IT Security Manager
London, England, United Kingdom
CausalyCausaly is the fastest way to find evidence, explore hidden connections and make new predictions in biomedical science
Founded in 2018, Causaly accelerates how humans acquire knowledge and develop insights in Biomedicine. We enable researchers and decision-makers to discover evidence from millions of academic publications, clinical trials, regulatory documents, patents and other data sources… in minutes.
Using our AI technology, we are developing the world’s biggest knowledge platform in Biomedicine powered by a high-precision Knowledge Graph.
We work with some of the world's largest biopharma companies and institutions on use cases spanning Drug Discovery, Safety and Competitive Intelligence. You can read more about how we accelerate knowledge acquisition and improve decision making in our blog posts here: Blog - Causaly
We are backed by top VCs including Index Ventures, Pentech and Marathon.
The IT Security Manager role is a fundamental piece of the Causaly puzzle. You will design and implement security best practice to ensure the safety of our data and confidence of our customers. You will ensure we remain compliant with ISO27001 and expand our security posture to include SOC2 and other accreditations as appropriate. You will advise our teams on how to engineer and deliver solutions with governance, compliance and risk in mind and you will contribute to the overall engineering strategy. Reporting in to the VP of Engineering as the first and principal member of the security team you will grow your role and responsibility as we expand.
What you’ll be doing:
- Take a leading role in the development of existing and creation of new policies and procedures that constitute the Causaly ISMS to help make security policy more accessible and understandable for colleagues
- Lead monthly security governance meetings by the submission of security metrics and prepare a monthly governance information pack.
- Manage the communication across the business to ensure policies are well socialised and awareness is maintained
- Collaboratively work with teams across the business to help develop a clear understanding of the policies and information needed
- Formally track, review and reassess all exceptions to security policy which may arise within the business.
- Own and maintain the Information Security Risk Register
- Support the sales process by facilitating customer enquiries in relation to information security and data privacy
- Support external audits conducted in support of key information security certifications (SOC2, ISO27001, HIPAA)
- Drive continuous internal compliance efforts against said information security certifications through the design and execution of compliance audit procedures.
- Provide guidance and consultative engagement with the business relating to security and privacy compliance.
- Keep abreast of new developments in the Information Security and Data Privacy compliance and regulatory landscape.
- Evaluate security incidents for violations of company policy and or privacy principles and where found ensure that corrective action is taken to prevent further instances.
- Support the implementation and execution of a Vendor risk management program
- Optimise the GRC function through use of automation, in-house and open source solutions
What we’re looking for:
- Practical experience of developing, publishing and maintaining information security policies, standards and guidelines
- A proven background in establishing and/or maintaining an Information Security Governance program acquired through several years of experience within one or several roles
- Experience within a cloud first business and a B2B startup environment
- Experience of Enterprise IT procurement
- CISSP, CISM, CISA, or other relevant security-related designation
- Significant experience with legal and regulatory compliance standards such as PCI-DSS, SOX, GDPR, HIPAA, CaCPA, etc.
- Experience with risk management in both a compliance and security context
- Competitive compensation package
- Private medical insurance (underwritten on a medical health disregarded basis)
- Life insurance (4 x salary)
- Individual training/development budget through Learnerbly
- Individual wellbeing budget through Juno
- 25 days holiday plus public holidays and 1 day birthday leave per year
- Hybrid working (home + office)
- Potential to have real impact and accelerated career growth as an early member of a multinational team that's building a transformative knowledge product
Be yourself at Causaly... Difference is valued. Everyone belongs.
Diversity. Equity. Inclusion. They are more than words at Causaly. It's how we work together. It's how we build teams. It's how we grow leaders. It's what we nurture and celebrate. It's what helps us innovate. It's what helps us connect with the customers and communities we serve.
We are on a mission to accelerate scientific breakthroughs for ALL humankind and we are proud to be an equal opportunity employer. We welcome applications from all backgrounds and fairly consider qualified candidates without regard to race, ethnic or national origin, gender, gender identity or expression, sexual orientation, disability, neurodiversity, genetics, age, religion or belief, marital/civil partnership status, domestic / family status, veteran status or any other difference.
More jobs like this
Explore more InfoSec/Cybersecurity career opportunities
Find open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Analysis, Cryptography, Digital Forensics and Cyber Security in general, filtered by job title or popular skill, toolset and products used.
- Open Information Security Specialist jobs
- Open Information Security Officer jobs
- Open Staff Product Security Engineer jobs
- Open IT Security Engineer jobs
- Open Head of Information Security jobs
- Open Senior Security Operations Engineer jobs
- Open Senior SOC Analyst jobs
- Open Security Consultant jobs
- Open Information System Security Officer (ISSO) jobs
- Open Senior Information Security Analyst jobs
- Open Lead Security Engineer jobs
- Open Cybersecurity Analyst jobs
- Open Infrastructure Security Engineer jobs
- Open Staff Application Security Engineer jobs
- Open Senior Penetration Tester jobs
- Open Sr. Security Engineer jobs
- Open Senior Information Security Engineer jobs
- Open Senior Infrastructure Security Engineer jobs
- Open Staff Security Engineer jobs
- Open Senior Cybersecurity Engineer jobs
- Open IT Security Analyst jobs
- Open Offensive Security Engineer jobs
- Open Senior Security Analyst jobs
- Open Senior Air Defense/BMD Subject Matter Expert jobs
- Open Electronic Warfare Advanced Tactical Trainer jobs
- Open Clearance-related jobs
- Open GCP-related jobs
- Open Pentesting-related jobs
- Open Governance-related jobs
- Open Network security-related jobs
- Open Risk assessment-related jobs
- Open SaaS-related jobs
- Open ISO 27001-related jobs
- Open Forensics-related jobs
- Open Java-related jobs
- Open Malware-related jobs
- Open Vulnerability management-related jobs
- Open IDS-related jobs
- Open DevOps-related jobs
- Open Cryptography-related jobs
- Open Threat intelligence-related jobs
- Open CISM-related jobs
- Open Analytics-related jobs
- Open Kubernetes-related jobs
- Open APIs-related jobs
- Open TCP/IP-related jobs
- Open IAM-related jobs
- Open CISA-related jobs
- Open IPS-related jobs
- Open DevSecOps-related jobs