Information Security Officer

About the role

The Information Security Officer will lead the development, implementation and continuous improvement of the Information Security Management System (ISMS) for Toyota Financial Services UK. You will ensure compliance with corporate policies, regulatory requirements and industry best‑practice frameworks while promoting a strong security culture across the organisation.

Key responsibilities

• Maintain and mature the ISMS in line with ISO27001:2022, GDPR, SOX, PCI‑DSS and Cyber Essentials Plus.
• Develop, update and enforce information security policies and procedures.
• Manage third‑party due‑diligence, supplier security reviews and contract assessments.
• Produce regular security metrics, risk register updates and senior‑leadership reports.
• Operate GRC and supplier assessment tools, and oversee audit findings and remediation activities.
• Collaborate with the Data Protection Officer, Legal and Compliance teams to protect organisational data.
• Run the Information Security Awareness programme, including training schedules and monthly phishing simulations.
• Lead the annual Security Incident Response Test and ensure remediation of identified gaps.

Required profile

• Proven experience in information security within a regulated financial environment.
• Strong knowledge of ISO27001, GDPR, SOX, PCI‑DSS and Cyber Essentials frameworks.
• Ability to work with senior leadership and cross‑functional teams.
• Experience managing risk registers and security incident response testing.

Required skills

• ISO27001:2022 implementation and maintenance
• GDPR compliance
• Sarbanes‑Oxley (SOX) controls
• PCI‑DSS requirements
• Cyber Essentials Plus certification
• GRC tool administration
• Supplier assessment tool usage
• Risk register management
• Security Incident Response testing
• Phishing campaign coordination

What we offer

• Competitive salary
• Annual bonus
• Car allowance
• Extensive benefits package