaires, audits, and certifications, to evaluate their security posture.
• Provide guidance to procurement teams regarding security requirements and standards for vendor selection and ongoing monitoring
• Apply risk management principles to identify, assess, and prioritise security risks.
• Conduct periodic reviews and audits to ensure compliance with security policies, standards, and regulatory requirements.
• Support the development and enforcement of security policies, standards, and procedures related to vendor management and project security.
• Risk and Control - Ensure that all activities and duties are carried out in full compliance with our regulatory requirements and internal policies.
  
  

Essential Skills And Experience:

• Bachelor's degree in Computer Science, Information Technology, or a related field (or equivalent work experience).
• Professional certifications such as CISA, CISM, or similar credentials are preferred.
• Strong knowledge of information security principles, best practices, and standards (e.g., ISO 27001, NIST).
• Experience in conducting vendor risk assessments and project security risk assessments.
• Familiarity with security frameworks and assessment methodologies.
• Knowledge of regulatory requirements related to data privacy and protection (e.g., GDPR, CCPA) is a plus.
• Strong analytical and problem-solving skills.
• Excellent written and verbal communication skills.
• Ability to work independently and collaboratively in a team-oriented environment.
• Attention to detail and a commitment to maintaining high-quality standards.
  
  
  

This role will offer a competitive market salary and comprehensive Benefits package.

Hybrid work - with 3 days per week in their Glasgow office.