About this role
About Us:
HEFESTIS are not-for-profit, member-owned shared service organisation dedicated to providing top-tier cybersecurity solutions to education and public sector clients across the UK. Their mission is to enhance the security posture of their member institutions through a collaborative approach, leveraging their expertise in five key disciplines: Assessment, Governance, Strengthening, Preparing, and Assurance.
Position Overview:
We are seeking a motivated and proactive Information Security Officer (ISO) within a collaborative CISO Office team. The ISO will report directly to the Head of Cyber Security Services (Managing CISO) and will play a critical role in ensuring the security and compliance of their clients’ information systems nationwide. This position requires a self-starter with a growth mindset, a strong background in information security, cyber risk management, client engagement, and a desire to make an impact.
What will your role look like ?
Ready to make a real difference in securing the UK's academic and public sectors?
Engagement Leadership:
Lead and manage information security engagements with multiple academic and public sector clients Collaborate with client stakeholders to understand their security needs and develop tailored solutions
Assessment:
Conduct comprehensive security assessments against national security standards to identify vulnerabilities and risks within client environments Provide actionable recommendations to enhance security posture based on assessment findings
Governance:
Assist clients in developing and implementing information security governance frameworks aligned with industry standards and best practices Support the establishment of security strategy, policies, procedures, and compliance requirements
Strengthening:
Work with clients to develop agreed improvement plans and strengthen their security controls and practices, ensuring effective risk management Facilitate training and awareness programs to promote a culture of security within client organisations
Preparing:
Develop incident response plans and business continuity strategies to prepare clients for potential security incidents Conduct tabletop exercises and simulations to test and refine incident response capabilities
Assurance:
Provide ongoing assurance services to clients, including regular security reviews and audits Monitor and report on the effectiveness of security measures and compliance with policy, frameworks, and regulatory requirements
Qualifications and Experience:
Bachelor’s degree in Information Security, Computer Science, or a related field; Master’s degree preferred Strong background in information security and risk management, with a focus on client engagement (while 10 years is ideal, strong mid-level candidates are encouraged to apply) Relevant certifications such as CISSP, CISM, CISA, C|CISO or equivalent Strong understanding of information security frameworks (e.g., ISO 27001, NIST CSF2, NCSC CAF3, CIS 8.1, CE/CE+) and regulatory requirements incl. UKGDPR Excellent communication and interpersonal skills, with the ability to build relationships with diverse stakeholders Proven experience in leading security assessments and developing security governance frameworks Demonstrable expertise in cyber transformation and operationalisation to drive security excellence Self-motivated with the ability to manage multiple projects and customers independently and deliver results Right to work in the UK and ability to obtain DBS clearance is required
What We Offer:
Competitive Salary. Benefits: Membership of the company pension scheme, access to the company benefits suite including cycle-to-work scheme, retail discounts and gym discounts. Annual leave: 26 days annual leave plus 14 fixed/floating days per annum. Working pattern: Full-time hours are 35.625 hours per week – 9.5 day fortnight working pattern which means every second Friday afternoon off, supporting work-life balance. Strong Team Culture: A friendly environment with regular team communication, ensuring everyone stays well connected and valued. Hybrid working and flexible working environment. Opportunities for professional development and continuous learning. A collaborative and supportive work environment. The chance to work with world-class partners and make a meaningful impact. The chance to make a meaningful impact on the security of academic and public sector institutions.
Application Process:
Interested candidates are invited to submit their CV and covering letter detailing their relevant experience and qualifications via the 'Apply' button above (E:[email protected]) by the 31st January 2026.
HEFESTIS Ltd is an equal opportunity employer and encourages applications from individuals of all backgrounds and experiences.
£55,000 to £85,000 depending on experience