• London/Berlin/Remote UK or Germany

Information Security Officer

Employment type:  Full time


A little flex time

Apply now

Job Description

The Information Security Manager will be the subject matter expert in all aspects of information security and cyber security in UK and Germany. They will be the lead role in ensuring compliance with Information Security standards ISO 27001 and PCI DSS and managing the continued development, implementation, monitoring and control of information and data governance.
The role requires a hands-on manager who has direct experience in understanding ISO 27001, PCI DSS and personally identifiable information (PII) in a cloud environment. Experience is also required in working with business and technology teams on how to manage and secure information assets. The role includes the implementation of the Digital Operational Resilience Act (DORA). Ideally, the candidate will also take on the position of data protection officer (DPO).

What you'll do on a day2day basis

  • Manage the design, delivery and development of the Information Security Management System and Cyber Security Programme to ensure it comprehensively meets current business needs and evolves to provide clear added value
  • Develop and continually evolve Token’s Information Security strategy and Cyber security strategy and ensure that there is quantifiable progress in applying
  • Own, review and contribute to information security policies and associated procedures and standards
  • Develop the operational processes and controls, and assess their effectiveness in mitigating Information Security and Cyber Security risks faced by Token
  • Monitor and enforce the information security policies and technologies for all Token business processes, systems and infrastructure
  • Support the business with the creation and maintenance of data protection registers to monitor and track data sharing arrangements, data retention policies, breach notification, ICO registrations and effective asset management and disposal.
  • Lead the development of the security risk management and control systems
  • Facilitate the remediation of identified vulnerabilities for IT security and IT risk
  • Support data discovery exercises to ensure all personally identified information is identified and monitored.
  • Conduct regular and ongoing monitoring of and reporting on Token’s compliance with external information security standards, regulations and policies, for example ISO 27001, PCI DSS, Cyber Essentials Plus and DORA.
  • Liaise with the technical teams to ensure data requirements are captured during Agile development process
  • Liaise with SRE’s to ensure that sensitive data is stored and monitored appropriately
  • Liaise with 3rd parties that may store sensitive data on behalf of Token, ensuring that the data is stored and monitored appropriately
  • Act as the project manager/lead on IT security for projects providing subject matter expertise and technical knowledge in the areas of information security and data protection to the Token
  • Support Privacy Impact Assessments on new products/services and complete Data Protection Audits on business functions and key risk areas
  • Promote user education awareness of applicable regulatory standards, upstream risks and industry best practices
  • Communicate and engage with multiple stakeholders (all the way to senior level) on information security compliance and cyber security controls; and
  • Proactively monitor changes to relevant legislation/standards, communicating and managing changes as they apply to the business

Key Performance Indicators

  • Achieving ISO 27001:2017 certification and Cyber Essentials Plus
  • Achievement of deliverables on IT Security
  • Continual Improvement plans as agreed by the Security Committee
  • Ensuring Token’s annual information security and cyber security monthly activity is delivered by all responsible parties
  • Appropriate security governance procedures are implemented and adhered to
  • Appropriate security technologies as defined in agreed strategies are implemented successfully
  • Mitigate known security risks

What knowledge, skills and experience you need to be successful in this role

  • The role will suit an individual who has a passion to develop their own skills and knowledge in Information Security and Cyber Security compliance
  • a proactive person who is a ‘hands on’ starter/finisher, that is driven, enjoys responsibility and achieving results
  • highly organised person in their ability to manage and prioritise workload, adept at operating effectively within a fast-paced organisation while delivering through influencing and relationships
  • Experience managing Security in a cloud native environment e.g. AWS, Azure is an essential attribute for any candidate
  • Bachelor's degree or Masters in Information Security or Cyber Security or related field experience
  • CISSP and/or CISSM or in the process of achieving these certifications
  • Good technical knowledge of security in hosted Cloud environments e.g. Google, AWSTechnical knowledge of information security compliance (ISO 27001:2017, PCI DSS, Cyber Essentials), data security and IT security arrangements
  • Knowledge of Privacy and Data Protection legislation
  • Practical application of information security and/or data protection compliance within SME organisations and FinTechs
  • Strong technical skills relevant to Information Security such as data encryption, secure data transmission, secure data consumption and risk analysis
  • Analytical and detail-oriented
  • Strong understanding of security technologies and best practices
  • Senior stakeholder management

Open to allToken is building an open future for everyone. We don’t just accept different points of view, lived experiences and new ways of thinking — we search them out. They help us make better products, better decisions, and a better place for everyone to work. So, come as you are. We acknowledge and embrace different backgrounds, identities and abilities. Respect is our default, and empathy is our baseline. No one succeeds until we all do.

Company benefits

Flexible working week
Open to compressed hours
Open to part-time employees
Open to job sharing
Equity packages
Pension match/increase
Health insurance
Dental coverage
Life insurance
Accrued annual leave – 30 days per year plus local public holidays
Optional unpaid leave
Enhanced sick pay
Compassionate leave
Teambuilding days
Lunch and learns
Cycle to work scheme
In office yoga classes
Work from home allowance
Co-working space allowance – If its tricky to work at home (building work, etc) we can support
Employees are very happy with their working location freedom
Employees are very happy with the flexibility in the hours they work
Employees are moderately happy with the benefits their company offers
Work-life balance
Employees feel that they can switch off quite easily from work
Role modelling
Employees feel that flexible working is part of the culture
Employees feel they have complete autonomy over getting their work done

Additional employee ratings
(these do not contribute to the FlexScore®)

Employees feel that the diversity is good and there are continued efforts to improve it
Employees feel that the culture supports equity and inclusivity well
Employees feel like it is a really great environment to work in
Employees feel very excited about and aligned with the company mission
Employees feel that their salary is good and matches the value they bring

Working at

Company employees


Gender diversity (male:female)


Office locations

London, Berlin, San Francisco

Funding levels

Series C - $80M to date

Hiring Countries


United Kingdom

Awards & Achievements

Most flexible companies

Most flexible companies

Flexa100 2024

Other jobs you might like