Head of Information Security

London, Nottingham or Home Based

£75,000 - £85000


Full Time


This is a full-time, permanent role located in either our London or Nottingham office or can be home based. The annual salary is based upon location. London - up to £85,000 DOE, Nottingham - up to £80,000 DOE, Home Based - up to £75,000 DOE including 10% variable bonus and benefits. We are currently running a virtual office for the foreseeable future. Our recruitment drive is continuing with new hires joining us using our remote working capabilities, with all interviews being conducted via Microsoft TEAMS. We ask candidates have access to a webcam etc. for them to be able to attend interviews.

Job Purpose and Scope

ElectraLink manages complex technology for external stakeholders and to manage its business operations, enabling staff to collaborate effectively.  In addition ElectraLink has accountability for the responsible management of large data sets on behalf of the energy market, including data covered by legislation such as GDPR.  The security of data and information is therefore a key business priority for ElectraLink.

The Head of Information Security will serve as the business leader responsible for the development, implementation and management of ElectraLink’s security vision, strategy and programs. They will identify, develop, implement and maintain security processes across the organisation to reduce risks, respond to incidents, and limit exposure to liability in all areas of information and data security.

In order to achieve the above, the Head of Information Security will remain technically current and appraised of the latest security standards.  They will participate in peer led forums / groups and promote security best practice and innovation across ElectraLink, as well as externally to the company.

Direct Reports / Team Operation

Direct Reports  :  None to start with;  Over time it is anticipated that the role holder will need to build a small, focused team, as well as engage with 3rd parties to contract services to provide expertise and capability, sometimes at short notice to support security incident investigation and remediation.

The job holder will work closely with the ElectraLink internal operational and programme delivery teams to ensure that security is properly considered in as part of product or service design and that appropriate security governance, controls and measures are in place to ensure secure day to day operation.

Main purpose of job

To ensure that Electralink’s data assets are appropriately secured, owning and providing day to day management for all data and information Security systems, applications, policies and processes.

Develop and maintain security standards and procedures for ElectraLink and will define and execute security awareness programs required for staff to follow these standards.

Perform security risk assessments where needed, providing guidance on the implementation of all projects with information security implications across the company.

Implement and maintain KPIs and metrics to allow the monitoring of compliance with security policies and procedures against industry standard/best practice.

Maintain awareness of developments in the general security threat landscape for the energy industry; ensuring that the changing security threat landscape for ElectraLink is communicated to the Senior Management Team.

Carry out full security audits (internal and external with relevant suppliers) and ensure compliance and best practice is adhered to.

Act as a key stakeholder in the identification of cyber security risk and the design and introduction of appropriate controls and mitigation.

Management of cyber and data security incidents.

Supporting the implementation of security culture and embedding of security controls into business change and processes.

Driving security awareness and education throughout the business units. Win hearts and minds and maintain a security culture

Supporting Security Solution engagement in Change Programs

Principal Skills and Experience

Key skills :-

  • Educated to degree level or equivalent and qualified in generalist security disciplines (such as CISSP, CISA or CISM)
  • At least 5 years’ experience of working within a senior security role.
  • Experience of working in a utilities industry or another regulated market would be preferable
  • Good understanding of relevant security standards (e.g. ISO 27001, PAS 99 Management System, NIS Directive, GDPR  etc).
  • Experience in Data Leakage prevention
  • Experience of working with public and/or hybrid cloud environments
  • Broad IT security management knowledge, skills and experience – including appropriate tools, processes and policies to maintain cyber security
  • Detailed knowledge and understanding of legislative issues (Data Protection, Human Rights, Employment and Equal Opportunities regulations).
  • Good understanding of relevant security standards (e.g. ISO 27001, PAS 99 Management System, NIS Directive, GDPR  etc).
  • Experience in developing and delivering a organisation-wide security related strategy
  • Experience of conducting security based investigations and the management of such inquiries.
  • Experience of dealing with police and government agencies (e.g. the security services, the ICO, Ofgem) would be an advantage.

Key characteristics:

  • The role holder must be self-motivated, able to work on their own initiative and liaise effectively with professional staff and customers throughout the business
  • Excellent time management skills with the ability to work under pressure to tight deadlines.
  • Excellent inter-personal skills, and with the gravitas to manage, coach and direct personnel at all levels within both the ElectraLink business & external companies
  • Proven ability to gain credibility with, persuade and influence Executive, Board and operational managers and other key stakeholders.
  • Able to operate calmly and effectively in complex and challenging tasks, such as major or sensitive incidents
  • Excellent oral and written communication skills.

Recruitment Privacy Notice

As part of our recruitment process ElectraLink Ltd collects and processes personal data relating to applicants and potential employees. May we request applicants familiarise themselves with the contents of our Recruitment Privacy Notice by utilising the link below or this URL

How to Apply

Please apply to this position by utilising the “Apply Now” link below. You will be able to apply via email attaching your CV and any other documents you feel might strengthen your application.

Recruitment Privacy Notice

Apply Now