Once For All is a high-growth, cloud-based, SaaS subscription business. Our technology helps our customers to manage their supply chain governance, risk management and compliance. We work across public and private sector and have over 250k customers across the UK across 20 different sectors including construction, transport, retail, hospitality education, facility and property management, manufacturing, local and central government.
Role Summary:
The Information Security Officer is responsible for implementing, maintaining, and overseeing information security and cybersecurity policies, procedures, and controls to protect the organization’s digital assets. They work closely with the CISO, Legal, Compliance, technical and business teams to ensure proactive protection against cyber threats, regulatory compliance, risk management and response to security incidents.
The role will build relationships with departments to ensure identification and continuous progression of security threats in our fast-paced SaaS technology business. This role blends operational security, threat intelligence, and user education to support a
robust security posture across the organisation.

CANDIDATE REQUIREMENTS:

• Minimum of 3 years in a similar cybersecurity role.
• Experience of developing and implementing security policies and procedures to meet ISO and other standards.
• Experience in protecting confidential and sensitive information.
• Working knowledge of networks, operating systems, firewalls, proxies, EDR, SIEM, Cryptology and AI.
• Experience in crisis management and incident response.
• Up-to-date knowledge of emerging security trends and technologies.
• Ability to develop and integrate contingency plans.
• Experience in Cybersecurity risk assessment and management.
• Knowledge of security audits and supervision in accordance with European and International regulations.
• Proven experience of protecting SaaS environments.
• Proven skills in analysis and teamwork.
• Ability to speak English (C1) and French (B2).
• Ability to speak Spanish to C1 level desired.
• Ability to communicate clearly with technical and non-technical stakeholders at all levels of the business.
• Experience supporting SOC 2,NIS2, ISO 27001, or GDPR compliance programs.
• Knowledge of SaaS architecture and cloud platforms (e.g., AWS, Azure, GCP).
• Familiarity with penetration testing methodologies and remediation workflows.
• Passion for educating others and promoting a security-first culture.
• Discreet and ethical approach to handling sensitive information.
• Proactive mindset with a passion for continuous improvement in security practices.
• May require occasional availability during out of hours support for incident response.

• Develop, integrate, maintain, and establish information security policies, standards, and procedures or guidelines across the organisation.
• Development of new organizational processes within the organization.
• Ensure the organization’s internal regulatory compliance.
• Monitor compliance with regulations such as ISO27001, NIST, NIS2, SOC2, ENS, or ANSSI.
• Maintenance of Information Security KPIs for the maintenance of existing certifications.
• Analysis and management of the authorization of HR, IT, TECH and business processes.
• Identify and manage potential risks and threats.
• Deliver Information Security and Cybersecurity project management.
• Monitor and manage digital access controls across cloud platforms, internal systems, and third-party tools.
• Assist in the detection, investigation, and response to security incidents, including unauthorized access, phishing attempts, and data anomalies.
• Collaborate with cybersecurity teams and other third parties to analyse threat intelligence feeds and proactively identify emerging risks.
• Participate in vulnerability assessments and support external/internal penetration testing efforts.
• Conduct regular audits of user permissions, authentication logs, and endpoint security compliance.
• Develop and deliver security awareness training programs for employees, including social engineering simulations and best practices.
• Maintain detailed records of incidents, access violations, and remediation actions.
• Perform risk assessments, policy reviews and development, and continuous improvement of security operations.