Information Security & Compliance Officer

Information Security & Compliance Officer
Hybrid

HSS ProService is revolutionising the building services industry, offering a cutting-edge online marketplace for tools, equipment, and materials. Building on HSS Hire's legacy, we're blending innovation and customer-driven solutions to focus on sustainability.

We're looking for an experienced Information Security & Compliance Officer to lead and evolve our security and compliance framework, protecting our customers, our data, and our business as we scale.

The impact you’ll have:

You’ll be the heart of our Governance, Risk & Compliance team, designing and delivering a security and compliance function that’s future-ready. From technical controls to cultural awareness, you’ll help us stay ahead of emerging risks and regulations, ensuring our platform is resilient, secure, and trusted by every customer and supplier.

A typical day:

• Develop and own our Information Security Management System (ISMS) aligned with ISO 27001
• Maintain security policies, control frameworks, and ensure compliance with UK GDPR, Cyber Essentials Plus, PCI-DSS, and DPA
• Conduct risk assessments, manage our risk register, and lead remediation actions
• Oversee security tooling and controls, from endpoint protection to vulnerability management
• Support platform and IT teams on secure design, deployments, and third-party risk
• Lead incident response efforts, from root cause analysis to post-incident reviews
• Deliver training and awareness programmes that embed a culture of security across the business
• Collaborate with senior leadership, providing clear reporting on posture, risks, and improvements
• Act as the go-to expert on security and compliance across all business units

What you’ll bring:

• 3+ years’ experience in security, compliance, or risk roles within mid-to-large UK organisations
• Deep knowledge of ISO 27001, UK GDPR, and frameworks like Cyber Essentials
• Practical experience with risk management, audit preparation, incident response, and policy development
• Familiarity with technical controls such as access management, scanning tools, and endpoint security
• Strong communication and influencing skills, able to translate complex topics for all levels
• Proficiency in Excel, PowerPoint, and reporting for stakeholder engagement

It’d be great if you also have:

• Certifications like ISO 27001 Lead Implementer/Auditor, CISSP, CISA, or CRISC
• Experience in cloud environments (Microsoft 365, Azure, AWS)
• Exposure to SIEM, DLP, or GRC platforms
• Background in B2B, e-commerce, logistics, or construction supply chains

What you’ll get back:

Join a forward-thinking team committed to transforming how businesses operate, using the latest technology and a bold vision. If you're passionate about being part of an industry disruptor, this is the place to build your career.

• Your birthday each year as annual leave to spend how you want to!
• One day per year to contribute to local voluntary work, giving back to your community
• Training and development opportunities to further your career and access relevant courses
• Wellbeing and healthcare support to ensure you stay happy and healthy at work and home
• A culture of revolution, driving digital and technological change in a traditional industry
• Discounts and cashback on a wide range of purchases including days out, restaurants, gym memberships, and shopping
• Flexible benefits options through our Benefits portal, such as Critical Illness Cover, Cycle To Work, Holiday Buy Scheme, and more

We are laying the foundation for a new era in the building services industry, creating a place where every voice helps build the future. No matter your background, if your contribution will help grow our business, we want to hear from you.

We're committed to breaking down barriers and fostering a diverse community where everyone has the chance to contribute.

Don’t feel like you tick every box? Studies show women are less likely to apply if they don’t meet 100% of a role’s criteria. We encourage your application even if you don’t meet every requirement. If you have questions, please email [emailprotected], and our team will be in touch.