Information Security Officer

Plan, implement, upgrade, or monitor security measures for the protection of computer networks and information. May ensure appropriate security controls are in place that will safeguard digital files and vital electronic infrastructure. May respond to computer security breaches and viruses.

Information Security Officer Job Description Template

Our company is looking for a Information Security Officer to join our team.


  • Assist in the development and maintenance of policies, standards and procedures to support the ISMS;
  • Provide support and assistant in preparation for ISO 27k certification;
  • Contribute to formulating the ISMS scope, framework and structure;
  • Assisting the business in gaining and maintaining the ISO/IEC 27001 certification;
  • Develop and document secure processes with the technical teams;
  • Design and implement compliance metrics, KPI reporting;
  • Implement a comprehensive Security Awareness Programmes;
  • Gap Analysis and Process Improvement;
  • Produce written reports, status updates and MI on request to support decision making within the management systems governance programme;
  • Liaise with Technical teams and help to optimise IT process;
  • Produce security risk assessments using formal risk methodologies based on threats;
  • Maintain up-to-date knowledge of ISO standards, threats, countermeasures, best practices, and technologies;
  • ISO 27001 Audit & Implementation.


  • Experience working with large information security awareness programmes with the ability to promote and on-board staff at all levels;
  • Experience completing project work from an information security stand point;
  • Experience working within an information security focussed role;
  • Excellent knowledge of ISO 27001 standards;
  • Good knowledge of PCI DSS standards;
  • Ability to work alone and run with own project workload;
  • Sound knowledge of industry best practices such as OWASP and NCSC guidance;
  • Experience in report writing, policy and standards writing, delivering presentations and developing dashboards/reports;
  • Knowledge of Dev Ops and Dev Sec ops;
  • Able to solve problems identified through audits, risk assessment and incidents;
  • Proven experience in formal risk methodologies, risk management and risk treatment;
  • Proven experience in ISO27001 implementations;
  • Good technical knowledge of network, infrastructure and application security.