* Key stakeholders: Tech team, Support, Operations, Product, IT Operations
Manager, Legal Counsel, Executive team
* Organisational Framework Level: 4 – Senior Technical
About you
As Information Security Manager you will be fully responsible for all our information security policies, processes, and programmes to provide assurance of ongoing statutory and regulatory compliance, to monitor and maintain our ISO 27001 Information Security Management System, work on future security standard implementation plans and help support our clients Information Security and Information Governance requirements.
Job purpose
* Ensure secure and efficient scaling of our information security practices, to meet
our ambitious growth plans
* Deliver world-class software, services, and customer success using information
security best practices
* Creating a security-first culture through your influence, mentoring & coaching
Key responsibilities
* Ensure an ongoing culture of information security throughout Clue, including all
new joiners
* Keeping up to date with developments in IT security standards and threats
* Arranging penetration tests and ensuring remediation of any findings in line with
our SLA’s
* Documenting any security breaches and assessing their damage
* Ensure we have passed all ISO27001 internal and external audits ensuring that the
ISMS is established, implemented, maintained, and continually improved in
accordance with the requirements of the standard
* Identify. manage & drive the Risk Assessment process, working with stakeholders
to reduce risk to a minimum acceptable level
* Operational management of Clue’s ISMS in line with ISO (27001) standards, GDPR,
Business Continuity, Disaster Recovery and Audit functions
* Carrying out Internal Audits to ensure that Security controls are effective
* Conduct a continuous assessment of current Security Practices and Systems,
identifying areas for improvement
* Perform Security Risk Assessments and identify ways to minimise threats
* Creation of new information security strategies, project execution and
implementation of initiatives
* Incorporate information security requirements into the daily business operations
and ensure subsequent processes are supported and audited
* Ensuring that the correct level of antivirus & malware software is present on all
relevant hardware
* Translate security risks into actionable requirements and maintain the InfoSec risk
register
* Creating reports on Information Security areas including status reports and
Incident reports
* Developing and rolling out a continual programme of information security
education across all Clue employees and contractors
* Responsible for identification and analysis of information security related
nonconformities. Working with the relevant departments to improve practices
where necessary
* Monitoring and reporting of ISMS performance to senior leadership team
* Producing a suite of technical documentation that sets out Clue’s approach and
systems to ensure information security, for sending to customers and partners
* Helping the sales team respond to due diligence questionnaires and technical
queries from customers and prospects, providing content to a central knowledge
hub
* Conducting Clue DPIAs and contributing towards customer DPIAs and
collaborating closely with the DPO on all aspects of data protection compliance
Key role measures
* You will be responsible for reporting to the exec team on all information security
aspects, such as risk management, pen test results, scorecards etc
* You will be responsible for the security optimisation and ongoing information
security health of operating our cloud platform at scale
* You will be responsible for ensuring all information security risks are mitigated or
accepted by the relevant exec owner
* You will be responsible for ensuring we maintain compliance to current & future
standards in line with business aspirations (ISO 27001, NIST etc)
Experience and skills
Our ideal candidate would have experience in the following areas:
* Previous experience in working with/establishing an ISMS and the identification,
mitigation and management of risk and security, ideally within a SaaS organisation.
* Excellent understanding of Data Protection and GDPR.
* Management of InfoSec risk register, assessment, and mitigation of treatment plans.
* Ability to work independently and manage a variety of projects simultaneously
* Proven ability to establish and implement information security policies and
procedures
* Ability to display strong verbal and written communication skills, especially
involving technical documentation and report writing
* Demonstrate up-to-date knowledge and understanding of the information security
threat landscape and associated countermeasures
* Hold a current information security certification such as ISACA Certified
Information Security Manager (CISM)
* Knowledge of cloud provider design principles & security models, like Azure Well-
Architected frameworks, Zero Trust etc
Diversity, Equity and Inclusion
If you’re excited about this role but your experience doesn’t align perfectly, we encourage you to apply anyway and tell us more about yourself. You may be just the right candidate for this or other roles.
We believe that seeing the world from all sorts of angles makes life better for all. We want you to know that the things that make you an individual, like your identity, age, ethnicity, religion, ability and background, are things that we choose to celebrate and support.
We are a scale-up company, and as we continue to grow, we are passionate that having a diverse, inclusive and authentic workplace will remain at our core. We are creating an inclusive environment where our people can thrive.
Our values are aligned and at the heart of everything we do. We are respectful, united, rigorous, relentless and ethical.
Clue provides software for a safer society.
Investigations professionals use Clue to conduct enhanced end-to-end operations enabled by proactive threat detection and prevention, operational pace and confidence in decision-making.
Clue is trusted by a diverse and global investigations community dedicated to preventing harm and bringing justice to victims in society, spanning government, corporate, law enforcement, not-for-profit and sports organisations.
#J-18808-Ljbffr