Information Security Officer Consultant

Acuiti Labs is a specialist Global SAP consulting firm headquartered in London, UK, servicing clients globally for 'Consume to Cash' process transformation and optimization.

We solve business challenges and problems using the most appropriate solution architecture, technology which fits into the client's requirements and provides optimum functionalities, build tech platforms, and enable market-winning digital strategies. Our core expertise and experience are in technology R&D, digital and business strategy. We deploy efficient and effective talent solutions to enable innovation and build software products and solutions in a robust and economic manner. We also have innovative business engagement models to suit the needs of each client. For moreinformation, please visit our website.

• Most Innovative Companies in The UK - 2024
• Great Place to Work Certified - 2022, 2023, 2024 & 2025

We take pride in having a diverse and talented workforce spread across various geographical locations. We are a gender-neutral organization and we strongly believe in Diversity and Inclusion. Our core values include -

• Integrity
• Learning
• Organizational pride
• Respect

Innovation is at the heart of everything that Acuiti Labs offer. As an SAP Silver Partner, and an SAP BRIM company, Acuiti Labs has been delivering business technology solutions & digital transformation deploying SAP BRIM (Billing) on S/4HANA and cloud-based applications such as Subscription Billing, CPQ & Entitlement Management.

Acuiti Labs come with the experience of multiple industry use cases to support the subscription and consumption-based Target Operating Models. This includes Mobility-as-a-Service (Travel using Public Transport and Private Vehicles), Tourism-as-a-Service (Hotels, Entertainment Parks), Ports-as-a-Service (Airports and Seaports), Postal-as-a-Service, Telco-as-a -service, and Software-as-a-Service. "Our core expertise and experience lie in providing reliable technology, enabling digital transformation for an intelligent enterprise, and offering business strategy consulting, and deploying innovative and efficient solutions.

We are proud to be an organization that firmly believes in having a company culture that is friendly,motivating, nurturing, and challenging at the same time. we enthusiastically promote new policies and practices that ensures wellbeing of our employees.

We offer comprehensive benefits including life insurance, group medical coverage for you and your family, and personal accident protection. Enjoy a supportive work-life balance with flexible hours, paid time off, and various lifestyle perks. Be recognized with monthly rewards, spot bonuses, and growth shares, while advancing your career with training, global exposure, and onsite opportunities. We're committed to your development, diversity, and well-being.

TheInformation Security Officer (ISO)will be responsible for establishing, implementing, monitoring, and improving Acuiti Labs'Information Security Management System (ISMS)andData Protection frameworkin alignment withISO/IEC 27001:2013,ISO/IEC 27001:2022, andISO/IEC 27701:2019standards.

This role combines strategic planning, risk management, compliance oversight, and hands on execution to ensure robust protection of Acuiti Labs' information assets and adherence to regulatory and client requirements.

1. Planning

• Define information security goals and objectives aligned with Acuiti Labs' business strategy.
• Establish the scope and boundaries of the organization's ISMS.
• Develop and maintain information security policies, standards, and guidelines.
• Create classification policies for information assets and ensure appropriate handling procedures.
• Plan and implement ISMS in compliance withISO/IEC 27001standards.
• Develop risk management and security implementation frameworks with measurable KPIs.
• Define and maintain a process for continuous review and improvement of security policies and procedures.

2. Information Security Management

• Maintain and improve the organization-wideInformation Security and Risk Management Plan.
• Ensure integration of security principles into all business and IT processes.
• Conduct regularrisk assessments, vulnerability analyses, and impact assessments.
• Define and implementrisk treatmentandresidual risk evaluationmeasures.
• Oversee incident response, including documentation, analysis, and remediation of security breaches.
• Monitor compliance with legal, regulatory, and contractual requirements.
• Lead organization-widesecurity awareness and training programsand measure their effectiveness.
• DriveBusiness Continuity and Disaster Recovery Planning (BCP/DR)initiatives, including periodic drills and updates.
• Manage change control processes for ISMS and IT infrastructure updates.
• Ensure vendor and contractor compliance with organizational security standards.

3. Data Protection Officer Responsibilities

• Serve as the primary point of contact fordata privacy and protection matters.
• Ensure compliance withISO/IEC 27701:2019,GDPR, and other relevant data protection laws.
• Maintain detailed records of all data processing activities.
• Conduct periodicdata protection impact assessments (DPIAs).
• Respond todata subject requestsand coordinate with supervisory authorities as needed.
• Monitor changes in privacy laws and update internal practices accordingly.

4. Information Security Auditing

• Conduct internalISMS auditsat least annually or after significant infrastructure changes.
• Evaluate compliance withlegal, regulatory, and organizational information security requirements.
• Prepare and present audit reports with actionable recommendations to senior management.
• Lead remediation efforts and ensure timely closure of audit findings.

• Bachelor's or Master's degree in Information Technology, Computer Science, or related field.
• Relevant certifications such asCISSP, CISM, CISA, or CRISCare highly desirable.
• 5-10 years of progressive experience in Information Security, Risk Management, or IT Governance, ideally within theIT or SAP consulting industry.
• Proven experience implementing or maintainingISO/IEC 27001andISO/IEC 27701standards.
• Strong understanding ofIT audit principles,cybersecurity frameworks, andrisk assessment methodologies.

• In-depth understanding ofinfrastructure security,cloud platforms (AWS, Azure),network security, andidentity management.
• Experience withMicrosoft technologies(Windows Server, Active Directory, M365) andServiceNow.
• Strong knowledge ofSAP ecosystemsecurity considerations preferred.
• Exceptional communication, leadership, and stakeholder management skills.
• Ability to work independently, manage multiple priorities, and drive cross functional collaboration.
• Strong ethical standards, analytical mindset, and commitment to continuous improvement.
• Awareness of global data privacy regulations and cybersecurity trends.