Information Security Officer

Information Security Officer

Manchester / Hybrid

NQC is a well established, successful and growing Manchester City Centre based software company specialising in supply chain risk management platforms.

We’re in the ‘Tech for Good’ space, providing online web platforms which are in use by some of the largest organisations across a number of industries including the UK Government, the Automotive industry and the Defence & Aerospace industry.

Our purpose is to assess supply chains, accelerate their transformation and advance positive global change.

We’re seeing lots of activity in this space with organisations becoming engaged in both understanding their suppliers and proactively working to build sustainable, ethical and responsible supply chains.

We are looking to recruit an Information Security Officer to lead in all aspects of GRC across the organisation. As monitoring and assessing risk, you will make recommendations of the necessary corrective actions required, and ensure they are implemented effectively.

As Information Security Officer you will take responsibility for:

• Ensuring our Information Security and Cyber security policies and processes are kept up to date and in line with business requirements.

• Developing, managing and delivering Information Security projects from initiation to implementation with a continuous improvement and collaboration focus

• Building, managing and monitoring activity and routine reports, raising awareness and adherence across the IT directorate and wider business
• Managing audit processes to ensure adherence to ISO 27001, TISAX and Cyber Essentials standards

• Representation on Customer Information Security groups

• Managing third party web application PEN testing suppliers
• Maintain, analyse, and monitor cybersecurity threats
• Conducting security and data protection assessments with internal business units and external third parties to ensure ongoing security and data protection requirements are met
• Working with our commercial teams to complete Security and Data Protection assessments in a timely manner
• Managing security incident response and continuous monitoring of effectiveness of the mitigation actions and outcomes
• Provide regular reports and updates to the Board of Directors

Requirements

• Strong working knowledge of data privacy laws, information security and industry best practices and how they might impact a software business like ours
• Ability to prioritise tasks, problem solve, work under pressure, and be a business partner to the company, ensuring that we balance our compliance and security goals against commercial needs, giving consultative information advice and guidance as necessary
• Experience working with one or more of the following compliance frameworks: ISO 27001, Cyber Essentials, TISAX

Benefits

• Flexible hybrid working - 2/3 days working at our Manchester office each week
• 25 days holiday (Increasing with length of service)
• Flexible use of bank holidays - use as them as you choose

• Health Cash Plan

• 24/7 Doctor

• Life Assurance

• Perkbox

• Discount of retail and leisure