INFORMATION SECURITY MANAGER

Remote (UK & EMEA region)

Job description

Information Security Manager

We are looking for a hands-on Information Security Professional with extensive practical experience in information security best practices and application in an enterprise cloud SaaS environment. The ideal candidate will have a strong background in AWS, experience with ISO 27001, SOC 2, and the ability to communicate the importance of information security across all business levels.

Who are we and what we do

Autologyx is a leading enterprise in cloud software-as-a-service (SaaS), leveraging cutting-edge technology to deliver exceptional solutions hosted on Amazon AWS. We are committed to maintaining the highest standards of information security to protect our clients and uphold our reputation in the industry. We are seeking a dedicated and experienced Information Security Professional to join our team and lead our information security initiatives.

Autologyx is a data driven workflow and process automation platform that enables businesses to orchestrate, automate, integrate and scale, complex non-linear processes.

We allow customers to build and design solutions to automate complex processes. This is achieved by providing the tools to create relational data models, a canvas for designing your workflows and processes, managing task allocation and events which automate actions via an intuitive interface, and integrating 3rd party technology or data sources at any point. All process data at any point in time is captured and made available for analytics on a BI solution of your choice.

The Autologyx platform works in real time, managing non-linear, simultaneous processes that reflect the complexity of real-world interactions. Processing over 1 billion process transactions last year, all of this is delivered via enterprise-grade infrastructure with state-of-the-art data security and ability to handle large scale complex processes.

Key Responsibilities

• Lead the implementation and management of the company’s Information Security Management System (ISMS) in line with ISO 27001 standards.
• Migrate the company from ISO 27001:2013 to ISO 27001:2017 standards early in the role.
• Develop, write, and maintain security policies, procedures, and controls to protect company data and systems.
• Drive and develop information security processes, ensuring they align with industry best practices and secure-by-design principles.

• Ensure robust security measures are in place for AWS-hosted applications and services, including S3, EC2, Route53, EBS, RDS, and EKS, as well as Microsoft Azure and Office 365.
• Conduct regular security assessments, vulnerability management, and penetration testing to identify and mitigate risks.

• Collaborate closely with Engineering and Product teams to integrate security into the development lifecycle using techniques such as STRIDE threat modeling and security testing (SCA and SAST) in CI/CD pipelines.
• Promote secure-by-design principles and best practices within the company culture.

• Facilitate risk workshops and document information security risks and treatments using tools like Eramba GRC.
• Monitor the threat landscape and perform regular risk assessments to ensure appropriate controls are in place.

• Manage information security incidents and conduct in-depth technical investigations, including log analysis using AWS GuardDuty, AWS CloudWatch, and manual log searches.
• Coordinate with external vendors for annual penetration tests and ensure timely resolution of identified issues.

• Communicate information security concepts and practices to all levels of the business, including C-Level executives.
• Conduct security awareness training for employees and promote a culture of security within the organization.

• Perform day-to-day auditing of security practices to ensure compliance with internal and external standards.
• Serve as the company’s Data Protection Officer, ensuring compliance with relevant data protection regulations.

• Manage and maintain compliance with SOC 2 standards.
• Experience with HIPAA and similar standards is a bonus but not required.

• Respond to customer information security requests, providing accurate and comprehensive information about the company’s security posture and practices.

• Evaluate and assess the security posture of third-party suppliers and integrations to manage associated risks.

Skills and Experience Required

Technical Skills:

• AWS services (S3, EC2, Route53, EBS, RDS, EKS)
• Kubernetes
• Microsoft Azure
• Office 365

• AWS GuardDuty
• AWS CloudWatch
• Prometheus
• Grafana
• HashiCorp Vault

Qualifications

• Minimum of 5 years of experience in Information/Cyber Security, with a focus on AWS services and enterprise cloud environments.
• Proven track record of migrating from ISO 27001:2013 to ISO 27001:2017 standards.
• Hands-on practical experience with SOC 2 standards.
• Experience with HIPAA or similar standards is a bonus but not required.

• Systems Security Certified Practitioner (SSCP) - (ISC)²
• Certified DevSecOps Professional (CDP) - Practical DevSecOps
• Certified ScrumMaster (CSM) - Scrum Alliance

• BSc Hons Degree in Computer Science or related field.