Information Security Manager

We’re on a mission to provide equitable access to economic opportunity, for everyone.

We close critical skill gaps in the workforce through a new kind of apprenticeship that combines work and learning. We begin by recognizing high-potential individuals both inside and outside of a company's current workforce and then we create applied, guided and equitable learning programs, with measurable impact. Because we believe the world needs a better way to match its potential.

We work with over 1,500 leading companies including the likes of Microsoft, Citi and Just Eat to help solve their business-critical problems, and we’ve trained over 16,000 professional apprentices in the tech and data skills of the future. This is made possible by our global team who are driven to achieve a mission that matters, together.

Join Multiverse and help us set a new course for work.

The opportunity

As an Information Security Manager at Multiverse, you will support our Infosec Director and Privacy team to help us secure our modern cloud-native platforms. You will help by securing work delivered by dev ops engineers, IT operations (end-user computing), suppliers, and support client security requirements.

Please note we cannot offer sponsorship for this role.

Specifically, you will: 

• Help to build and scale out a secure engineering culture, working with teams to embed secure engineering practices & secure–by–design principles

• Review the security posture of our cloud platforms and identify cloud security risks and issues and work with our platform and product teams to improve our platforms.

• Deliver clear recommendations for building security capabilities to deliver security policy and compliance objectives.

• Lead internal learning sessions, giving our security champions help and support to improve their security knowledge

• Conduct maturity assessments of application security practices

• Improve security culture and awareness program for Engineering / IT Operations / Business Teams

• Support our sales teams/clients with timely completion of Self Assurance Questionnaires (SAQ) accurately at pace.

• Review client contracts for security/privacy requirements, assessing compliance posture and suggesting mitigations if required.

• Manage delivery of security tooling.

• Produce Documentation - documenting standard operating procedures (SOPs), Policy reviews and updates.

• Secure critical business products/services to internal requirements in line with good practise and to meet client expectations.

About you:  

• Experience leading security engineering teams Secure By Design / Privacy By Design

• You will have lived experience of running/being part of security operations such as running security operation centres, responding to security incidents/breaches, overseeing patching/vulnerabilities or hardening systems.

• Comfortable working at pace to deliver systems and security designs, patterns and decisions.

• Experience managing team ways of working and ownership of work items.

• ​​From a leadership perspective you will understand the power of diverse thought, kindness, humanity, creating the conditions for success, learning from failure.

• Experience working with senior stakeholders, working between multiple teams, building complex services in code and working in a culture of continuous release.

• Prepared to respond to security incidents to minimise the impact on the business, 

• Experience supporting Governance, Risk and Compliance across the business, enforcing compliance with key data and security policies.

• Supplier Assurance – supply chain security, completing client Self Assurance Questionnaires (SAQ).

• Expertise in planning and delivering roadmaps, contributing to our cloud security strategy

• Good understanding of security risk management in a cloud security context, and of cloud security principles

• Knowledge of multiple regulatory requirements e.g UK GDPR, CCPA

• Expertise in security and compliance frameworks and standards, e.g. CE+, NIST SP 800-207

Bonus points if you have or are willing to learn:

• Security Architecture

• Knowledge of Infrastructure as Code

• Knowledge of Azure, Google, AWS, and Kubernetes cloud–native services

• Securing GitOps and Continuous Deployment

• Identity and Access Management, including securing privileged access

• Relevant certifications such as SABSA, CISSP, CCSK, AZ–500, GIAC, CISM, ISO Lead Auditor/ Implementer, CISLA, CISMP, Security +, AWS Certified Security, MSc Information Security

Benefits

• Time off - 27 days holiday, plus 7 additional days off: 1 life event day, 2 volunteer days and 4 company-wide wellbeing days 

• Health & Wellness- private medical Insurance with Bupa, a medical cashback scheme, life insurance, gym membership & wellness resources through Gympass and access to Spill - all-in-one mental health support

• Hybrid & remote work offering - with weekly or monthly visits to the London office and the opportunity to work abroad 45 days a year

• Team fun - weekly socials, company-wide events and office snacks!

Our commitment to Diversity, Equity and Inclusion

We’re an equal opportunities employer. And proud of it. Every applicant and employee is afforded the same opportunities regardless of race, colour, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender, gender identity or expression, or veteran status. This will never change.

Safeguarding

All posts in Multiverse involve some degree of responsibility for safeguarding. Successful applicants are required to complete a Disclosure Form from the Disclosure and Barring Service ("DBS") for the position. Failure to declare any convictions (that are not subject to DBS filtering) may disqualify a candidate for appointment or result in summary dismissal if the discrepancy comes to light subsequently.