Information Security Specialist

The Opportunity

Are you passionate about safeguarding information and driving secure practices in a dynamic global environment? At William Grant and Sons, we’re looking for an Information Security Specialist who will play a pivotal role in protecting our business and brands. This is your chance to join a team where innovation meets heritage, and where your expertise will help maintain the integrity of our iconic portfolio.

What you will be doing

We are looking for an experienced Information Security Specialist to join our team and play a key role in safeguarding our organisation’s digital assets. In this role, you will lead the design, implementation, and ongoing monitoring of information security controls, ensuring alignment with business needs and our Information Security Management System (ISMS).

You will provide dedicated security support across Branded Business Units (BBU) and Owned Distribution Companies (ODC), ensuring adherence to global security frameworks and standards. Managing Vendor Security Assurance Questionnaires (VSAQs) will be a key part of your role, particularly for partners involved in brand marketing campaigns and future retail/eCommerce operations, ensuring that third-party risk processes are effectively applied.

As a trusted advisor, you will review partner solution design documents and conduct risk-based assessments to embed security into marketing and commercial initiatives from the outset. You will also collaborate with regional ODCs to assess local IT infrastructure risks, ensuring alignment with the ISMS and corporate security policies.

Working closely with cross-functional teams, including Architecture and Security Operations, you will ensure seamless coordination across all security domains. Additionally, you will drive cyber awareness and security training initiatives tailored to commercial and marketing teams, fostering a strong security culture across the organisation.

Your expertise will be crucial in providing guidance on regulatory and industry compliance requirements, including ISO 27001, NIST SP 800-53, GDPR, and NIST Cybersecurity Framework (CSF) 2.0. You will also participate in security incident response activities, managing triage and escalation processes in line with internal policies and procedures.

Supporting the Information Security Leader, you will contribute to internal and external investigations where necessary and play an active role in the annual NIST CSF 2.0 maturity assessment process. Additionally, you will help enforce security policies across business units and take ownership of resolving assigned Information Security tickets within Assyst, ensuring timely issue resolution.

About You

You are a proactive and analytical information security professional with a passion for protecting business systems, data, and people. You bring a blend of technical expertise, business understanding, and strong interpersonal skills to help drive security improvements across a diverse organisation.

To succeed in this role, you will bring:

• Proven experience in implementing and managing security frameworks such as ISO 27001, NIST CSF/NIST SP 800-53, and GDPR, ensuring effective compliance and risk management across business units.
• Strong technical skills in designing, implementing, and maintaining security controls that align with organisational goals and the Information Security Management System (ISMS).
• A track record of producing clear, high-quality technical documentation, reports, and security assessments for both technical and non-technical audiences.
• Excellent problem-solving skills with the ability to interpret complex security topics and translate them into practical, actionable insights for commercial and operational teams.
• Strong collaboration skills, with the ability to influence, support, and inspire cross-functional teams to achieve shared security objectives.
• A proactive mindset, focused on continuous improvement, team development, and aligning security initiatives with broader business strategy.
• Experience in conducting third-party security reviews and Vendor Security Assessments (VSAQs), particularly within marketing, eCommerce, or retail partner landscapes.
• Experience designing, running, and analysing phishing simulations and other security awareness activities to improve user resilience and cyber maturity.

What can we offer you?

• We offer a competitive salary and benefits which are designed to promote our employees financial wellbeing. Employees are also eligible to participate in a bonus plan.
• Our employees enjoy a generous holiday entitlement and an opportunity to ‘buy’ or ‘sell’ some holiday entitlement.
• Private Healthcare and (remote GP service).
• Our employees can join a defined contribution pension plan. Employees contribute either 4% or 5% of salary, the company contributes 8% or 10% depending on the employee contribution. Employee contributions can be made through salary sacrifice.
• Our Employee Assistance Programme offers practical, impartial support on everyday matters ranging from medical, financial and legal to home and family issues.
• Our Life Assurance cover is a multiple of eight times your annual basic salary.
• Product allocation so that you can enjoy our fantastic portfolio of brands.
• Our Cycle to Work scheme allows you to hire a bike for an agreed length of time, and then snap it up for a fraction of its original value. All while making savings (at least 25%) and spreading the cost.
• Every employee has the opportunity to claim up to £1,000 per year for a charity or charities for which they have raised money, volunteered their time or personally donated.
• Learning resources to help you be your best self.