IT Security Manager
London, England, United Kingdom
Applications have closed
Causaly
Causaly is the fastest way to find evidence, explore hidden connections and make new predictions in biomedical scienceAbout us:
Founded in 2018, Causaly accelerates how humans acquire knowledge and develop insights in Biomedicine. We enable researchers and decision-makers to discover evidence from millions of academic publications, clinical trials, regulatory documents, patents and other data sources… in minutes.
Using our AI technology, we are developing the world’s biggest knowledge platform in Biomedicine powered by a high-precision Knowledge Graph.
We work with some of the world's largest biopharma companies and institutions on use cases spanning Drug Discovery, Safety and Competitive Intelligence. You can read more about how we accelerate knowledge acquisition and improve decision making in our blog posts here: Blog - Causaly
We are backed by top VCs including Index Ventures, Pentech and Marathon.
The role:
The IT Security Manager role is a fundamental piece of the Causaly puzzle. You will design and implement security best practice to ensure the safety of our data and confidence of our customers. You will ensure we remain compliant with ISO27001 and expand our security posture to include SOC2 and other accreditations as appropriate. You will advise our teams on how to engineer and deliver solutions with governance, compliance and risk in mind and you will contribute to the overall engineering strategy. Reporting in to the VP of Engineering as the first and principal member of the security team you will grow your role and responsibility as we expand.
What you’ll be doing:
Governance
- Take a leading role in the development of existing and creation of new policies and procedures that constitute the Causaly ISMS to help make security policy more accessible and understandable for colleagues
- Lead monthly security governance meetings by the submission of security metrics and prepare a monthly governance information pack.
- Manage the communication across the business to ensure policies are well socialised and awareness is maintained
- Collaboratively work with teams across the business to help develop a clear understanding of the policies and information needed
- Formally track, review and reassess all exceptions to security policy which may arise within the business.
- Own and maintain the Information Security Risk Register
Compliance
- Support the sales process by facilitating customer enquiries in relation to information security and data privacy
- Support external audits conducted in support of key information security certifications (SOC2, ISO27001, HIPAA)
- Drive continuous internal compliance efforts against said information security certifications through the design and execution of compliance audit procedures.
- Provide guidance and consultative engagement with the business relating to security and privacy compliance.
- Keep abreast of new developments in the Information Security and Data Privacy compliance and regulatory landscape.
- Evaluate security incidents for violations of company policy and or privacy principles and where found ensure that corrective action is taken to prevent further instances.
- Support the implementation and execution of a Vendor risk management program
- Optimise the GRC function through use of automation, in-house and open source solutions
Requirements
What we’re looking for:
- Practical experience of developing, publishing and maintaining information security policies, standards and guidelines
- A proven background in establishing and/or maintaining an Information Security Governance program acquired through several years of experience within one or several roles
- Experience within a cloud first business and a B2B startup environment
- Experience of Enterprise IT procurement
- CISSP, CISM, CISA, or other relevant security-related designation
- Significant experience with legal and regulatory compliance standards such as PCI-DSS, SOX, GDPR, HIPAA, CaCPA, etc.
- Experience with risk management in both a compliance and security context
Benefits
- Competitive compensation package
- Private medical insurance (underwritten on a medical health disregarded basis)
- Life insurance (4 x salary)
- Individual training/development budget through Learnerbly
- Individual wellbeing budget through Juno
- 25 days holiday plus public holidays and 1 day birthday leave per year
- Hybrid working (home + office)
- Potential to have real impact and accelerated career growth as an early member of a multinational team that's building a transformative knowledge product
Be yourself at Causaly... Difference is valued. Everyone belongs.
Diversity. Equity. Inclusion. They are more than words at Causaly. It's how we work together. It's how we build teams. It's how we grow leaders. It's what we nurture and celebrate. It's what helps us innovate. It's what helps us connect with the customers and communities we serve.
We are on a mission to accelerate scientific breakthroughs for ALL humankind and we are proud to be an equal opportunity employer. We welcome applications from all backgrounds and fairly consider qualified candidates without regard to race, ethnic or national origin, gender, gender identity or expression, sexual orientation, disability, neurodiversity, genetics, age, religion or belief, marital/civil partnership status, domestic / family status, veteran status or any other difference.
Tags: Audits Automation CISA CISM CISSP Cloud Compliance GDPR Governance HIPAA ISMS ISO 27001 Open Source Privacy Risk management SOC 2 Strategy
Perks/benefits: Career development Competitive pay Equity Health care Insurance Medical leave Startup environment
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Specialist jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Senior Cyber Security Engineer jobs
- Open Principal Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Staff Security Engineer jobs
- Open Product Security Engineer jobs
- Open Manager Pentest H/F jobs
- Open Senior Information Security Analyst jobs
- Open Cyber Security Specialist jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Cybersecurity Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Chief Information Security Officer jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Information Security Engineer jobs
- Open Security Specialist jobs
- Open Senior Penetration Tester jobs
- Open Security Researcher jobs
- Open Cybersecurity Specialist jobs
- Open Senior Security Architect jobs
- Open Sr. Security Engineer jobs
- Open IT Security Engineer jobs
- Open CISM-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open ISO 27001-related jobs
- Open Pentesting-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open Analytics-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open Security assessment-related jobs
- Open Malware-related jobs
- Open DevOps-related jobs
- Open Security Clearance-related jobs
- Open IDS-related jobs
- Open EDR-related jobs
- Open Forensics-related jobs
- Open CEH-related jobs
- Open Kubernetes-related jobs