IT security officer & ISO lead

About Scrumconnect

Scrumconnect Consulting is a UK-based digital transformation consultancy delivering agile, secure technology solutions for public and private sector clients. This is a fully remote role based in India, supporting our UK operations and client base. You will work closely with our UK leadership team and must be comfortable operating within UK regulatory and legal frameworks.

The Role

As IT Security Officer & ISO Lead, you will own Scrumconnect's information security programme end-to-end. You will ensure our policies, practices, and certifications meet UK legal requirements and international ISO standards. This is a hands-on  role with direct visibility to UK senior management, requiring a thorough understanding of the UK regulatory landscape alongside strong technical security expertise.

Key Responsibilities

•  Lead ISO certification and ongoing ISMS compliance across the organisation.

•  Ensure all security policies and practices comply with UK legislation and government guidelines.

•  Manage day-to-day IT security operations: SIEM, firewalls, endpoint protection, access controls, and vulnerability management.

•  Conduct risk assessments, internal audits, and third-party vendor security reviews.

•  Own and maintain the Incident Response Plan, lead response and post-incident reviews.

•  Deliver security awareness training to staff across UK and India teams.

•  Report on security posture and risk to UK senior leadership on a regular basis.

Requirements

Candidates must have strong, working knowledge of the following:

UK Laws & Legislation

•  UK General Data Protection Regulation (UK GDPR)

•  Data Protection Act 2018

•  Network and Information Systems (NIS) Regulations 2018

•  Computer Misuse Act 1990

•  Freedom of Information Act 2000 (relevant to public sector clients)

•  UK Privacy and Electronic Communications Regulations (PECR)

UK Government Security Frameworks & Guidelines

•  NCSC (National Cyber Security Centre) guidelines and advisories

•  Cyber Essentials and Cyber Essentials Plus certification framework

•  HMG Security Policy Framework (SPF)

•  UK Government's 10 Steps to Cyber Security

•  GDS (Government Digital Service) security standards

What We're Looking For

•  2+ years in IT security or information security roles.

•  Exposure to ISO 27001 , IS0 20000 controls and certification documents/process

•  Proven, hands-on knowledge of UK GDPR, Data Protection Act 2018, and NCSC guidelines.

•  Experience working with or supporting UK-based organisations or clients.

•  CISSP, CISM, CISA, or CompTIA Security+ (held or in progress).

•  Hands-on experience with SIEM platforms, vulnerability tools, and cloud security (AWS/Azure/GCP).

•  Excellent written and spoken English — able to communicate clearly with UK stakeholders.

•  Comfortable working UK business hours (GMT/BST) from India.

•  Degree in Computer Science, Information Security, or a related field.