Information Security & Compliance Officer

Information Security & Compliance Officer

Location: London - hybrid (3 days a week onsite)

Salary: £50-60k DOE + company benefits

Our client is looking for an Information Security & Compliance Officer to help strengthen and scale their organisation’s security posture. This is the first role within their internal security function, where you’ll coordinate security activities across the business, support compliance initiatives, and act as the key liaison between internal teams, our outsourced Security Operations Centre (SOC), and Virtual CISO.

You’ll play a vital role in embedding governance, risk, and compliance (GRC) frameworks, helping mature security capabilities while enabling the business to operate securely and efficiently.

• Act as the primary internal contact for outsourced SOC provider
• Monitor and coordinate responses to alerts from Microsoft Sentinel & Defender
• Support incident response and internal communications
• Track and ensure remediation of vulnerabilities and security incidents
• Support implementation of frameworks such as ISO 27001, Cyber Essentials Plus, NIST, and CIS
• Develop and maintain security policies, standards, and procedures
• Conduct risk assessments and track mitigation actions
• Coordinate internal and external audits
• Work closely with governance teams to align on strategic initiatives

• Lead the rollout and ongoing management of a TPRM programme
• Conduct vendor security assessments and due diligence
• Maintain supplier risk registers and track remediation
• Partner with procurement and legal to embed security into supplier onboarding

• Support organisation-wide security awareness and training
• Promote best practices across IT, engineering, and business teams
• Maintain risk registers and compliance documentation
• Deliver reporting and insights on security posture to leadership

• Support compliance and security improvement programmes
• Collaborate with the Virtual CISO on strategic initiatives
• Assist with policy development and control implementation
• Contribute to vulnerability management efforts
• Support responses to client security questionnaires and audits
• 3–5 years in information security, IT security, or compliance
• Strong understanding of GRC principles
• Experience with Microsoft security tools (Sentinel, Defender, Microsoft Security Stack)
• Familiarity with frameworks such as ISO 27001, NIST, CIS, Cyber Essentials
• Experience assessing third‑party/vendor risk
• Excellent stakeholder management and communication skills
• Ability to translate security requirements into practical business outcomes
• Experience working with outsourced SOC providers
• Hands‑on involvement with TPRM programmes
• Experience supporting ISO 27001 certification or audits

You’ll have the opportunity to shape and influence our security strategy, working across the organisation to build a strong, scalable, and business‑aligned security function.