The following job is no longer available:
Information Security Manager
Information Security Manager
Information Security Manager
Posted 15 days ago
- London, Greater London
- Any
- External
- Expired - 2 months ago
We started Marshmallow when we found out how unfair insurance prices are for people who move to the UK. All because the industry hasn’t given this huge cohort of people a second’s thought, and isn’t set up to price them properly.We saw an opportunity to do things differently, so we made it our mission to back the ones who step outside the norm. Since we started, we’ve helped 100,000s of people get a fairer deal on their car insurance. Using technology, we serve people that are often overlooked by financial services companies, solving important problems for people who need it most.We know there are millions of marginalised customers out there. And we know that they face unique problems that most companies aren’t even aware of. We believe that our future is helping these people by learning about their experiences, and building our company around their needs. And there are strong signs that there’s a need for a company like us. Earlier this year we hit profitability, which is a huge milestone, but the most exciting thing is that we’re only just getting started.How we workWe’re really proud of the culture we’ve created. We push for progress every day, because we know that we’ll only hit big milestones by taking lots of smaller steps. We’re always open to helping our team mates, sharing our ideas, experience and knowledge to solve problems together. We take risks, think creatively and experiment relentlessly to meet our customer’s needs, and never pass blame when things go wrong. We encourage people at all levels to take ownership of their work, and to be bold in challenging how we do things. Everyone has a voice and the opportunity to make an impact.And autonomy and ownership are only possible with clear direction. That’s why we collaborate to do in-depth planning twice a year, and make sure we leave with clear goals and objectives that flow from top to bottom. To make sure we’re as aligned as possible across functions, most of our work rolls up into four tribes; Acquisition, Retention, Claims and Pricing, Underwriting & Fraud. Each tribe has multiple teams embedded in it, working cross-functionally to do great work.We’re so excited for all of the challenges up ahead, and we need more people to help us tackle them! If life at Marshmallow sounds like it could be for you, explore our culture handbook
or read our blog
to find out more.About the Role:As an Information Security Manager, you will play a crucial role in building and maintaining a secure engineering culture. You will work closely with various teams to embed secure engineering practices and secure-by-design principles. This role involves ensuring the security of our cloud
platforms, improving security culture, and leading the development and implementation of security policies and compliance objectives.Key Responsibilities:- Security Culture and Engineering Practices: Develop and scale out a secure engineering culture, embedding secure practices and principles in all engineering and IT operations. Lead internal learning sessions to improve security knowledge among security champions and other staff members.- Cloud Platform Security: Review and enhance the security posture of our cloud platforms. Identify risks and work with platform and product teams to fortify our platforms against security threats.- Policy and Compliance: Deliver clear recommendations for building security capabilities to achieve security policy and compliance objectives. Conduct maturity assessments of application security practices. Manage the delivery of security tooling and documentation, including standard operating procedures and policy reviews.- Security Incident Management: Prepare and respond to security incidents, minimising impact on the business. Oversee security operations, including incident response, patching vulnerabilities, and system hardening.- Risk and Compliance Management: Support Governance, Risk, and Compliance across the business, ensuring compliance with key data and security policies. This includes managing supply chain security and contributing to our cloud security strategy.- Stakeholder Engagement: Work with senior stakeholders, liaising between multiple teams to build complex services and ensure continuous release. Guide and advise on security solutions and operations.- Team Management and Development: Manage team ways of working and own work items. Create conditions for success and learn from failures. Foster a culture of diverse thought, kindness, and humanity.About You:- Security Expertise: Experience leading security engineering teams with a focus on Secure By Design / Privacy By Design principles.- Operational Experience: Lived experience in running or being part of security operations, including security operation centres, incident response, and system hardening.- Strategic Thinker: Comfortable working at pace to deliver systems, security designs, and decisions. Ability to drive adoption of strategic initiatives and implement change.- Compliance Knowledge: Experience in Governance, Risk, and Compliance, with knowledge of regulatory requirements like UK GDPR, CCPA, and familiarity with security and compliance frameworks (e.g., CE+, NIST SP 800-207).- Stakeholder Management: Skilled in engaging with key clients and stakeholders, ensuring buy-in and offering guidance on security improvements.- Communication and Leadership: Excellent communication skills, both verbal and written, with the ability to influence and persuade. Strong decision-making, organisational, and time management skills.- Certifications and Knowledge: Knowledge of ITIL Foundation or ISO20000. Understanding of diverse information security frameworks and standards such as ISO27001/2, PCI DSS, etc.In
this role, you will ensure the security and compliance of our operations, playing a key role in protecting the company and its clients in the dynamic and evolving landscape of the insurance industry.Perks of the jobFlexible working- Spend 3 days a week with your team in our new collaborative London office, and own your own working hours. The rest is up to you*If this arrangement doesn’t work, don’t let it hold you back. We’re always open to making reasonable adjustments if this is a barrier to you in any way. Let us know and we’ll talk about our optionsCompetitive bonus scheme - designed to reward and recognise high performance ????Flexible benefits budget- £50 per month to spend on a Ben Mastercard meaning you get your own benefits budget to spend on thingsyou want. Whether that’s subscriptions, night classes (puppy yoga, anyone?), the big shop or a forest of houseplants. Pretty much anything goes ????Mental wellbeing support – Access therapy and mental health sessions through Oliva ????Learning and development – Personal budgets for books and training courses to help you grow in your role. Plus 2 days a year - on us! - to further your skillset ????Private health care - Enjoy all the benefits Vitality has to offer, including reduced gym memberships and discounts on smartwatches ????Medical cash plan - To help you with the costs of dental, optical and physio (plus more!)Tech scheme - Get the latest tech for less ????Plus all the rest; 33 days holiday (including bank holidays), pension, cycle to work scheme, monthly team socials and company-wide socials every month!Everyone belongs at MarshmallowAt Marshmallow, we want to hire people from all walks of life with the passion and skills needed to help us achieve our company mission. To do that, we're committed to hiring without judgement, prejudice or bias.We encourage everyone to apply for our open roles. Gender identity, race, ethnicity, sexual orientation, age or background does not affect how we process job applications.We're working hard to build an inclusive culture that empowers our people to do their best work, have fun and feel that they belong.Explore more InfoSec / Cybersecurity career opportunitiesFind even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
#J-18808-Ljbffr
or read our blog
to find out more.About the Role:As an Information Security Manager, you will play a crucial role in building and maintaining a secure engineering culture. You will work closely with various teams to embed secure engineering practices and secure-by-design principles. This role involves ensuring the security of our cloud
platforms, improving security culture, and leading the development and implementation of security policies and compliance objectives.Key Responsibilities:- Security Culture and Engineering Practices: Develop and scale out a secure engineering culture, embedding secure practices and principles in all engineering and IT operations. Lead internal learning sessions to improve security knowledge among security champions and other staff members.- Cloud Platform Security: Review and enhance the security posture of our cloud platforms. Identify risks and work with platform and product teams to fortify our platforms against security threats.- Policy and Compliance: Deliver clear recommendations for building security capabilities to achieve security policy and compliance objectives. Conduct maturity assessments of application security practices. Manage the delivery of security tooling and documentation, including standard operating procedures and policy reviews.- Security Incident Management: Prepare and respond to security incidents, minimising impact on the business. Oversee security operations, including incident response, patching vulnerabilities, and system hardening.- Risk and Compliance Management: Support Governance, Risk, and Compliance across the business, ensuring compliance with key data and security policies. This includes managing supply chain security and contributing to our cloud security strategy.- Stakeholder Engagement: Work with senior stakeholders, liaising between multiple teams to build complex services and ensure continuous release. Guide and advise on security solutions and operations.- Team Management and Development: Manage team ways of working and own work items. Create conditions for success and learn from failures. Foster a culture of diverse thought, kindness, and humanity.About You:- Security Expertise: Experience leading security engineering teams with a focus on Secure By Design / Privacy By Design principles.- Operational Experience: Lived experience in running or being part of security operations, including security operation centres, incident response, and system hardening.- Strategic Thinker: Comfortable working at pace to deliver systems, security designs, and decisions. Ability to drive adoption of strategic initiatives and implement change.- Compliance Knowledge: Experience in Governance, Risk, and Compliance, with knowledge of regulatory requirements like UK GDPR, CCPA, and familiarity with security and compliance frameworks (e.g., CE+, NIST SP 800-207).- Stakeholder Management: Skilled in engaging with key clients and stakeholders, ensuring buy-in and offering guidance on security improvements.- Communication and Leadership: Excellent communication skills, both verbal and written, with the ability to influence and persuade. Strong decision-making, organisational, and time management skills.- Certifications and Knowledge: Knowledge of ITIL Foundation or ISO20000. Understanding of diverse information security frameworks and standards such as ISO27001/2, PCI DSS, etc.In
this role, you will ensure the security and compliance of our operations, playing a key role in protecting the company and its clients in the dynamic and evolving landscape of the insurance industry.Perks of the jobFlexible working- Spend 3 days a week with your team in our new collaborative London office, and own your own working hours. The rest is up to you*If this arrangement doesn’t work, don’t let it hold you back. We’re always open to making reasonable adjustments if this is a barrier to you in any way. Let us know and we’ll talk about our optionsCompetitive bonus scheme - designed to reward and recognise high performance ????Flexible benefits budget- £50 per month to spend on a Ben Mastercard meaning you get your own benefits budget to spend on thingsyou want. Whether that’s subscriptions, night classes (puppy yoga, anyone?), the big shop or a forest of houseplants. Pretty much anything goes ????Mental wellbeing support – Access therapy and mental health sessions through Oliva ????Learning and development – Personal budgets for books and training courses to help you grow in your role. Plus 2 days a year - on us! - to further your skillset ????Private health care - Enjoy all the benefits Vitality has to offer, including reduced gym memberships and discounts on smartwatches ????Medical cash plan - To help you with the costs of dental, optical and physio (plus more!)Tech scheme - Get the latest tech for less ????Plus all the rest; 33 days holiday (including bank holidays), pension, cycle to work scheme, monthly team socials and company-wide socials every month!Everyone belongs at MarshmallowAt Marshmallow, we want to hire people from all walks of life with the passion and skills needed to help us achieve our company mission. To do that, we're committed to hiring without judgement, prejudice or bias.We encourage everyone to apply for our open roles. Gender identity, race, ethnicity, sexual orientation, age or background does not affect how we process job applications.We're working hard to build an inclusive culture that empowers our people to do their best work, have fun and feel that they belong.Explore more InfoSec / Cybersecurity career opportunitiesFind even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
#J-18808-Ljbffr
.webp "Apply4U | Sign Up")
.webp "Apply4U | Contact Us")
.webp "Apply4U | Sign up")
