Information Security Manager
London, England, United Kingdom
Turtl is an exciting software company with more than 300 customers around the world and 120+ employees based in London and Boston.
Our software enables anyone to create, personalize, publish and track digital documents - with no need for specialist design or coding skills. Turtl is used by businesses of all sizes, from small organizations to big names, such as Cisco, Nestle and Lexus. We think there’s huge potential for growth given the wide applicability of our software and the clear benefits we’re hearing from customers.
It’s a fast-paced work environment, so we’re looking for talented people who want to continuously learn and actively embrace challenges. You’ll find Turtl a straightforward and open place to work, where colleagues can be relied on to help.
We are at an exciting time in our journey and it’s a great time to be joining the team!
LONDON
Our London office is located within Second Home, Spitalfields, a unique coworking space in the heart of East London's tech hub. With an open-plan space, ideal for collaborative working and networking, this is home to a broad range of teams including Marketing, Customer Success, Sales, Account Management, Finance, Legal and People teams. We have on-site cafe, rooftop terrace/bar, weekly wellness and cultural events, as well as fully stocked kitchens within the building.
THE ROLE
The Information Security manager will be responsible for the professional and effective governance and management of all information, IT and Cyber Security requirements across the business in a newly created role.
WHAT YOU’LL DO
- Identify, implement and maintain an ISMS (information Security Management System) and define and embed best practices across the business
- Review statements, policies and procedures to ensure that they are relevant and kept updated
- Provide security guidance to relevant teams across the business
- Undertake regular risk assessments of the services being delivered to customers
- Identify and support the implementation of risk treatment controls
- Work with the business to understand the key risks associated with our third parties and clearly articulate this back to the business and senior stakeholders.
- Plan, implement, maintain, audit and test procedures for business continuity (BC) and disaster recovery.
- Be the point of contact for all compliance/information security, covering:
- Financial compliance (supplier setup, bank details, billing portal setup)
- Completion of any client information security questionnaires?
- Data protection
- Proactively maintain Whistic,
- Ensuring new versions of common standard are completed when they become available
- Completing ad-hoc questionnaires when there are well-publicized data breaches (Log4j etc)
- Be the point of contact for ISO 27001 audits
- Ensure regular compliance processes are carried out/booked in by relevant stakeholders:
- Employee training
- Background checking
- 6-monthly penetration testing
- 6-monthly disaster recovery/business continuity plan testing
- Quarterly backup testing
Requirements
- You are professionally qualified holding a recognised security accreditation (CISSP/CISM/CISA etc.,) or equivalent experience.
- You have experience of the implementation, operation and maintenance of an Information Security Management framework such as ISO27001 or NIST CSF.
- You have a good understanding of technology standards and control frameworks such as CIS, NIST, PCI, OWASP, ITIL and COBIT.
- You have knowledge of hardware, software, people and process vulnerabilities, how they occur, and of techniques that can be used to prevent or detect such vulnerabilities, or to mitigate their exploitation
- You have effective presentation and communication skills with a high attention to detail
- You have a good understanding of the UK Data Protection Act and the European General Data Protection Regulation
- You are adept at articulating IT security and technical issues to technical and non-technical audiences in a clear and actionable manner
- You have strong commercial acumen when taking actions or making decisions
- You are comfortable with ambiguity, highly autonomous
- You are comfortable working in a role that is new to the business so not yet well defined
Benefits
We offer a competitive base salary, share options within Turtl, plus up to 25 days of holidays (plus bank holidays), as well as a birthday day off. Funded by Turtl, you’ll be enrolled in our workplace pension, life assurance and Perkbox schemes. We offer our employees a flexible approach to hybrid working where they can split their time between working from home and the office.EQUAL OPPORTUNITIES STATEMENT
Turtl is an equal opportunity employer and is committed to growing a diverse workforce that represents all people regardless of race, ethnicity, religion, age, gender identity or expression, sexual orientation, disability or neurodiversity. We encourage applications from all backgrounds and will make any recruitment or interview adjustments that will ensure a comfortable candidate experience.
Please note we are considering full time and part-time applications.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Audits CISA CISM CISSP COBIT Compliance Finance Governance ISMS ISO 27001 ITIL NIST OWASP Pentesting Risk assessment Vulnerabilities
Perks/benefits: Competitive pay Equity Flex hours Flex vacation Startup environment Team events Wellness
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Staff Security Engineer jobs
- Open Information Security Specialist jobs
- Open Senior Security Analyst jobs
- Open Security Operations Engineer jobs
- Open Cyber Security Architect jobs
- Open Senior Cyber Security Engineer jobs
- Open Senior Information Security Analyst jobs
- Open Product Security Engineer jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Cyber Security Specialist jobs
- Open Cybersecurity Analyst jobs
- Open Principal Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Information Security Engineer jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Specialist jobs
- Open Security Specialist jobs
- Open Chief Information Security Officer jobs
- Open Security Researcher jobs
- Open Senior Penetration Tester jobs
- Open Senior Security Architect jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Senior Cyber Security Specialist jobs
- Open Information System Security Officer (ISSO) jobs
- Open Clearance-related jobs
- Open ISO 27001-related jobs
- Open Application security-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open Pentesting-related jobs
- Open CISM-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open Analytics-related jobs
- Open SaaS-related jobs
- Open IAM-related jobs
- Open CISA-related jobs
- Open Threat intelligence-related jobs
- Open Security assessment-related jobs
- Open DevOps-related jobs
- Open Java-related jobs
- Open Kubernetes-related jobs
- Open EDR-related jobs
- Open Malware-related jobs
- Open APIs-related jobs
- Open IDS-related jobs
- Open Security Clearance-related jobs
- Open CI/CD-related jobs
- Open DevSecOps-related jobs