Information Security Officer

About Us:

HEFESTIS are not-for-profit, member-owned shared service organisation dedicated to providing top-tier cybersecurity solutions to education and public sector clients across the UK. Their mission is to enhance the security posture of their member institutions through a collaborative approach, leveraging their expertise in five key disciplines: Assessment, Governance, Strengthening, Preparing, and Assurance. 

Position Overview:

We are seeking a motivated and proactive Information Security Officer (ISO) within a collaborative CISO Office team. The ISO will report directly to the Head of Cyber Security Services (Managing CISO) and will play a critical role in ensuring the security and compliance of their clients’ information systems nationwide. This position requires a self-starter with a growth mindset, a strong background in information security, cyber risk management, client engagement, and a desire to make an impact. 

What will your role look like ?

Ready to make a real difference in securing the UK's academic and public sectors? 

Engagement Leadership:

• Lead and manage information security engagements with multiple academic and public sector clients
• Collaborate with client stakeholders to understand their security needs and develop tailored solutions

Assessment:

• Conduct comprehensive security assessments against national security standards to identify vulnerabilities and risks within client environments
• Provide actionable recommendations to enhance security posture based on assessment findings

Governance:

• Assist clients in developing and implementing information security governance frameworks aligned with industry standards and best practices
• Support the establishment of security strategy, policies, procedures, and compliance requirements

Strengthening:

• Work with clients to develop agreed improvement plans and strengthen their security controls and practices, ensuring effective risk management
• Facilitate training and awareness programs to promote a culture of security within client organisations

Preparing:

• Develop incident response plans and business continuity strategies to prepare clients for potential security incidents
• Conduct tabletop exercises and simulations to test and refine incident response capabilities

Assurance:

• Provide ongoing assurance services to clients, including regular security reviews and audits
• Monitor and report on the effectiveness of security measures and compliance with policy, frameworks, and regulatory requirements 

Qualifications and Experience:

• Bachelor’s degree in Information Security, Computer Science, or a related field; Master’s degree preferred
• Strong background in information security and risk management, with a focus on client engagement (while 10 years is ideal, strong mid-level candidates are encouraged to apply)
• Relevant certifications such as CISSP, CISM, CISA, C|CISO or equivalent
• Strong understanding of information security frameworks (e.g., ISO 27001, NIST CSF2, NCSC CAF3, CIS 8.1, CE/CE+) and regulatory requirements incl. UKGDPR
• Excellent communication and interpersonal skills, with the ability to build relationships with diverse stakeholders
• Proven experience in leading security assessments and developing security governance frameworks
• Demonstrable expertise in cyber transformation and operationalisation to drive security excellence
• Self-motivated with the ability to manage multiple projects and customers independently and deliver results
• Right to work in the UK and ability to obtain DBS clearance is required 

What We Offer:

• Competitive Salary.
• Benefits: Membership of the company pension scheme, access to the company benefits suite including cycle-to-work scheme, retail discounts and gym discounts.
• Annual leave: 26 days annual leave plus 14 fixed/floating days per annum.
• Working pattern: Full-time hours are 35.625 hours per week – 9.5 day fortnight working pattern which means every second Friday afternoon off, supporting work-life balance.
• Strong Team Culture: A friendly environment with regular team communication, ensuring everyone stays well connected and valued.
• Hybrid working and flexible working environment.
• Opportunities for professional development and continuous learning.
• A collaborative and supportive work environment.
• The chance to work with world-class partners and make a meaningful impact.
• The chance to make a meaningful impact on the security of academic and public sector institutions. 

Application Process:

Interested candidates are invited to submit their CV and covering letter detailing their relevant experience and qualifications via the 'Apply' button above (E:jobs@hefestis.ac.uk) by the 16^th January 2026.

HEFESTIS Ltd is an equal opportunity employer and encourages applications from individuals of all backgrounds and experiences.