Overview

Monday – Friday (37.5 hours per week - hybrid).Benefits

25 days holiday (rising to 28 after 3 years’ service) plus bank holidays.Private Medical - via vitality, with reward schemes paid for you and your family.Health cash plan - via Simply Health for employees and children.Pension – Oodle will contribute 5% of your salary into your pension pot.Free breakfast, drinks and fruit in the office.Employee discounts for major shops.1 day volunteer day per year.Mental health care – 6 free counselling sessions via our EAP.Paid sick leave – enhanced company sick pay.Enhanced family leave – enhanced leave for primary and secondary caregivers.What you’ll be getting up to

Maintain and operate the Cyber Risk Register, ensuring timely tracking and treatment of issues. Provide reporting for key governance committees.Deliver the Information Risk Assessment Programme, engaging business and technical stakeholders to assess and manage cyber threats and risks.Deliver Supplier Risk Assessments, working with procurement and business teams to assess and monitor third-party risk through the supplier life-cycle.Facilitate and document Security Risk Exceptions.Cyber Training and Awareness:

Contribute to the design and rollout of security awareness content and phishing simulation programmes to embed a strong cyber culture.Security Policy Framework:

Support ongoing development, maintenance, and communication of the organisation’s Security Policy framework, reviewing and updating policies and procedures.Cyber Security and Resilience Compliance:

Coordinate compliance efforts across standards such as PCI-DSS, audits, user access reviews, and FCA operational resilience requirements. Work with stakeholders to manage remediation actions and audit responses.Support Cyber Incident Management:

Act as a supporting resource in cyber incident response activities, logging, tracking and learning from incidents and near misses.Qualifications

A minimum of two years'' experience in a cyber risk / information security role.Working knowledge of cyber risk frameworks (e.g. ISO 27001, NIST CSF).Experience maintaining risk registers and conducting information risk assessments, including supplier risk assessments.Understanding of regulatory and compliance requirements (e.g. PCI-DSS).Excellent communication skills, with the ability to articulate technical and risk concepts to diverse stakeholders.Proactive and structured approach to managing tasks and stakeholders.Collaborative mindset to strengthen the organisation’s security posture, in line with business objectives.Certified qualifications such as CRISC, CISMP, CISM, CISSP, ISO 27001 Lead Implementer, or equivalent.Experience with GRC tools (e.g. OneTrust, Archer, Protecht).Awareness of cloud platforms and SaaS (e.g. Microsoft Azure, M365, AWS) and associated security risks.Understanding of SYSC15 Operational Resilience (FCA Handbook).Exposure to incident management or data breach support.Our values

Embrace being humanStrive for awesomeEveryone’s a builderBravely honestThink customerOodle is proud to be an inclusive workplace and recognises diversity of experience, thoughts and backgrounds leads to better outcomes. We have DEI networks to support our culture.

#J-18808-Ljbffr