Information Security Officer

5+ years’ experience in Information Security, ideally within a fast-paced technology or financial services industry. Strong working knowledge of frameworks such as ISO27001, ISO22301, SOC 1, SOC 2, NIST, and GDPR. Proven experience developing, implementing, and improving information security policies, standards, and controls aligned to recognised frameworks. Hands-on experience conducting audits, risk assessments, and business impact analyses. Hands-on experience with vulnerability management within a complex and dynamic cloud environment. Broad understanding of cloud security. Excellent communication and stakeholder engagement skills, with the confidence to influence at all levels of the organisation. Analytical mindset with a focus on continual improvement and measurable outcomes. Security-related qualifications such as CISSP, CISM, CISA, or ISO27001 Lead Implementer/Auditor (Desirable). Experience leading certification and attestation programmes such as ISO27001, ISO22301 or SOC 2 (Desirable). Experience operating in regulated or high-availability environments such as financial services, payments, or critical infrastructure (Desirable). Familiarity with GRC tooling and automation to streamline compliance, risk, and control management activities (Desirable).

Apply expert knowledge of security frameworks and controls (NIST, ISO22301, ISO27001, ISO27017/18, ISAE3000/SOC2, GDPR) to support security governance. Support the development, maintenance, and continual improvement of the ISMS and BCMS. Assist in drafting and maintaining Information Security Policies and ensure alignment with business and customer requirements. Contribute to the planning and execution of external audits, engaging directly with auditors and customers. Monitor and report on adherence to security controls across all areas of the business via risk assessments and internal audits. Assess and support the remediation of information security risks, non-conformities, and issues across systems and services. Support vulnerability management processes, from triage and tracking to remediation reporting, in partnership with Offensive Security and Engineering teams. Conduct vendor and third-party security assessments, ensuring suppliers meet Form3’s security and compliance requirements. Partner with the Defensive Engineering team to ensure security requirements are built into product developments. Deliver and enhance security awareness and training initiatives to promote a strong security culture across Form3. Collaborate with the Security Operations team to maintain situational awareness of emerging threats and vulnerabilities, ensuring timely escalation and risk-based response.