Information Security Officer - England - ref. e83305419

ABOUT HOMEPROTECT

We founded Homeprotect on a simple principle – to provide protection to people underserved by the home insurance industry.

We’re experts at insuring people who want to build or buy a unique property, renovate, rent a home or leave it unoccupied. We can cover people who travel a lot, run a business from home or even collect rare treasures. We protect people who love living in a listed building, having a view of a river or sunbathing on a flat roof.

We can do this because our smart tech enables our customers to get an instant, online quote to cover a huge range of complex needs and our UK customer support teams are on hand to provide information and support when only a real person will do.

We’re all unique and we all deserve home insurance designed with our individual needs in mind – something our combination of real people and smart tech enables us to do.

Our simple promise? Whoever you are and wherever you live, with Homeprotect we’ve got you covered.

WHAT IT’S LIKE TO WORK HERE

We all bring our individual expertise, an appetite for innovation and a shared ambition to empower people to protect their homes and the things that they love.

We prefer to focus on the outputs of their work, not where they complete it. That said, there will be times when getting together in one location makes sense, but day-to-day, our teams have the freedom to decide where to work and we trust that they’ll make the right decision balancing the business needs and their own preferences.

Most companies think their culture is great, however at Homeprotect, we have the proof to back this up. We have been recognised externally as a Great Place to Work for the last five consecutive years.

Sound good? Read on to find out more about joining our team…

KEY RESPONSIBILITIES

This role is crucial for driving forward our maturity in InfoSec and aligning with broader organisational objectives.

Vendor Risk Management:

• Establish and oversee a programme to assess third-party vendors, ensuring they meet our InfoSec requirements, security best practices, and emerging FCA Operational Resilience standards.
• Conduct ongoing risk evaluations, address vendor compliance gaps, and continuously update risk profiles in line with evolving regulatory expectations.
• Assess vendors IT change management to ensure change do not impact our customers.
• Assess new technology vendors and exit strategies.

GRC Management:

• Develop and maintain IT risk frameworks, perform regular risk assessments, and ensure compliance with relevant regulations (e.g. GDPR, Data Protection Act, PCI-DSS).
• Own the creation, review, and implementation of InfoSec policies, procedures, and guidelines.

Data Governance:

• Collaborate with the wider Risk & Compliance team to ensure appropriate protection and handling of IT related data assets.
• Maintain the IT Risk Register and associated treatment plans.

Audit Execution:

• Plan and complete internal and external audits relating to IT security and compliance, ensuring thorough documentation and continuous improvement.

Incident Response & BCP:

• Maintain and enhance Business Continuity Planning (BCP) and Incident Response (IR) strategies to minimise IT disruptions and meet contractual and regulatory requirements.
• Point of contact for Incidents and ensure management of mitigation plans.

Stakeholder Collaboration:

• Work closely with the wider technology, and business teams to align InfoSec practices with operational needs and regulatory requirements.

Requirements

Knowledge, Skills and Experience:

We would love to hear from people with the following skills and experience for this role:

• Demonstrable experience in a GRC or Information Security role, with a focus on policy and procedural development.
• Strong understanding of regulatory and industry standards (e.g. GDPR, Data Protection Act, PCI-DSS, Cyber Essentials, NIST).
• Track record of implementing and maturing information security frameworks within an organisation.
• Experience executing internal/external audits, and someone who sees the value in conducting such exercises.
• Skilled at risk assessment, vendor oversight, and incident management.
• Excellent stakeholder management and communication skills, enabling effective collaboration across departments and with third parties.

If you’re looking to take the next step in your InfoSec career, driving meaningful change and shaping our GRC strategy, we’d love to hear from you.

Benefits

We think we have a fantastic company culture and welcome new team members with open arms. We also offer a great range of benefits, including:

• A genuinely flexible approach to work. We are really supportive of you flexing your hours and location to help you keep everything in your life in balance
• Opportunities to focus on your professional growth whether that’s through training or other personal development opportunities - we want you to build your long-term career with us
• 50% discount on home insurance for employees
• An in-house wellbeing programme including seminars and workshops from wellbeing coaches and professionals
• Home working starter kit and money to spend on additional equipment you may need
• Charitable giving scheme, so you can donate to our partner charity, or one of your choice
• The opportunity to work alongside brilliant people, because this isn’t something that every organisation can offer!

On top of that, we also offer all the standard stuff, like:

• 25 days’ holiday (plus bank holidays) and the ability to buy and sell >5 days annually
• Private medical cover
• Life insurance
• Annual discretionary bonus scheme
• Pension contribution
• Free fruit and really good coffee for the days you come into the office
• Local and national retail discounts

Have we captured your imagination? If so, we’d love to hear from you!