Information Security Officer

About the role

Aareon UK builds software that housing providers and property professionals rely on every day. As our product set grows, security and data protection matter more than ever. We're hiring a UK Security Officer to take ownership of security across the UK business. This is a senior role covering security across applications, platforms, infrastructure, and engineering. You'll also act as the UK Information Security Officer, helping protect customer data, maintain compliance, and keep security practical in day-to-day delivery. You'll be the main UK contact for the Group Security Operations Centre in Germany, making sure group direction works in practice for the UK business. You'll own the UK security programme, build on what is already in place, and help bring more consistency across our UK brands. Team & Scope This is initially an individual contributor role with strong matrix influence across teams. It works alongside CloudOps, IT, Le gal , Compliance an d Engineering . What You'll Be Responsible For 1. Developing and running the UK security strategy Set and deliver a clear UK security strategy that aligns with group direction while working for the UK business. You'll turn group guidance into practical local plans, set priorities, and help leadership make sensible investment decisions. A key part of the role is bringing more consistency across our UK brands. You'll also help shape and manage the UK security budget, making sure investment is focused on the right risks, controls, and priorities. 2. Governance, risk and compliance Own and improve our UK security governance. That includes the ISMS, policies, risk management, and the controls needed to meet our obligations. You'll make sure we stay on top of ISO 27001 , ISO 9 0 01 , Cyber Essentials, GDPR, and any relevant customer or sector requirements. You'll also support audits, due diligence, customer assurance activity, and third-party risk management, helping coordinate evidence, maintain assurance readiness, and improve how we manage security obligations across the UK business. 3. Security operations, vulnerability management and incident support Help oversee day-to-day security operations for the UK, working closely with CloudOps and the Group SOC. You'll support and coordinate security incidents when they happen, making sure the right people are involved and that follow-up actions are properly seen through. You won't always lead incidents, but you will provide clear security ownership. You'll also own penetration testing and vulnerability management, helping teams make sensible, risk-based decisions about remediation, sequencing, and technical debt. 4 . Security in engineering and platform delivery Work with engineering, architecture, product, platform, and DevOps teams to make sure security is built into how we design, build, and run systems. This includes secure coding, design reviews, threat modelling, DevSecOps practices, and cloud security. The role is about working with existing technical experts to make good, pragmatic, well-informed security decisions. 5. Policy, awareness and cross-functional working Keep our security and q uality policies and standards up to date, practical, and usable. Support security awareness through clear guidance, communication, and training where needed, while aligning with group-led activity where that is handled centrally. You'll work across engineering, product, IT, data, legal, compliance, HR and operations to keep security visible and joined up across the business. 6. Resilience, disaster recovery and business continuity Work with technical and business teams to strengthen disaster recovery strategy and business continuity planning across the UK estate. You'll help make sure recovery expectations are clear, plans are practical, risks are understood, and resilience is tested in a proportionate wa