Information Security Assurance Officer

A financial institution in London is looking for an experienced Information Security Assurance Officer (ISAO) to join their Risk team. This important second-line role is responsible for identifying, assessing, and managing cyber and information risks across the organisation, while supporting the development and strengthening of the institution's cyber assurance framework.

This role presents a great opportunity for a skilled professional with a background in regulated industries to contribute to the growth of security governance, policy development, and incident response in a high-trust, fast-paced environment.

• Act as a subject matter expert on information security, advising business units on the security implications of new initiatives, systems, and projects.

• Review and assist with the resolution of security risks identified through audits, assessments, and internal reviews.

• Develop and maintain comprehensive information security governance documents, such as policies, standards, and frameworks.

• Lead and deliver ongoing cybersecurity awareness and training for staff.

• Collaborate with Security Engineering, Operations, and Business Resilience teams to implement security controls.

• Support the design and implementation of security measures in both on-premise and cloud environments.

• Contribute to the annual planning and budgeting for the information security function.

• Assist with cyber incident response activities and engage with third-party vendors on security tools and technologies.

Essential:

• At least 5 years of experience in Information Security, ideally within a regulated UK sector such as financial services, insurance, or energy.

• Relevant professional certifications (CISSP, CISM, or similar), either obtained or in progress.

• Strong technical knowledge across information security, IT systems, and software development.

• Familiarity with frameworks such as NIST CSF and awareness of common cyber threats (e.g., OWASP).

• Excellent analytical, problem-solving, and documentation skills.

• Ability to work independently while also collaborating effectively with teams.

Desirable:

• Knowledge of regulatory frameworks like ISO 27001, SOC2, PCI DSS, and GDPR.

• Experience in cyber incident response.

• Hands-on experience with information security tools and technologies.