Information Security Manager

You’ll be able to help us further develop our security stance, ensuring we continue to meet our existing compliance obligations while improving our defences, supporting our staff and delivering for customers. Security is a feature of our products and built into our company, we need a great person to pick up those responsibilities and help us build upon the importance we place on it.

What is the job?

We have a solid foundation in security policies and processes, but there's more work to be done. As our platform grows, so do the complexities of securing it. We need someone who can stay well-informed about security threats, understand and assess integrations, and ensure the safe flow of customer data. Your role will be crucial in prioritising these threats, determining their severity and likelihood, and knowing when to escalate them to our CISO.

Documentation is key—knowing what we need, who needs to know it, and where it applies. You’ll be responsible for improving existing documentation, creating new policies where necessary, and ensuring everything is clear and accessible. You'll also assist service owners in applying and verifying appropriate security controls, and you'll play an active role in our security incident response team, helping us learn and improve.

Security isn’t just about keeping the doors locked—it’s about making our products easier to sell and ensuring we comply with customer requirements. We’re committed to maintaining a solid security stance and to uphold our ethical and commercial responsibilities. Our operations and engineering teams have a good sense of right and wrong, but they need a trusted advisor—someone who can ensure we’re sticking to our rules and provide clarity when it’s needed most.

Responsibilities:

• Daily Monitoring and Response: Monitor security intelligence sources, including vendor notifications, security announcements, and internal system alerts. Respond to incidents, triage effectively, and provide clear communication to internal and external stakeholders, including responding to customer questions.
• Compliance and Audits: Manage our compliance obligations, including maintaining ISO certifications, Cyber Essentials, and handling external audits. Ensure that our policies and processes benefit the business without unnecessary bureaucracy.
• Access Control and Documentation: Oversee access control, assist with the secure configuration of systems, and ensure accurate, up-to-date documentation is available for staff and customers. Support service owners in applying appropriate security controls.
• Continuous Improvement: Identify and implement improvements in our security processes, from internal drills and staff training to refining incident response procedures and reporting mechanisms. Regularly review and update security documentation to reflect current best practices.

What you need to know:

• Cyber Security Background: You should have a background in cyber security. While we’re not expecting you to be a 20-year veteran, this shouldn’t be your first rodeo.
• Cloud Infrastructure Security: You should have a solid understanding of what operating and securing a cloud infrastructure environment looks like—or should look like. This includes knowledge of operational aspects, cost considerations, functionality, and identifying and mitigating risks.
• Third-Party Cloud Services: You should know what safely integrating and operating third-party cloud services (SaaS) entails. This includes conducting risk assessments, managing access control, and overseeing user management.
• Compliance Frameworks: A working knowledge of compliance frameworks, particularly ISO27001 and its associated ISMS, is essential. Experience with other frameworks, such as Cyber Essentials, would also be beneficial. You should understand how these frameworks work and how to manage the trade-offs they present.
• International Data Privacy: You should have an awareness of international data privacy regimes and their impact on operating in multiple territories simultaneously. We don’t expect you to be an expert in all of them, but you should know their existence and how to operate around them.

In this role, you will be the primary point of contact for security-related enquiries, ensuring that our security posture remains robust, effective, and aligned with both internal and external requirements.

Hiring and Salary information

Salary: £50,000 per annum full time

Remote/hybrid working

If you're interested, please complete the application form linked from this advert, and include your CV and an optional cover letter so that we can get to know a bit about you and why you want this role. 

Our hiring process can involve a short phone interview, but will usually be a video interview followed by a paid trial session. Each stage of the application and process is used to establish a good fit for both parties. 

Please contact us if you have any reasonable adjustment requirements. 

We follow personnel security standards equivalent to UK Baseline Personnel Security Standard and you will therefore need to satisfy basic eligibility criteria/certain conditions of employment (e.g. nationality rules/right to work); and provide appropriate documentation to verify ID, nationality, employment and/or academic history, criminal record (unspent convictions only).

We look forward to hearing from you