Information Security Specialist

Permanent - Up to -75k + strong benefits

Location: Hybrid - Leatherhead

Your new company:

A leading construction and development company in Surrey is currently looking for an Information Security Specialist to come in and support the existing IT Security Manager to improve and maintain their governance, risk and compliance (GRC) capability and help us continually improve our ISO 27001 Information Security Management System (ISMS). The role is full-time, with a hybrid working pattern usually around 2/3 days a week in the office in Leatherhead.

Role responsibilities:

You will be supporting the IT Security Manager across a broad variety of work. You''ll apply hands-on expertise across both public and private sector programmes-particularly UK government and construction.

• Own and improve our ISMS: Develop, implement and maintain our ISO 27001 aligned ISMS, report on control effectiveness and drive continuous improvement.
• Run regular security risk assessments and gap analyses to identify vulnerabilities in policies, procedures and configurations, and track remediation.
• Create and maintain security policies, procedures and controls tailored to construction and government-related projects.
• Act as the primary liaison to project teams, Build Asset Security Managers and Information Controllers-especially on UK government contracts.
• Lead audits and reviews to confirm conformance with Wates Professional Standards.
• Deliver guidance and training on security best practice and supply chain compliance across teams and functions.
• Conduct supplier due diligence and security assessments, ensuring appropriate third-party controls.
• Provide monthly Key Risk Indicator (KRI) reporting to the IT Security Manager.

You will need:

• Technical skills and strong communication skills
• Experience with UK government security requirements and procurement processes.
• Understanding of construction industry security risks and regulation.
• Willingness to get stuck in and converse with other business departments.
• ISO 27001 Lead Implementer or Lead Auditor (mandatory). CISM/CISM would be beneficial but not mandatory.
• Strong GRC background with proven delivery of ISO 27001 compliant ISMS.
• Broad knowledge of security frameworks and best practice.
• Good analytical skills
• Highly organised and able to implement and manage robust governance processes.
• To undergo a BPSS, and potentially SC security check.

What you''ll get in return:

This role is available for hybrid working with a typical requirement to work 2 or 3 days per week in the Leatherhead office. Salary up to the -75k mark.

• 26 days holiday plus bank holidays
• 8% pension employers'' contribution
• Training budgets
• PMI
• Strong maternity and paternity benefits.
• And more!

Hays Specialist Recruitment Limited acts as an employment agency for permanent recruitment and employment business for the supply of temporary workers. By applying for this job you accept the T&C''s, Privacy Policy and Disclaimers which can be found at (url removed)