Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or a related field.
A master’s degree in information security, Risk Management, or Compliance is a plus.
Certifications (Highly Valued)
CISSP (Certified Information Systems Security Professional)
CISM (Certified Information Security Manager)
CISA (Certified Information Systems Auditor)
ISO 27001 Lead Auditor / Implementer
CRISC (Certified in Risk and Information Systems Control)
GDPR Certification (e.g., IAPP CIPP/E, CIPM for data protection compliance)
Experience Requirements:
3–5+ years of experience in Information Security, Compliance, or IT Risk Management.
Experience with regulatory frameworks in UK & EU: GDPR (General Data Protection Regulation) ISO 27001 (Information Security Management Systems) Cyber Essentials Plus (UK government-backed security framework) DORA (Digital Operational Resilience Act) – EU financial sector PCI-DSS (if handling payment data)
Experience in:
Managing vendor risk assessments for third-party compliance.
Handling incident response & reporting (e.g., Data Breach Notifications under GDPR).
Key Skills & Technical Knowledge:
Deep understanding of data protection laws (UK GDPR, EU GDPR, DPA 2018).
Familiarity with risk management frameworks like NIST CSF, CIS Controls, and ISO 27005.
Experience with cyber security tools (e.g., SIEM, Malware Protection, Firewalls and others) is a plus.
Strong reporting and communication skills—ability to brief executives and regulators.
Ability to design, implement, and enforce security policies.
Key Responsibilities:
Ensure compliance with GDPR, Cyber Essentials Plus, PCI-DSS, and other applicable standards.
Align ISMS activities with ISO 27001 framework.
Develop and implement security policies, controls, and procedures.
