Oglasi za posao Senior Information Security Manager (part-time and full-time options)
Oglas je preuzet sa sajta poslodavca i sajt HelloWorld ne garantuje njegovu ažurnost.

Senior Information Security Manager (part-time and full-time options)

Digital Science

Rad od kuće

14.03.2024.

senior
Part time work is possible for this role. You must be available at least half time and at least two days per week during our core hours, which are 2pm-5pm UK time.
 

About Us


Overleaf is a scaleup and social enterprise that builds modern collaborative authoring tools for scientists — like Google Docs for Science. We make an online, real-time collaborative editor for papers, theses and other documents written in the LaTeX markup language.

We have over 14 million registered users from around the world, over 500,000 people use our platform each day, and we host over 100 million user-created projects. Our company is growing and we are looking for a Senior Information Security Manager to drive and take ownership of our security programme.

We’ve been recognised as one of the UK's top 100 fastest growing businesses and included in the FEBE Growth 100 list. We were Best SaaS for Nonprofits or Education in the 2020 SaaS Awards Program, and a finalist in the Digital Leaders Impact Awards 2022.

Here are some links if you’d like to see what we have been up to recently:
We are a remote company; all staff work remotely. We meet up 2–3 times each year for valuable face-to-face time. Our core hours are 2pm–5pm UK time, during which the entire team is expected to be available for meetings. Around that, flexible working is allowed and encouraged.
 
Overleaf is part of Digital Science. Digital Science are advancing the research ecosystem. We are a pioneering technology company, and our vision is of a future where a trusted and collaborative research ecosystem drives progress for all. We believe in better, open, collaborative and inclusive research. In creating the next generation of tools and working in partnership with the community we tackle some of the biggest challenges to research. In order to achieve our vision, we need innovative, inspiring and dynamic people to join our team. Want to join us?

What you’ll be doing

Overleaf’s customers trust us with important intellectual property and have high expectations of our security and compliance. We, as part of the Digital Science group, recently achieved ISO/IEC 27001:2013 certification. We are now working toward FedRAMP, and SOC 2 is likely up next.

We’re looking to add an experienced Senior Information Security Manager to our team to lead this next phase of our security and compliance programme, with support from our CTO and the Digital Science Group Information Security team. Your work will be both hands on, operating our information security management programme, and strategic, as you continue to improve our information security policies and programmes and the overall security posture of the company.

In more detail:
  • Prepare for and represent Overleaf in IT and security audits, including:
    • Surveillance audits, e.g. for ISO 27001
    • Internal group audits
    • Additional accreditation audits, e.g. for SOC2
  • Lead our continuous improvement programme, including:
    • Manage our information security risk register, with input from across the business via our Security Working Group
    • Maintain and improve information security documentation, such as policies, processes and technical diagrams
  • Lead the day to day operation of our information security and privacy management programme, including:
    • Approve the security and privacy reviews that our teams conduct at the start of each project
    • Report periodically on information security management KPIs
    • Conduct new and recurring vendor security assessments
    • Review security scan and penetration test results and SIEM alerts, in coordination with engineering
  • Lead information security training, including:
    • Prepare and deliver Overleaf-specific information security training material
    • Monitor compliance with our training and group-wide training
  • Lead incident response planning, including:
    • Own our incident response and disaster recovery plan, in coordination with engineering and other business areas
    • Organize periodic incident response and disaster recovery drills
  • Coordinate our response to a security incident, should one occur, in conjunction with senior leadership, legal counsel, and other areas of the business as required
  • Lead our response to customer security and compliance questionnaires, including:
    • Maintain and improve our standard ‘security pack’ of standardized security questionnaires and supporting documentation
    • Review and assist our business operations team with completion of questionnaires where not addressed by the standard pack
    • Review and help with maintenance of our answer bank and FAQ documents
  • Lead our response to customer data protection questions, in coordination with legal counsel, and on improvements to procedures for handling these
  • Be our subject matter expert for information security; help us stay current with best practices and trends
  • Liaise closely with Digital Science group IT and Information Security teams
  • Manage a budget for information security tools and resources

What you’ll bring to the role

To do this job well, you will:
  • Have been part of accreditation and / or surveillance audits against at least one major information security standard, such as ISO 27001, FedRAMP or SOC 2.
  • Be familiar with the GDPR and have experience defining and implementing GDPR-compliant processes.
  • Have worked on information security in a modern, cloud-based setting. We use technologies such as Infrastructure as Code, Zero Trust, and Serverless Computing, which have their own information security characteristics.
  • Be comfortable with working in a fully remote team.
We expect you to have:
  • Degree level education, preferably in Engineering, IT or Compliance, or an Information Security-related certification, e.g. CISSP / CISM / CISMP.
  • Strong written and verbal communication in English.
Not sure you meet all qualifications? Let us decide! Research shows that women and members of other under-represented groups tend to not apply to jobs when they think they may not meet every qualification, when in fact, they often do! We are committed to creating a diverse and inclusive environment and strongly encourage you to apply.

Benefits

  • Remote and flexible working.
  • You would join a small, dedicated and growing team.
  • We're substantially (around 80%) open source, so your work will often be on open source.
  • We're backed by Bethnal Green Ventures (bethnalgreenventures.com) and Digital Science (www.digital-science.com), through which we're part of a wider community of startups in science, health and ed-tech.
  • We'll provide a new Mac, Windows or Linux laptop, along with a stipend for other equipment.
  • We provide a training budget; many of our staff choose to attend relevant industry conferences or buy training materials.
  • We run two biweekly internal seminar series (‘Show and Tell’ and ‘Wisdom Wednesdays’) with short talks from staff about their work or personal projects, new technologies and techniques.
Living our Values:
 
We invest in, nurture and support innovative businesses and technologies that make all parts of the research process more open, efficient and effective. 
 
The talent we secure is fundamental to us achieving our vision and our growth plans. The values we live by are:
 
  • We are brave in the pursuit of better
  • We are collaborative and inclusive
  • We are always open-minded
  • We are from and for the community
We're an equal opportunity employer. All applicants will be considered for employment without attention to race, colour, religion, sex, sexual orientation, gender identity, national origin, veteran or disability status.

About Digital Science

Digital Science is a technology company working to make research more efficient. 

We invest in, nurture and support innovative businesses and technologies that make all parts of the research process more open and effective. 

Our portfolio includes admired brands including Altmetric, Anywhere Access, Dimensions, Figshare, ReadCube, Symplectic, IFI Claims, GRID, Ripeta, Writefull, Gigantum and Overleaf. 

We believe that together, we can help researchers make a difference.

Preporuke se učitavaju...