Information Security Officer

Salary: GBP50k – GBP60kWork Pattern: Hybrid

A new position has opened at an exciting software company for an Information Security Officer to lead the organisation's security strategy, operations, and compliance efforts. This hands–on role blends strategic security architecture with day–to–day operational management and regulatory compliance oversight. The ideal candidate will establish and maintain security standards across the product portfolio, oversee secure system environments, and act as the primary contact for ISO 27001, PCI DSS, and GDPR compliance. Additionally, this role will support our commercial teams by contributing to tender responses and ensuring client security assurance.

They are a technology company helping organizations streamline operations and deliver exceptional experiences across education, events, and related industries. With many years of experience and a broad global client base, they develop solutions that simplify complexity and drive smarter, more efficient ways of working.

• Define and maintain robust security architecture and standards across multi–cloud SaaS platforms.
• Integrate security best practices into product design, development, and roadmap planning.
• Conduct threat modelling and risk assessments for new features and system changes.
• Evaluate and recommend security technologies and tools.

• Manage security environments across Azure and AWS infrastructure.
• Lead incident response efforts and coordinate vulnerability remediation activities.
• Manage continuous security monitoring, alerting, and detection systems.
• Administer vulnerability management and penetration testing programs.
• Maintain strong identity, access, and privilege management controls.

• Manage and maintain ISO 27001 certification and audit processes.
• Ensure ongoing compliance with PCI DSS for payment–related systems.
• Oversee GDPR compliance across products, services, and internal operations.
• Complete HECVAT assessments and respond to security questionnaires for higher education tenders.
• Support sales and customer success with security documentation and evidence.
• Serve as the primary point of contact for all customer and prospect security inquiries.

• Strong background in information security within SaaS or cloud environments (ISV or B2B preferred).
• Proven track record managing ISO 27001 certification and compliance.
• Hands–on experience implementing GDPR in software products.
• Working knowledge of PCI DSS and securing payment systems.
• Deep understanding of cloud security across Azure and/or AWS.
• Skilled in application security and the secure development lifecycle (SDLC).
• Experienced in incident response and cross–functional coordination.
• Confident supporting tenders and delivering client security assurance.

• Professional certifications such as CISSP, CISM, CISA, or equivalent.
• Experience in or supporting the higher education sector.
• Strong understanding of multi–tenant SaaS security.
• Knowledge of DevSecOps and integrating security in CI/CD pipelines.
• Familiarity with NIST, CIS Controls, OWASP, and other security frameworks.
• Awareness of global data protection and multi–jurisdictional privacy requirements.
• Experience supporting enterprise sales cycles with security expertise and assurance.

• 25 days' holiday plus bank holidays, with additional days awarded for length of service.
• Two paid wellbeing days each year, with a budget to spend quality time doing what matters most to you.
• Enhanced pension contributions to help support your future.
• Two paid volunteering days annually for charity, community, or sustainability initiatives.
• Salary sacrifice schemes for electric vehicles and cycle–to–work.
• 24/7 Employee Assistance Programme offering confidential advice and wellbeing support.
• Annual health check to help you stay at your best.
• Flexible benefits platform with options including life assurance, learning opportunities, retail discounts, and more.
• People–first culture focused on growth, wellbeing, and balance.
• Performance–related bonus recognising your impact and achievements.
• Regular social events and team activities, plus opportunities to join company–wide gatherings and learning forums in the UK and abroad.

If you're an experienced Information Security professional looking to take ownership of security strategy, operations, and compliance in a dynamic SaaS environment, this is the perfect opportunity to make your mark.

If this role isn't right for you, do you know someone that might be interested? You could earn GBP500 of retail vouchers if you refer a successful candidate to Oscar. Email: to recommend someone for this role