About Us:
HEFESTIS is a not-for-profit, member-owned shared services organization committed to delivering top-notch cybersecurity solutions tailored to education and public sector clients across the UK. With a mission to elevate the security of its member institutions, HEFESTIS adopts a collaborative approach and applies expertise across five key areas: Assessment, Governance, Strengthening, Preparing, and Assurance.
Position Overview:
We are seeking a driven and proactive Information Security Officer (ISO) to join our dynamic CISO Office team. Reporting directly to the Head of Cyber Security Services (Managing CISO), the ISO will play a pivotal role in ensuring the security and compliance of information systems for clients nationwide. The role requires a self-motivated individual with a growth mindset, strong technical expertise in information security, cyber risk management, client engagement, and a passion for making a measurable impact.
What Will Your Role Look Like?
Are you ready to take on an impactful role in securing the UK’s education and public sector landscape?
Engagement Leadership:
- Lead and manage information security programs for multiple academic and public sector clients.
- Work collaboratively with client stakeholders to understand their security needs and create tailored solutions.
Assessment:
- Conduct in-depth security assessments aligned with national security standards to identify risks and vulnerabilities within client environments.
- Deliver actionable recommendations to strengthen security posture.
Governance:
- Assist clients in developing and implementing information security governance frameworks in line with best practices and industry standards.
- Support the rollout of security strategies, policies, procedures, and compliance requirements.
Strengthening:
- Collaborate with clients to create improvement plans and enhance their security controls and practices, contributing to effective risk management.
- Lead training and awareness sessions to foster a security-focused mindset within client organizations.
Preparing:
- Develop incident response plans and business continuity strategies, enabling clients to respond to security threats effectively.
- Conduct simulations and tabletop exercises to refine incident response capabilities.
Assurance:
- Deliver ongoing assurance services through regular security reviews and audits.
- Evaluate and report on the efficacy of security measures and compliance with relevant policies, frameworks, and regulations.
Qualifications and Experience:
- A Bachelor’s degree in Information Security, Computer Science, or a related field (Master’s degree preferred).
- Solid expertise in information security and risk management, particularly in client-facing roles (ideal candidates will have 10 years of experience, though strong mid-level applicants are encouraged to apply).
- Certifications such as CISSP, CISM, CISA, C|CISO, or similar.
- Comprehensive understanding of security frameworks, including ISO 27001, NIST CSF2, NCSC CAF3, CIS 8.1, CE/CE , and UK GDPR compliance.
- Excellent communication and interpersonal skills, with a proven ability to build relationships across diverse audiences.
- Strong experience in conducting security assessments and establishing governance frameworks.
- Demonstrated expertise in driving cyber transformation and embedding operational security excellence.
- A self-starter capable of managing multiple projects and clients, delivering impactful results independently.
- Eligibility to work in the UK and the ability to obtain DBS clearance.
What We Offer:
- Competitive Salary: Tailored to attract top talent.
- Benefits Package: Includes membership in the company pension scheme, cycle-to-work savings, retail discounts, and gym memberships.
- Generous Holiday Allowance: 26 days annual leave plus 14 fixed/floating days per year.
- Work Pattern: Enjoy a 35.625-hour workweek with a 9.5-day fortnight working arrangement, offering alternate Friday afternoons off for a better work-life balance.
- Team Culture: A friendly and inclusive environment that prioritizes regular communication and fosters connection among team members.
- Work Flexibility: Hybrid and adaptable working arrangements to suit individual needs.
- Professional Development: Access to continuous learning opportunities and career development pathways.
- Collaborative Work Environment: Join a supportive organization focused on creating meaningful change.
- Mission Impact: Contribute to enhancing the cybersecurity of public sector and academic organizations across the UK.
Application Process:
Interested candidates should submit their CV and a cover letter outlining relevant qualifications and experience via the ‘Apply’ button above or email [email protected]. Applications close on 16th January 2026.
HEFESTIS Ltd is committed to fostering diversity and inclusion and welcomes applications from individuals of all backgrounds