Information Security Manager

Job Description

We’re on a mission to create a diverse group of future leaders. We do that through professional apprenticeships because we believe learning on-the-job creates a more equitable and successful path to careers. We find, train and support talented individuals, wherever they are in their career journey, and equip them with the in-demand tech, software engineering, and data skills to transform their careers and deliver a better route to growth for their employers.

We’ve had some big achievements. We hit 10,000 apprentices in our community - and counting. We launched one of the largest data apprenticeship programs in the UK with Jaguar Land Rover, and we’ve partnered with companies like Mars, Verizon and CitiBank. Not to forget becoming a mission-driven EdTech unicorn after our $220m Series D.

But we aren’t stopping here. Join Multiverse and build the future of learning at work.

The opportunity

As an Information Security Manager at Multiverse, you will support our Infosec Director and Privacy team to help us secure our modern cloud native platforms. You will help by securing work delivered by dev ops engineers, IT operations (end user computing), suppliers, and support client security requirements.

Specifically, you will:

• Help to build and scale out a secure engineering culture, working with teams to embed secure engineering practices & secure–by–design principles

• Review the security posture of our cloud platforms and identify cloud security risks and issues and work with our platform and product teams to improve our platforms.

• Deliver clear recommendations for building security capabilities to deliver security policy and compliance objectives.

• Lead internal learning sessions, giving our security champions help and support to improve their security knowledge

• Conduct maturity assessments of application security practices

• Improve security culture and awareness program for Engineering / IT Operations / Business Teams

• Support our sales teams / clients with timely completion of Self Assurance Questionnaires (SAQ) accurately at pace.

• Review client contracts for security/privacy requirements, assessing compliance posture and suggesting mitigations if required.

• Manage delivery of security tooling.

• Produce Documentation - documenting standard operating procedures (SOPs), Policy reviews and updates.

• Secure critical business products/services to internal requirements in line with good practise and to meet client expectations.

About you:

• Experience leading security engineering teams Secure By Design / Privacy By Design

• You will have lived experience of running/being part of security operations such as running security operation centres, responding to security incidents/breaches, overseeing patching/vulnerabilities or hardening systems.

• Comfortable working at pace to deliver systems and security designs, patterns and decisions.

• Experience managing team ways of working and ownership of work items.

• ​​From a leadership perspective you will understand the power of diverse thought, kindness, humanity, creating the conditions for success, learning from failure.

• Experience working with senior stakeholders, working between multiple teams, building complex services in code and working in a culture of continuous release.

• Prepared to respond to security incidents to minimise the impact on the business,

• Experience supporting Governance, Risk and Compliance across the business, enforcing compliance with key data and security policies.

• Supplier Assurance – supply chain security, completing client Self Assurance Questionnaires (SAQ).

• Expertise in planning and delivering roadmaps, contributing to our cloud security strategy

• Good understanding of security risk management in a cloud security context, and of cloud security principles

• Knowledge of multiple regulatory requirements e.g UK GDPR, CCPA

• Expertise in security and compliance frameworks and standards, e.g. CE+, NIST SP 800-207

Bonus points if you have or are willing to learn:

• Security Architecture

• Knowledge of Infrastructure as Code

• Knowledge of Azure, Google, AWS, and Kubernetes cloud–native services

• Securing GitOps and Continuous Deployment

• Identity and Access Management, including securing privileged access

• Relevant certifications such as SABSA, CISSP, CCSK, AZ–500, GIAC, CISM, ISO Lead Auditor/ Implementer, CISLA, CISMP, Security +, AWS Certified Security, MSc Information Security

Benefits

• Time off - 27 days holiday, plus 7 additional days off: 1 life event day, 2 volunteer days and 4 company-wide wellbeing days

• Health & Wellness- private medical Insurance with Bupa, a medical cashback scheme, life insurance, gym membership & wellness resources through Gympass and access to Spill - all in one mental health support

• Hybrid & remote work offering - with weekly or monthly visits to the London office and the opportunity to work abroad 45 days a year

• Team fun - weekly socials, company wide events and office snacks!

Our commitment to Diversity, Equity and Inclusion

We’re an equal opportunities employer. And proud of it. Every applicant and employee is afforded the same opportunities regardless of race, colour, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender, gender identity or expression, or veteran status. This will never change.

Safeguarding

All posts in Multiverse involve some degree of responsibility for safeguarding. Successful applicants are required to complete a Disclosure Form from the Disclosure and Barring Service ("DBS") for the position. Failure to declare any convictions (that are not subject to DBS filtering) may disqualify a candidate for appointment or result in summary dismissal if the discrepancy comes to light subsequently.