Information Security Manager

London, England, United Kingdom

Applications have closed

Turtl is an exciting software company with more than 300 customers around the world and 120+ employees based in London and Boston.

Our software enables anyone to create, personalize, publish and track digital documents - with no need for specialist design or coding skills. Turtl is used by businesses of all sizes, from small organizations to big names, such as Cisco, Nestle and Lexus. We think there’s huge potential for growth given the wide applicability of our software and the clear benefits we’re hearing from customers.

It’s a fast-paced work environment, so we’re looking for talented people who want to continuously learn and actively embrace challenges. You’ll find Turtl a straightforward and open place to work, where colleagues can be relied on to help.

We are at an exciting time in our journey and it’s a great time to be joining the team!

LONDON

Our London office is located within Second Home, Spitalfields, a unique coworking space in the heart of East London's tech hub. With an open-plan space, ideal for collaborative working and networking, this is home to a broad range of teams including Marketing, Customer Success, Sales, Account Management, Finance, Legal and People teams. We have on-site cafe, rooftop terrace/bar, weekly wellness and cultural events, as well as fully stocked kitchens within the building.

THE ROLE

The Information Security manager will be responsible for the professional and effective governance and management of all information, IT and Cyber Security requirements across the business in a newly created role.

WHAT YOU’LL DO

  • Identify, implement and maintain an ISMS (information Security Management System) and define and embed best practices across the business
  • Review statements, policies and procedures to ensure that they are relevant and kept updated
  • Provide security guidance to relevant teams across the business
  • Undertake regular risk assessments of the services being delivered to customers
  • Identify and support the implementation of risk treatment controls
  • Work with the business to understand the key risks associated with our third parties and clearly articulate this back to the business and senior stakeholders.
  • Plan, implement, maintain, audit and test procedures for business continuity (BC) and disaster recovery.
  • Be the point of contact for all compliance/information security, covering:
    • Financial compliance (supplier setup, bank details, billing portal setup)
    • Completion of any client information security questionnaires?
    • Data protection
  • Proactively maintain Whistic,
    • Ensuring new versions of common standard are completed when they become available
    • Completing ad-hoc questionnaires when there are well-publicized data breaches (Log4j etc)
  • Be the point of contact for ISO 27001 audits
  • Ensure regular compliance processes are carried out/booked in by relevant stakeholders:
    • Employee training
    • Background checking
    • 6-monthly penetration testing
    • 6-monthly disaster recovery/business continuity plan testing
    • Quarterly backup testing

Requirements

  • You are professionally qualified holding a recognised security accreditation (CISSP/CISM/CISA etc.,) or equivalent experience.
  • You have experience of the implementation, operation and maintenance of an Information Security Management framework such as ISO27001 or NIST CSF.
  • You have a good understanding of technology standards and control frameworks such as CIS, NIST, PCI, OWASP, ITIL and COBIT.
  • You have knowledge of hardware, software, people and process vulnerabilities, how they occur, and of techniques that can be used to prevent or detect such vulnerabilities, or to mitigate their exploitation
  • You have effective presentation and communication skills with a high attention to detail
  • You have a good understanding of the UK Data Protection Act and the European General Data Protection Regulation
  • You are adept at articulating IT security and technical issues to technical and non-technical audiences in a clear and actionable manner
  • You have strong commercial acumen when taking actions or making decisions
  • You are comfortable with ambiguity, highly autonomous
  • You are comfortable working in a role that is new to the business so not yet well defined

Benefits

We offer a competitive base salary, share options within Turtl, plus up to 25 days of holidays (plus bank holidays), as well as a birthday day off. Funded by Turtl, you’ll be enrolled in our workplace pension, life assurance and Perkbox schemes. We offer our employees a flexible approach to hybrid working where they can split their time between working from home and the office.

EQUAL OPPORTUNITIES STATEMENT

Turtl is an equal opportunity employer and is committed to growing a diverse workforce that represents all people regardless of race, ethnicity, religion, age, gender identity or expression, sexual orientation, disability or neurodiversity. We encourage applications from all backgrounds and will make any recruitment or interview adjustments that will ensure a comfortable candidate experience.

Please note we are considering full time and part-time applications.

* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰

Tags: Audits CISA CISM CISSP COBIT Compliance Finance Governance ISMS ISO 27001 ITIL NIST OWASP Pentesting Risk assessment Vulnerabilities

Perks/benefits: Competitive pay Equity Flex hours Flex vacation Startup environment Team events Wellness

Region: Europe
Country: United Kingdom
Job stats:  9  2  0
Category: Leadership Jobs

More jobs like this

Explore more InfoSec / Cybersecurity career opportunities

Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.