IT & Cybersecurity Manager

To support the growth of the business, we are looking to build up our Operations team with an IT & Cybersecurity Manager. We need to create, implement and maintain internal technology and cybersecurity processes to keep our data safe and the company running smoothly.

About us

We’re an award-winning enterprise software scale-up and we have high ambitions for growth. We’ve been recognised as Scotland’s fastest growing tech company in the Deloitte Technology Fast 50 for the last three years, and in 2022 ranked in the top 100 fastest growing European companies in the FT 1000.

Dayshape is an intelligent planning platform, which allows professional services firms to optimise their workforce like never before. By using AI technology, Dayshape helps large organisations plan and manage their people and complex projects with ease.

As a company, we live our values every day and we're committed to making sure our friendly and inclusive environment grows with us.

Organisational context

We achieved our ISO27001 certification for the first time last year and the person in this role will be responsible for ensuring that we maintain this, both on an everyday basis and in terms of managing the annual audit process. We’re also starting to expand the company, so we’ll need to expand and redefine our scope for certification to make sure we’re staying secure and compliant over time.

This is a crucial role to ensure we’re able to expand our business by giving our customers confidence in our IT operations. We expect to look at other certifications (e.g. SOC2) over time as well, so we’re looking for somebody experienced to help us achieve and maintain these as we grow internationally.

To start with, this will be the sole IT & Cybersecurity role in the business. You’ll work collaboratively with several other departments and manage the relationship with our MSP, m3 Networks. In time, it’s likely this role will also be responsible for building out an in-house IT/data team. It’s not an immediate priority so we’re not looking for somebody with heaps of people management experience, but there’s certainly room for growth in the role.

What you’ll do

You’ll oversee all aspects of IT, Digital Compliance and Cybersecurity at Dayshape. We’re looking for somebody who will be able to make best practice recommendations and change manage those improvements within the company.

In addition, you'll oversee our day-to-day IT and data security needs to keep things running smoothly. Overall, the person in this role will:

Lead strategically:

• Develop, implement and monitor a strategic, comprehensive, and practical IT security and risk management program to ensure the integrity, confidentiality, and availability of data
• Develop, maintain and execute a proactive information security strategy that evolves with Dayshape as we grow
• Research and install effective IT practices and systems, monitoring regularly to test and ensure that the team complies with policies and requirements
• Provide strategic and tactical security guidance for all IT programmes and practices, including the evaluation and recommendation of technical security and contractual controls
• Monitor processing and retention of client data; responsible for the overall data lifecycle, ensuring that only required information is gathered, processed properly, and securely disposed of
• Identify acceptable levels of risk, while balancing business needs, and establish roles and responsibilities regarding information classification and protection
• Identify areas for improvement and proactively implement solutions
• Develop relevant metrics to measure and report on the efficiency and effectiveness of the security programmes
• Be responsible for presenting overall security risk to senior leadership
• Be overall responsible for data security, assisting in the investigation of security incidents and events to protect IT, intellectual property, and information assets. As necessary, lead the real-time management of responses to and resolution of an IT security event or breach

Embed best practice company-wide:

• Create, update, and manage information security/risk management awareness and training programs for all employees and contractors
• Champion a culture of IT security across the company, offering support and advice to other members of the team as needed
• Research and stay up to date with the latest developments in IT and new technologies

Oversee the day-to-day:

• Evaluate IT needs across the company, ensuring we have the appropriate facilities to meet these needs
• Oversee provisioning of hardware and software, negotiating with suppliers to ensure cost-effectiveness
• Track inventory and status for hardware and software
• Own access management for all of our tools and systems
• Maintain the smooth and secure running of all IT systems, including anti-virus software, scheduling upgrades, organising troubleshooting or repair for IT equipment, and regular monitoring for compliance with policies and other requirements
• Facilitate employee onboarding/offboarding: ensuring new employees have the equipment, training, and tools to get off on the right foot, and making sure equipment and information is secure when people leave

Collaborate externally:

• Contribute to customer IT and security questionnaires, potentially liaising with their counterparts regarding any queries
• Plan and coordinate internal and third-party led test, assessments and audits of IT security capabilities. Institute “table top” planning or other readiness practices as appropriate.
• Manage the relationship with key suppliers, including m3 Networks

About you

• Significant, demonstrable experience in IT operations, knowledgeable on IT infrastructure and operations best practices
• Experience taking initiative to proactively improve systems and processes
• Experience working in small teams, working collaboratively and cross-departmentally to manage projects and get things done
• Excellent communication skills: able to build trust and get buy in across the company, and able to clearly translate technical issues and requirements into business needs
• Knowledge of ITIL processes and best practices
• Familiar with ISO27001 (or similar certification) and experienced at maintaining relevant controls
• Knowledgeable about GDPR, data protection and information governance
• Highly organised and adaptable, able to prioritise effectively in a fast-paced environment
• A motivated self-starter, helping us achieve our big picture goals in IT while also remaining hands-on in the day-to-day
• Excited to work at both a strategic and operational level and comfortable moving between these levels with ease

Bonus points if you have:

• Certified Information Systems Auditor (CISA) or Certification for the Information Systems Security Professional (CISSP) or Certified Information Security Manager (CISM)
• Experience in achieving ISO27001 (or similar certification) end-to-end in an agile/start-up organisation
• Experience managing an IT budget and negotiating with suppliers
• Experience in a startup (or similarly fast growth) environment where you’ve developed and implemented new processes from scratch
• Experience managing information security for remote/distributed staff, including mobile device management
• Experience managing/administrating Google Workspace
• Familiarity with both Windows and Mac for IT administration (though we are primarily a Windows-based environment)

What you’ll get

• Salary c. 50,000 - £55,000, dependent on experience
• At least £1,000 per year to spend on professional and personal development
• 33 days' holiday per year (including bank holidays), increasing by 1 day each year to a maximum of 40 days
• Private healthcare and rewards through Vitality
• Income protection and death in service cover
• Matched 5% auto-enrolment workplace pension scheme
• Cycle to work salary sacrifice scheme
• EMI options as part of our employee share options scheme
• Access to wellbeing offerings, such as our Employee Assistance Programme and a dedicated counselling service
• Innovation Week twice a year - a chance to experiment and work off-project
• Weekly All Hands meeting for inspiration and over-communication
• Time out of the working week for team socials each month, with a mix of in-person and virtual options: past events include hiking, family BBQs, online games, D&D, and at-home cocktail classes!
• Genuinely nice, smart people to work with, who are excited about growing our company
  

Working Details

This is a full-time role (37.5 hours per week). We typically work from 09:00 - 17:30 from Monday to Friday, though we can be pretty flexible around the hours, just let us know if you’d be looking for a slightly different arrangement.

This role will be based from our office in central Edinburgh. We're making the most of hybrid working, so you won’t need to come into the office every day (unless you want to!), but we’ll need somebody within commuting distance to handle any on-site IT issues.

Join the team!

Equality of opportunity is more than just a responsibility: we believe it’s a huge advantage to welcome a variety of experiences and perspectives into the team. Diversity is a great asset and, as such, we strongly encourage applications from any background.

This is your opportunity to really influence how we get things done, and how we grow securely and effectively. We're doing well, but there's lots more to do in order to maintain the high bar and pace that we've set.

Everyone here is growing personally as the company grows, so if that sounds like something you’d like to be part of, we’d love to see your application. The deadline for applications is 09:00 Monday 04 July 2022. Initial phone calls will be conducted between 06 - 08 July, with follow-up interviews taking place between 11 - 15 July.