You`ll be the Lead for information security defining Asto`s IT security architecture and standards, ensuring that all security components are integrated into the overall technology architecture and roadmaps, evaluating the security implications and provide design review and approval for new products and services.
We’re providing small businesses with the support they need to reach their goals. By building a first-in-class app that lets them manage their business and get money into their pockets sooner, we’re helping them succeed.
What you’ll be doing
Specifically, this role will focus on the following responsibilities;
- Act as the Security champion across the organisation, providing a focal point for governance
- Provide security metrics and KPIs to the Leadership Team on a regular basis
- Conduct regular risk assessments
- Define and implement training and awareness programmes for Asto employees
- Ensure that security is input into operational risk, compliance and regulatory functions
- Input into, implement and manage the IT Security strategy, roadmap and programme
- Own and manage the development of the Information Security Management System to define, develop, socialise, agree and publish global IT security policies and standards to protect the business from security threats
- Provide security assessment of 3rd party suppliers from a technical and risk standpoint
- Develop major incident response capability through outsource partners
Competencies and skills
- Advanced experience in IT security, threats and control strategies to cope with them, particularly within a mobile and cloud-based environment
- Experience of Risk Assessments and Risk Management projects utilizing recognized frameworks
- Demonstrable experience of leading the design and development of a security programme or security maturity roadmap against a recognised frame-work (NIST, 27001, CIS20)
- Experience of integrating legal and regulatory requirements into the solution ecosystem, e.g. GDPR
- Ability to determine security requirements by evaluating business strategies, and making credible recommendations that are both technically safe but also commercially minded and that won’t damage the customer experience
- You will be able to articulate highly technical problems to non-technical stakeholders and talk to their customer driven objectives
- ISO27001 Lead Implementer
- TOGAF/ SABSA
- Our competitive salary will reflect your knowledge and experience
- We’ll contribute to your travel into the office
- You’ll be rewarded with a bonus for being your best
- The office is right next to Liverpool Street Station, with a barista, free fruit, and a self-serve bar
- 30 days holiday for you to take (on top of UK Public Holidays)
- Get your birthday off, because who wants to work on their special day?
We believe quality comes from mastery and simplicity, and that we should make things as best as we’re able. Leadership is a behavior, not a job title. We’ve blended scrums and XP, but are happy to innovate.
Work/life is an important balance for everyone, so we typically get our work done during the day. We’re moving to a model where each squad owns the full vertical from Front End to DevOps, supported by an exceptional platform team.