Flexa
SilverRail Technologies • London/Remote

Security & Compliance Manager

Employment type:  Full time

1–2 days/week at home

A little flex time

Dog friendly

Job Description

**This is a hybrid remote/office position. We are looking for someone commutable to London so that you can come into our offices 1-2 times per month to collaborate with the team**

Rail is set to dominate short and medium haul travel around the world. It's faster, cheaper, greener and more convenient than air. With the current climate crisis, it is increasingly important to put this mode of transport at the forefront of people's minds. The trouble is, there’s nothing modern about rail’s online customer experience.

Our global company is working to solve that problem, delivering the digital infrastructure that opens up rail to the world! Our technology is powering rail and travel agencies across Europe, USA and Australia/NZ in both leisure and corporate markets.

SilverRail is committed to protecting customer data, building and maintaining secure systems and processes, and surpassing compliance requirements. Our globally distributed team, one-of-a-kind transactional API services, and international customer base require SilverRail to implement international and local compliance and privacy frameworks and industry best practices.

In this role you will have a significant impact on the design and implementation of our secure global networks and systems and cloud infrastructures and catalyze an increased security posture and culture among our employees.

To help us through this next phase of growth, we're looking for smart, forward-thinking, and motivated people, capable of reliably operating and adapting to the changing global requirements.

Key responsibilities and authorities

  • Update and maintain internal information security program (policies, procedures, PCI-relevant documentation) on a constant basis
  • Build upon and scale existing corporate and IT policies and procedures
  • Perform compliance gap assessments and project manage remediation efforts
  • Interface with external assessors - for example, oversee and manage PCI audits, internal & external penetration testing, security training, code analysis, etc including PCI audit
  • Diagram and maintain in-scope compliance data flows
  • Perform and analyze internal/external security scanning
  • Manage multiple, technical projects across the organization
  • Implement and maintain security awareness training
  • Respond to security and compliance RFIs and support contract and SLA negotiations
  • Plan and implement vendor security management program
  • Develop incident management and response processes, including business continuity and disaster recovery plans.
  • Interface with internal teams to revalidate scope and ensure control requirements are in place
  • Regularly organize and report progress, issues, and risks to senior staff

Competence and skills

  • Bachelors degree or equivalent experience
  • Information security designation (CISSP, CISM, or equivalent)
  • 5-7 years' experience in information technology
  • 3 or more years' experience designing and managing system security
  • Experience performing PCI gap assessments, remediation implementation, and supporting ROCs
  • Experience implementing ISO 27001
  • Experience with SafeHarbor, Data Transfer agreements, Model Contracts, and UK/EU Data Protection Acts
  • Current with General Data Protection Regulation
  • Working knowledge and strong understanding of security best practices for: Linux systems, network devices, IDS/IPS, virtual and cloud computing, Windows Active Directory, internet-facing applications.
  • Demonstrable enterprise project management skills
  • Strong oral and written communication skills and attention to detail
  • Familiarity with software best practices and SDLC
  • Experience utilizing common frameworks including Cobit/Coso, NIST, OWASP
  • Java secure coding best practices
  • Experience in conformance to ISO9001, ISO27018, ISO22301
  • Experience implementing or supporting SOX compliance audit
  • Compliance experience with AWS, Xen, Openstack, containers
  • Experience with Atlassian products (Jira, Confluence, Crowd)
  • Exposure to automation tools would be beneficial (i.e. Ansible, Chef, Puppet)
  • Experience with producing Risk and Control Frameworks.
  • Project management certification

Why us?

  • Our people are the heart of our business, which is why we put our culture at the centre of everything we do.
  • We are a hard working, forward thinking team that embraces a work life balance and has fun along the way.
  • We support flexible working and the view that we bring together great people that love what they do and collaboratively strive for excellence.
  • With an average Glassdoor grade of 4.7 and 100% recommendation rates we provide an awesome working environment with room to grow.
  • A unique opportunity to work for a tech start-up who are revolutionising the way we travel
  • A hybrid, flexible working model with a beautiful central London office, and the possibility to work from home on the other days
  • For the right candidate, we can offer a wealth of career development opportunities.
  • A company that encourages knowledge sharing and collaboration in a DevOps Culture.
  • Our teams health and wellness is important to us, so we offer a number of wellbeing seminars, yoga classes, and membership to the #1 leading meditation app
  • We offer a highly competitive rewards and benefits package including private healthcare and more.

Although we have been around for more than 10 years, we consider ourselves an agile start-up business and are using the Scrum framework for all our software development world-wide. We believe in fail-fast-fail-early and finding innovative solutions to complex problems. Especially in the European market we have developed into a force to be reckoned with given our agility and refreshingly novel approaches.

Come and join our team … we are Stronger Together!

*Please note, at this time we are unable to provide visa sponsorship*

Company benefits

Open to part-time employees
Sabbaticals
Enhanced maternity leave
Enhanced paternity leave
Adoption leave
Shared parental leave
Work from anywhere scheme
25 days annual leave + bank holidays
Pregnancy loss leave
Fertility treatment leave
Teambuilding days
Share Options
Health & Dental Insurance
Mental health days
L&D opportunities
Travel Opportunities
Location
96%
Employees are very happy with their working location freedom
Hours
93%
Employees are very happy with the flexibility in the hours they work
Benefits
81%
Employees are very happy with the benefits their company offers
Work-life balance
88%
Employees feel that they can find the perfect balance of life and work
Role modelling
92%
Employees feel that flexible working is part of the culture
Autonomy
93%
Employees feel they have complete autonomy over getting their work done

Additional employee ratings
(these do not contribute to the FlexScore®)

Diversity
85%
Employees feel that the diversity, and the efforts to improve and maintain it, are great
Inclusion
88%
Employees feel like the company culture is brilliantly inclusive and equitable
Culture
92%
Employees feel like it is a really great environment to work in
Mission
90%
Employees feel very excited about and aligned with the company mission
Salary
79%
Employees feel that their salary is good and matches the value they bring

Working at SilverRail Technologies

Company employees

154

Gender diversity (male:female:non-binary)

104:49:1

Office locations

London, Boston, Brisbane, Stockholm

Hiring Countries

Australia
Sweden
United Kingdom
United States

Awards & Achievements

Most flexible companies

Most flexible companies

Flexa100 2024
Travel & Transport

Travel & Transport

Industry awards 2023
Most flexible companies

Most flexible companies

Flexa100 2023
1st – Travel & Transportation

1st – Travel & Transportation

Industry awards 2022