Information Security Management System (ISMS) Controller

We are seeking a highly motivated Information Security Management System (ISMS) Controller to join our growing Information Security Team at GMSL.

Apply with your CV and covering letter


We are seeking a highly motivated Information Security Management System (ISMS) Controller to join our growing Information Security Team at GMSL.  This role will be responsible for a number of activities and take ownership of the continued improvement of our ISMS as we move forward on our journey to IS0 27001 compliance.

Company Overview

GMSL is the market-leading provider of 24/7 energy portfolio management services and software in Europe and plays a vital role in the energy business. We have unparalleled expertise in the industry, built up over 25 years of operating in energy markets throughout Europe. Our software is used by some of the largest energy companies in the world and is developed using our unique operations experience, giving us clear insight into our customers’ needs. For more background on GMSL see

Reporting to the Information Security Manager, this newly created role is an exciting opportunity for an experienced ISMS Controller to join a well-established and collaborative team.


The responsibilities of the ISMS Controller include:

  • Developing and maintaining appropriate information security policies, procedures, standards and frameworks and ensuring they are aligned with ISO/IEC 27001.
  • Identifying, assessing, and prioritising information security risks, and developing strategies to manage and mitigate these risks effectively.
  • Assessing and managing information security risks associated with third-party vendors and GMSL’s customers.
  • Developing policies and procedures to protect information assets.
  • Conducting regular reviews and risk assessments of information security controls and processes.  Implementing lessons learned to ensure continued improvement and staying abreast of emerging threat, vulnerabilities and best practices in information security.
  • Preparing security and risk reports for GMSL’s leadership and key stakeholders.
  • Implementing ongoing security awareness training programs to educate employees about the latest cyber threats and best practices.
  • Supporting, where appropriate, information security incidents and IT transformation projects.
  • Monitoring regulatory changes and ensuring compliance with laws, regulation and industry standards, specifically ISO/IEC 27001 standards.

Your experience

We are looking for someone who can be involved in designing, implementing, and maintaining GMSL’s ISMS to ensure compliance with the ISO 27001 standards. In view of this we are looking for someone who has:

  • Experience of implementing an ISMS in a range of organisational settings, including preparation for audit.
  • 3+ years of experience in information security or a related field.
  • Demonstrable understanding of information security principles, frameworks, specifically ISO27001, and best practices including knowledge of various security technologies, threat landscape, vulnerabilities and mitigation strategies.
  • Understanding of the terms and definitions used in the ISO 27001 Standard, including risk and options for risk assessments.
  • Familiarity with regulatory and compliance requirements (such as GDPR, NIS).
  • Proven policy, procedure and standard development experience.
  • Exceptional skills in conducting information security assessment and audits, with the ability to interpret results and present to leadership.
  • Excellent verbal and written communication skills.


The successful candidate will likely demonstrate the following traits, related to the requirements of the role:

  • Is detail-oriented, self-motived and able to work independently.
  • Has strong organisational skills and is analytical.
  • Is good at problem solving and with strong communication skills.

Preferred Qualifications

  • ISO 27001 Implementer or Lead Implementer

It would be beneficial to have ISO 27001 Lead Implementer and experience of MS Excel, MS Word.

It would be relevant to have ISO 27001 Lead Auditor and SharePoint experience, but not essential.


Salary will be reflective of your level of experience.

  • Location              Cambridge – Hybrid (3 days in the office, 2 days flexible working)
  • Job type               Permanent
  • Hours                   Mon-Fri, 37.5 hours per week


Our benefits include:

  • Annual discretionary bonus scheme
  • Company pension scheme (6% employer contribution)
  • 25 days’ holiday
  • Private health care
  • Flexible working hours and remote working
  • Casual dress and a relaxed environment
  • Employee assistance program
  • Loyal service award
  • Cycle to Work scheme
  • Fresh fruit and great coffee
  • Free access to Cambridge University Botanic Gardens
  • Monthly team pub lunches

How to apply

To apply, simply email us your CV and covering letter to

GMSL have a responsibility to ensure that all employees are eligible to live and work in the UK, proof of right to work in the UK will be requested prior to employment.

Return to Main Careers Page