Information Security Officer

THE ROLE

AsanInformation Security Officer at Form3youllplay a pivotal role in strengthening and evolving our information security governance risk and compliance practices. Working within the Information Security teamyoullhelp ensure that Form3 continues tooperatesecurely andmaintainthe trust of our customers and partners.

Youllwork closely with teams across the organisationfrom Engineeringand Product toLegaland Riskteamsto embed security into business and technology decisions. This is a hands-on role that combines strategic oversight with practical execution ensuring our controls frameworks and awareness initiativesremainindustry leadingas we scale globally.

Whatyoulldo

• Apply expert knowledge of security frameworks and controls such as NIST ISO22301 ISO27001 ISO27017/18 ISAE3000/SOC2 and GDPR to support security governance.
• Support the development maintenance and continual improvement of the ISMS and BCMS.
• Assistin drafting andmaintainingInformation Security Policies and ensure alignment with business andcustomer requirements.
• Contribute to the planning and execution of external audits engaging directly with auditors and customers.
• Monitor and report on adherence to securitycontrolsacross all areas of the businessvia risk assessmentsand internal audits.
• Assess and support the remediation of information security risks non-conformities and issues across systems and services.
• Support vulnerability management processes from triage and tracking to remediation reporting in partnership withOffensive Security andEngineering teams.
• Conduct vendor and third-party security assessments ensuring suppliers meet Form3s security and compliance requirements.
• Partnerwith theDefensive Engineeringteamto ensure securityrequirements are built intoproductdevelopments.
• Deliver and enhance security awareness and training initiatives to promote a strong security culture across Form3.
• CollaboratewiththeSecurity Operations teamtomaintainsituational awareness of emerging threats and vulnerabilities ensuringtimelyescalation and risk-based response.

WERE LOOKING FOR

Form3s Information Security Governance Risk and Compliance (GRC) team plays a critical role in protecting the organisation sowerelooking for someone who is analytical collaborative and passionate about driving security on solving complex problems balancingdeeptechnicalknowledgewith strong governance principles and finding ways to make security scalable across a fast-moving cloud-native business.

Essential

• 5 years experience in Information Security ideally within a fast-paced technology or financial services industry.
• Strong working knowledge of frameworks such as ISO27001ISO22301SOC1 SOC2NIST and GDPR.
• Proven experience developing implementing and improving information security policies standards and controls aligned to recognised frameworks.
• Hands-on experience conducting audits risk assessments and business impact analyses.
• Hands-on experiencewith vulnerability managementwithin a complex and dynamic cloud environment
• Broad understanding ofcloud security
• Excellent communication and stakeholder engagement skills with the confidence to influence at all levels of the organisation.
• Analytical mindset with a focus on continual improvement and measurable outcomes.

Desirable

• Security-related qualifications such as CISSP CISM CISA or ISO27001 Lead Implementer/Auditor.
• Experience leading certification and attestation programmes such as ISO27001 ISO22301orSOC 2
• Experienceoperatingin regulated or high-availability environments such as financial services payments or critical infrastructure.
• Familiarity with GRC tooling and automation to streamline compliance risk and control management activities.

THE TEAM

This role sits within Form3s Information Security Governance Risk and Compliance (GRC) team and reports directly to the Head of GRC. As part of a highly collaborative security functionyoullplay a key role in shaping how Form3 managesinformation securityrisk compliance and assurance across all areas of the business.

The GRC team underpins Form3s securitystandardsdesigning andmaintainingthe frameworks policies and controls that keep our people systems and customers safe. Joining at this stage offers the opportunity to make a significant impact strengthening governance andcomplianceacross a cloud-native environment while helping define how security scales with the business.

INTERVIEW PROCESS

Stage 1:ScreeningCall with Talent Team

Stage 2:Interview with Principal Security Officer

Stage 3:Interview with Head of GRC

We always aim to stick to the above process however there may be occasions when anadditionalinterview stage is needed for us to be surewerehiring the right person!

HIRING LOCATIONS

Weare able toaccept applications from theUKonly.

All new joiners start their first day in our office to collect the equipment needed to work remotely. Well also arrange for some of your team to come in to say hi ensuring youre supported and have a positive first few days with Form3!

ABOUT FORM3

Revolutionising the world of payments with ourcutting-edgetechnology and innovative solutions. For more information aboutlife atForm3 check out the following pages:

What we doLife at Form3Benefits Podcasts

Required Experience:

Unclear Seniority