IT Security Manager

About us:

Founded in 2018, Causaly accelerates how humans acquire knowledge and develop insights in Biomedicine. We enable researchers and decision-makers to discover evidence from millions of academic publications, clinical trials, regulatory documents, patents and other data sources… in minutes.

Using our AI technology, we are developing the world’s biggest knowledge platform in Biomedicine powered by a high-precision Knowledge Graph.

We work with some of the world's largest biopharma companies and institutions on use cases spanning Drug Discovery, Safety and Competitive Intelligence. You can read more about how we accelerate knowledge acquisition and improve decision making in our blog posts here: Blog - Causaly

We are backed by top VCs including Index Ventures, Pentech and Marathon.

The role:

The IT Security Manager role is a fundamental piece of the Causaly puzzle. You will design and implement security best practice to ensure the safety of our data and confidence of our customers. You will ensure we remain compliant with ISO27001 and expand our security posture to include SOC2 and other accreditations as appropriate. You will advise our teams on how to engineer and deliver solutions with governance, compliance and risk in mind and you will contribute to the overall engineering strategy. Reporting in to the VP of Engineering as the first and principal member of the security team you will grow your role and responsibility as we expand.

What you’ll be doing:

Governance

• Take a leading role in the development of existing and creation of new policies and procedures that constitute the Causaly ISMS to help make security policy more accessible and understandable for colleagues
• Lead monthly security governance meetings by the submission of security metrics and prepare a monthly governance information pack.
• Manage the communication across the business to ensure policies are well socialised and awareness is maintained
• Collaboratively work with teams across the business to help develop a clear understanding of the policies and information needed
• Formally track, review and reassess all exceptions to security policy which may arise within the business.

• Own and maintain the Information Security Risk Register

Compliance

• Support the sales process by facilitating customer enquiries in relation to information security and data privacy
• Support external audits conducted in support of key information security certifications (SOC2, ISO27001, HIPAA)
• Drive continuous internal compliance efforts against said information security certifications through the design and execution of compliance audit procedures.
• Provide guidance and consultative engagement with the business relating to security and privacy compliance.
• Keep abreast of new developments in the Information Security and Data Privacy compliance and regulatory landscape.
• Evaluate security incidents for violations of company policy and or privacy principles and where found ensure that corrective action is taken to prevent further instances.
• Support the implementation and execution of a Vendor risk management program
• Optimise the GRC function through use of automation, in-house and open source solutions

Requirements

What we’re looking for:

• Practical experience of developing, publishing and maintaining information security policies, standards and guidelines
• A proven background in establishing and/or maintaining an Information Security Governance program acquired through several years of experience within one or several roles

• Experience within a cloud first business and a B2B startup environment
• Experience of Enterprise IT procurement
• CISSP, CISM, CISA, or other relevant security-related designation
• Significant experience with legal and regulatory compliance standards such as PCI-DSS, SOX, GDPR, HIPAA, CaCPA, etc.
• Experience with risk management in both a compliance and security context

Benefits

• Competitive compensation package
• Private medical insurance (underwritten on a medical health disregarded basis)
• Life insurance (4 x salary)
• Individual training/development budget through Learnerbly
• Individual wellbeing budget through Juno
• 25 days holiday plus public holidays and 1 day birthday leave per year
• Hybrid working (home + office)
• Potential to have real impact and accelerated career growth as an early member of a multinational team that's building a transformative knowledge product

Be yourself at Causaly... Difference is valued. Everyone belongs.

Diversity. Equity. Inclusion. They are more than words at Causaly. It's how we work together. It's how we build teams. It's how we grow leaders. It's what we nurture and celebrate. It's what helps us innovate. It's what helps us connect with the customers and communities we serve.

We are on a mission to accelerate scientific breakthroughs for ALL humankind and we are proud to be an equal opportunity employer. We welcome applications from all backgrounds and fairly consider qualified candidates without regard to race, ethnic or national origin, gender, gender identity or expression, sexual orientation, disability, neurodiversity, genetics, age, religion or belief, marital/civil partnership status, domestic / family status, veteran status or any other difference.