Information Security Officer

🔒 Confidential Employer
Posted 7 May 2026
LOCATION
Leeds
TYPE
Full-time
LEVEL
Mid-Senior level
SALARY
£57,000 / year
CATEGORY
Cyber Security
This employer holds a UK Home Office sponsor license — sponsorship for this specific role is at the employer’s discretion

SKILLS

ISO 27001 ISO 27002 Information Security Management System (ISMS) Risk Management Cyber Essentials Plus GDPR Compliance Supplier Assurance Security Awareness Training

FULL DESCRIPTION

Information Security Officer

[Employer hidden — sign up to reveal] is seeking an experienced Information Security Officer to own and further develop the firm's information security governance, risk and compliance framework. Building on an established ISO 27001‑certified environment, this role offers genuine scope to streamline, refine and enhance existing approaches, allowing you to put your own stamp on how information security operates within a modern law firm. Working closely with the wider IT team and Risk and Compliance, you will act as a trusted adviser to senior stakeholders, embedding practical, risk‑based security into day‑to‑day business activities.

You will oversee information security risk management, client and regulatory assurance, supplier security and security awareness across the firm. This is a role with real autonomy and is ideal for someone who enjoys ownership, influence and the opportunity to shape and grow a function as the firm continues to evolve.

Key Responsibilities

  • Governance & Policy: Own and maintain the firm's information security governance framework; define, draft and maintain policies, standards and procedures; embed security‑by‑design principles.
  • Compliance & Assurance: Own and operate the ISMS in line with ISO 27001/27002; lead ISO 27001 audits; maintain Cyber Essentials Plus; coordinate internal reviews.
  • Client & Regulatory Assurance: Primary contact for client security questionnaires and audits; support regulatory and contractual obligations.
  • Risk Management: Lead identification and assessment of information security risks; maintain risk register; work with stakeholders on risk treatments.
  • Third‑Party & Supplier Assurance: Define approach to third‑party security assurance; support due diligence; act as product owner for supplier management system.
  • Security Awareness & Culture: Design and oversee awareness and training programme; promote a security‑conscious culture.

Qualifications & Experience

  • Proven experience in an Information Security / GRC role with responsibility for governance, risk and compliance.
  • Certified ISO Lead Implementer/Auditor with strong knowledge of ISO 27001/27002 in a regulated environment.
  • Experience supporting Cyber Essentials Plus or similar frameworks.
  • Good understanding of GDPR and data protection principles.
  • Experience working with non‑technical stakeholders and translating security requirements into practical controls.
  • Strong influencing, stakeholder management and communication skills.

Benefits

  • Salary up to £57,000 per annum, depending on experience
  • Earn up to 10% of your salary with our annual bonus scheme.
  • Minimum 25 days annual leave plus Bank Holidays, increasing to 31 days with service, plus option to buy up to 5 extra days.
  • Hybrid working with on average 40-60% of your time spent in the office.
  • Auto-enrolled into workplace pension with minimum 6% employer contribution.
  • 4x your annual salary death in service benefit.

Find out more about working at [Employer hidden — sign up to reveal] here. [Employer hidden — sign up to reveal] is committed to being an inclusive employer. If you need any reasonable adjustments, please let us know.

Apply via the Apply Today button.

Sign up free — access 45,000+ UK sponsor-licensed jobs