Security and Compliance Officer

Role: Security & Compliance Officer
Salary: £30,000 - £35,000
Location: Bridewell operates a hybrid and flexible working policy, however you will be required to travel to different sites on occasion.

About Bridewell

One of the most exciting prospects in the UK cyber security sector today, Bridewell is a leading cyber security services company specialising in protecting and transforming critical business functions for some of the world's most trusted organisations. We are the trusted partner for operators of essential services and provide end-to-end cyber security capabilities that help our clients overcome their security challenges, allowing them to operate safely and securely.

Bridewell holds the Gold level, Investors in People award which we feel solidifies and reflects on the outstanding calibre that makes us truly one team.

Who are we looking for?

This is an opportunity for someone, ideally with experience of ISO standards and compliance to truly own and shape something of strategic importance to our organisation. You will be supported by wider teams, which have a vast array of deep expertise in multiple domains, so this also a great opportunity to grow within the role if desirable.

What you'll be doing

This role will focus on the BMS which is certified to ISO 27001, ISO 9001 and ISO 27701 and forms the basis for our SOC2 and Cyber Essentials Plus accreditations. The role will support the Security and Compliance Manager to ensure that Bridewell's accreditation portfolio is maintained.

• Support the delivery of Bridewell's Business Management System (BMS) from a people, process and technology perspective, working closely with key stakeholders across the business.
• Support the preparation of evidential artefacts for external auditors and partners in relation to Bridewell's accreditation portfolio incl. oversight of a central evidence repository to streamline this process.
• Maintain visibility of BMS activities and progress against goals and objectives by ensuring that the tracking is updated weekly and monthly.
• Support the management of privacy processes incl. oversight of DPIA's/RoPAs, reporting on status of completion and providing security input and support to Bridewell's Data Protection Officer as required.
• Maintain quality processes incl. working with the business to ensure critical processes are defined and documented and managing quality metrics definition and monitoring.
• Operate and maintain Bridewell's BMS framework including coordination of the internal audit schedule, interested parties' needs and expectations and legal and regulatory requirements, for example.
• Maintain all policies, procedures and standards to meet industry requirements (where relevant) and ensure these are reviewed in line with the requirements of Bridewell's BMS.
• Ensure all employees follow the required BMS processes consistently, including delivering training and championing BMS initiatives.
• Support the delivery of the Security and Risk Working Group and other governance forums, including managing actions and activity tracking.
• Conduct internal audits in line with agreed schedule and manage remediation and/or nonconformance.
• To proactively identify areas for improvement within the business, utilising the understanding of the business operations to ensure that the compliance recommendations support the business activities in a pragmatic way and improve the quality and/or security within the business.
• Record and manage any non-conformances and work with the wider business teams on relevant improvements.

You will need to have experience in:

It is critical that the Security and Compliance Officer has the right attitude and behaviours to succeed in this role which include having excellent organisational skills, being proactive and take pride in everything they do.

• Have experience of operating an Information Security Management System (ISO 27001) or generally managing and delivering on cyber security initiatives incl. controls design (SOC 2 etc.).
• Be highly organised and proactive in terms of the delivery of tasks and activities that support effective outcomes.
• Be a good communicator, listening effectively with strong written and verbal communications skills.
• Ability to pay close attention to detail, meet deadlines and remain composed when dealing with stakeholders.
• Have, or be willing to, develop good technical problem-solving skills and strong analytical and investigative skills.
• Demonstrate an inquisitive mindset that is focused around asking questions and continually learning.

Desirable (but not essential)

• Understanding of security frameworks e.g., ISO 27001, NIST CSF, PCI DSS and GDPR.
• Experience of risk assessment and management techniques.
• CISSP, CISM, CISA, or CCSK Certified
• Knowledge of Microsoft 365 and/or Azure
• ISO 27001 Lead Implementer/Auditor Certified

What's in it for you?

Our vision is to create a safe, inclusive digital world where people and organisations can thrive. Our values of Do the Right Thing, One Team and Above and Beyond emphasises the importance of the part we play in society, and our commitment to our people and clients. Our story to-date has been phenomenal, but success doesn't end here and as we continue to grow and scale, we want to keep the same culture, passion and commitment to high quality that has enabled us to get this far. Bridewell will provide a great career opportunity with continual development as well as the following:

• 25 Days Holiday - Plus buy and sell options
• Flexible Working (around core office hours)
• Performance Incentive Bonus
• Company Pension
• Employee Shareholder Scheme
• Personal Day & Birthday Off - After 1 year of service
• Family Leave - After 1 year of service
• Enhanced Maternity based on length of service
• Dedicated Training Budget
• Life Assurance
• Electric Vehicle Scheme & Cycle to Work Scheme
• Private Healthcare (incl. Gym discounts and vison care)

Location: Bridewell operates a hybrid and flexible working policy, however you will be required to travel to different sites on occasion.

Note: To be eligible for this job you must either hold SC or be eligible and willing to go through security clearance.

Bridewell values diversity in the workplace and is a fair and equal opportunity employer. We are committed to creating an equal and inclusive working environment, with the aim that our employees will be truly representative of all sections of society and each person feels respected and able to give their best.