• Profile
GET IN TOUCH: 01789 290900
Due to the Covid-19 crisis some of our clients have understandably had to put their Graduate Recruitment for 2020 on hold. They are very hopeful that things will go live in September so please continue to register your details with Best Graduates and upload a copy of your CV in word format as soon as you can. We will then contact you as soon as suitable positions arise. Thank you for your interest and stay safe!

Information Security & Compliance Officer

South East
Salary Details:
£25,000 - £35,000 plus excellent benefits
08 Oct 2019
Vacancy Type:
Job Description


This is a great time to join the UK's leading teleradiology company and drive forward the strategic security & compliance programme. Our client is high growth PLC with an exciting future. They have a rare opportunity to join their Information Security & Risk team based in their office in Hastings, East Sussex.

Joining an established team and reporting to the Head of Information Security & Risk, you will have the opportunity to play a key part in developing, managing & maintaining information security and quality management systems (ISMS & QMS) whilst helping to deliver the wider strategic programme. This role offers a wide variety of work:

  • Administration and maintenance of their management systems (certified to ISO 27001 & ISO 9001).
  • Plan, prepare and undertake internal audit activities and producing high quality audit reports.
  • Produce & maintain high quality policy, process and procedure documents.
  • Assist the business to create & supervise remedial action plans to reduce or mitigate risk.
  • Assist with their annual submission of the NHS Data Security & Protection Toolkit and our Cyber Essentials certification.
  • Assist with their data protection programme including maintaining records of processing.
  • Developing and maintaining relationships with business peers to embed and encourage positive culture for information security & data protection.
  • Supporting the team with other information security, data protection, risk and compliance related activities, when required.
  • Deputise for the Head of Information Security & Risk when required.


Benefits of working for this client:

  • Annual performance related bonus scheme.
  • Access to a private pension with company contributions.
  • Group life assurance scheme.
  • Opportunity to acquire company shares through the ShareSave scheme.
  • Career progression and ongoing personal development.
  • An engaged & supportive management team.
  • Company funded staff social events.

Ideally you will have SOME of the following experience & skills:

  • A degree qualification in Information Security, Cyber Security, Risk Management, Quality Management or other relevant subject.
  • A good understanding of best practice in the fields of information security and/or data protection, in particular ISO 27001, GDPR and the principles of risk assessment.
  • Able to communicate ideas or concepts as appropriate to the audience.
  • The ability to review documents and publications and summarise the key points relating to the business and/or department.
  • Confidence to communicate with people at all levels in person or over the phone.
  • Carrying out security risk assessments or data protection impact assessments (DPIA).
  • Excellent time management skills to self-manage and successfully see through multiple tasks or projects within agreed timescales.
  • A willingness & keenness to self-develop and learn, in particular about the wider information security & data protection domains.
  • The ability to embrace and encourage change.
  • Experience of managing an information security and/or quality management system.

Any of the following would be desirable but is NOT essential:

  • Experience of completing data protection impact assessments.
  • Experience of completing security assurance questionnaires.
  • Internal audit & report writing experience.
  • Experience of dealing with external auditors.
  • Experience of working within a regulated industry.
  • Experience of delivering security or data protection awareness training.
  • A technical understanding of computer systems, networks, protocols and security standards.
  • Experience or an understanding of applying security frameworks (e.g. ISO 27001, NIST or CIS).
  • Experience or an understanding of vulnerability management and penetration testing.
  • Experience or an understanding of the Quality Standard for Imaging (formally ISAS).
  • An understanding of the healthcare industry (NHS)

We will also consider candidates who can demonstrate transferable strengths or skills that can be effectively applied to this position.