Information Security Officer

Job Type: Full Time

The Role

The main purposes of this role include:

• To have primary responsibility for data and information security within Amberjack and across all of its processes, technical systems and solutions where data information is handled
• To lead on the implementation and operational management of effective technology solutions that prevent internal and external malicious users from compromising data integrity
• To protect Amberjack's information, whilst supporting colleagues, clients and the company’s strategic objectives
• To be the face of Data and Information Security both internally and externally supporting clients and managing enquiries on data and information security issues, completing security questionnaires for potential clients and providing responses to security audit requests from existing clients
• To raise the awareness and standards within the business around the use, management and storage of data and information

Responsibilities of the role include:

• Develop, implement and enforce suitable and relevant information security policies, ensuring that these are compliant with the General Data Protection Regulations 2018 and other legislation and regulations related to information security
• Participate in the selection and configuration of appropriate hardware devices such as routers and firewalls to ensure that data and information is sufficiently protected
• Monitor software applications that manage credentials and the filtering of network traffic to avoid unwanted intrusions
• Develop and implement, together with suitable materials, an information security awareness and training programme including guidelines regarding how to avoid data corruption, loss and exposure
• Manage an Information Security Management System for Amberjack
• Develop security procedures and standards for the back-up of critical information to physical and cloud-based devices; defining differing security levels and user credentials as appropriate, developing and monitoring test recovery procedures
• Ensure adherence across the business to strict privacy guidelines regarding the processing of sensitive information
• Arrange penetration testing and vulnerability checks owning the programme of work to resolve any weakness identified
• Review software and hardware architecture and advise on areas of weakness that require addressing
• Investigate suspected and actual breaches of security, ensuring prompt escalation of issues to senior management, undertaking reporting/remedial actions as required, including proposing innovative solutions
• Maintain a log of any incidents and remedial recommendations and actions.
• Management of Disaster Recovery/Business Continuity Plan and regular testing
• Create infrastructure security checks to deter hackers, spyware, malware and cyber threats
• Regular reporting and presentation of key management information and progress reports as required
• Reviewing all technology projects to advise on security considerations
• Monitoring system logs identifying potential incidents and attempted threats to Amberjack’s data and information
• Ensuring that patching is regularly undertaken, maintaining logs and records
• Ownership and management of Amberjack’s Change Management Process
• Maintain awareness and education of cyber threats and security enhancing technologies, briefing the business accordingly

Who we're looking for

We are looking for someone with the following qualifications, knowledge, and skills:


• Degree - ideally in Information Technology/Systems
• Relevant professional qualification – CISSP or CISM preferred


• Minimum of 10 years broad IT experience preferably with 5 years in an infrastructure engineering role, and at least 4 of which has been in a security role
• An understanding of the following technologies is required for managing & supporting our security tools: vulnerability scanners (e.g. Nessus), SIEM / logging and monitoring tools (e.g. Graylog), email security tools (e.g. Mimecast), and privileged access management solutions (e.g. BeyondTrust Password Safe)
• A thorough understanding of Windows Operating Systems and in-depth knowledge of securing Active Directory and configuring Group Policies, plus familiarity with using the Linux command shell
• An understanding of IP routing, subnetting and a general awareness of routing / switching. Configuration and troubleshooting of firewalls and VPNs, especially SonicWall and Fortinet
• Experience of working with virtual machines hosted in Virtual Private Clouds is required, and experience of using Azure would be beneficial
• An awareness of other technologies used including, Symantec Endpoint Protection for antivirus, Desktop Central for patch management and Manage Engine MDM for mobile device management.
• Broad awareness of hardware/software, standards, security products and Cyber Threats
• Good working knowledge of quality assurance principles and practices
• Up to date knowledge of GDPR and computer-related legislation
• Implementation and management of ISO 27001
• Designing and undertaking information security audits
• Security incident management, investigation and reporting
• Development of data and information classifications
• Data and information risk management
• Relevant experience gained in a highly regulated environment is desirable


• Works methodically through high pressured situations
• Actively takes responsibility for important decisions
• Strong advocate with a passion for data and information security
• Highlights errors to be dealt with quickly
• Solves problems with pioneering solutions
• Enthusiastically explores how processes can be improved to our benefit
• Easily translates technical jargon for others
• Naturally builds strong relationships
• Has a naturally analytical mindset
• Demonstrates expert levels of professional knowledge
• Excellent verbal, presentation and written skills

How to Apply

Please apply by emailing Please do not use the form below as your application may not be seen.

Apply Below

Max. file size: 128 MB.

Amberjack helps future focused organisations bridge the gap between today and tomorrow.

Are you ready to build a workforce for the Future?

Scroll to Top