Bridewell is one of the most exciting, fastest growing Cyber Security services businesses, with a strong track record for delivering complex projects and providing excellent customer service. Bridewell has an exciting and varied portfolio of clients across Critical Infrastructure and Financial Services. Bridewell supports its clients by providing a holistic set of transformational and managed services across Cyber Security, Managed Security Services, Penetration Testing and Data Privacy. Bridewell is certified by the National Cyber Security Centre (NCSC), CREST, CAA ASSURE Cyber Company, IASME and is a PCI DSS QSA company. Operating as a highly accredited cyber security services company provides assurance to our customers regarding our methodologies and enables us to focus on supporting highly regulated industries.

Bridewell’s vision is to create a safer, inclusive digital world where people and organisations can thrive, which emphasises the importance of the part we play in society, and our commitment to our people. Bridewell is a multiple award-winning company, winning awards such as Cyber Business of the Year at The National Cyber Awards.

Finally, the efforts Bridewell has made with its people and culture have been recognised and we currently hold Silver accreditation for Investors in People, have been shortlisted as ‘Employer of the Year’ by the Investors in People Awards and have a five-star Glassdoor rating. Bridewell are passionate about developing its people and the successful candidate will be offered world leading training, underpinned by a supportive team of experts that are focussed on ensuring you succeed.

The Opportunity

Bridewell is looking for an internal Security & Compliance Officer to deliver and manage our Business Management System (BMS) and associated certifications.

This is a new and exciting role within Bridewell, where you will get the chance to meet and engage with all areas of the organisation. At Bridewell we are passionate about demonstrating our capabilities and commitments to our clients and as such, we are one of the most accredited organisations within the UK. The role will focus on the BMS which is certified against ISO27001, ISO9001, ISO27701, SOC2 and Cyber Essentials Plus and the l successful candidate will ensure that the accreditations are maintained and where required, integrate new standards.

This is an opportunity for someone, ideally with experience of ISO standards and compliance to truly own and shape something of strategic importance to our organisation. You will be supported by wider teams, which have a vast array of deep expertise in multiple domains, so this also a great opportunity to grow within the role if desirable.

The successful candidate will report directly to Bridewell’s Head of Operations and will engage with Board members as and when required.

Responsibilities

As a Security & Compliance Officer, you will operate within a dynamic and diverse working environment where you will be expected to:

• Own and manage Bridewell’s BMS Management System from a People, Process and Technology perspective, working closely with key stakeholders across the business.
• Be the primary point of contact for and manage all external auditors and partners in relation to Bridewell’s accreditations.
• Undertake risk assessments of the organisation and manage the ongoing reviewing and remediation process.
• Ensure all Policies, Procedures and Standards are reviewed, aligned with best practice, meet industry requirements where relevant and remain relevant to Bridewell’s operating context.
• Ensure all employees follow the required ISO processes consistently, including delivering training, undertaking internal audits and engaging with the business functions to ensure that the documentation is up to date.
• Report on any non-conformances and work with the management team on continuous improvement.
• Coordinate and own supplier assurance activities, working closely with Bridewell’s Data Protection Officer, Administration and IT Departments.
• Creation, maintenance and management of annual and periodic awareness training to reduce risk and support Bridewell’s accreditations.
• Own the process and response to client requests for information, as part of due diligence and/or audit activity.
• Develop and manage formal roles and responsibilities for Bridewell’s compliance activities, ensuring all stakeholders are aware of their responsibilities and are able to fulfil them.
• Support the sales function with information related to our BMS and accreditations when required for bids.
• Provide periodic reporting on Bridewell’s compliance position, including key performance indicators under an agreed frequency.
• Work with Bridewell’s Learning Management System to ensure compliance requirements are met.
• Prepare and ensure that all evidence requirements are present and stakeholders are made available for certification audits, ensuring Bridewell remains certified.
• As deemed appropriate by Bridewell, either manage or support the delivery of List X and List N Status.
• Attend Bridewell Company events, which provide excellent opportunities to meet new people and grow your network within the company.
• Learn about Bridewell’s company values and how these can drive behaviours to be successful in the role.
• Be able to travel, as and when required across the UK.

Candidate Requirements

We’re looking to ensure that the successful candidate has the right attitude and behaviours to succeed in this role which include having excellent organisational skills, being proactive and take pride in everything they do.

• Have experience of implementing or managing an Information Security Management System (ISO27001) or generally managing and delivering on cyber security activities.
• Be highly organised and proactive in terms of the delivery of tasks and activities that support effective outcomes.
• Self-motivated, ability to work on your own or as part of a team.
• Be a good communicator, listening effectively with strong written and verbal communications skills.
• Have a willingness and ability to develop your skills as and where required.
• The ability to pay close attention to detail, meet deadlines and remain composed when dealing with stakeholders.
• Work independently at times and to actively collaborate as part of the team.
• Have, or be willing to, develop good technical problem-solving skills and strong analytical and investigative skills.
• Demonstrate an inquisitive mindset that is focused around asking questions and continually learning.
• Awareness of current cyber security risks and industry news.
• Hold SC clearance or have the ability to achieve it.

Desirable (but not essential)

• High level understanding of security frameworks e.g., ISO 27001, NIST CSF, PCI DSS and GDPR.
• Understanding of Government Security requirements, particularly list X or List N
• Vast experience of risk assessment and management techniques.
• CISSP, CISM, CESGCCP, CISA, CCSK Certified
• Knowledge of Microsoft 365 and/or Azure
• ISO27001 Lead Implementer Certified

Bridewell will provide a great career opportunity with continual development as well as the following:

• Competitive Salary
• 25 days holiday
• Flexible Working (around core office hours)
• Profit Share Scheme
• Company Pension
• Employee Shareholder Scheme
• Dedicated training budget
• Home Office equipment (for remote working employees)
• Cycle to Work Scheme
• Electric Vehicle Scheme
• Private Healthcare (incl. Gym discounts)
• Vision Care
• Birthday off (After 1 year)