Website Nigel Wright Group

Fantastic opportunity for an experienced Information Security professional to take the lead on this national business’s Information Security activities.

The company operates a fully flexible hybrid working policy where on average the person will be onsite 2 days per week.

Leading a small team, you will be responsible for Information Security governance, risk and compliance (GRC) activities, providing security governance on projects, testing security controls, risk management processes and working in partnership with the wider teams and stakeholders. Specifically you will:

  • Provide ongoing development of all IT and Information Security processes and procedures
  • Manage internal and external security audits
  • Scope and schedule external security penetration tests for both applications and infrastructure with follow up plans to address any weaknesses identified.
  • Maintain the IT Risk Register, ensuring that all information security risks are documented and put in place mitigation plans to address these risks.
  • Monitor security alerts in order to identify and prevent potential cyber security incidents (SIEM, IPS, AV).
  • Manage Vulnerability Assessments and Penetration Tests and working with the IT Operations and Development teams, as well as 3rd parties, to remediate issues identified.
  • Advise and assist in security Incidents, maintaining a log of activity, proactively communicating progress and ensuring that any customer or personal data loss is minimised. Where there is a risk with customer / personal data ensuring that agreed communication policies are adhered to.
  • Maintain an awareness of all associated regulation and legislation.
  • Sit on the Change Advisory Board (CAB) when required and will need to challenge any changes that may have an adverse impact on the Security of the company’s infrastructure.

To apply for this job please visit