Information Security Manager

eduMe is an innovative frontline training solution used by businesses globally to upskill and empower their workforce by embedding engaging training into their flow of work. Workday-backed and certified, we partner with companies like Deliveroo, Marriott, and Home Depot to improve the onboarding, productivity, retention, and safety of their people.

We have offices in Los Angeles, US, and London, UK, and we are driven by a shared mission to make a difference. Motivated, caring, results-oriented, and passionate about what we do, we’re looking for like minded individuals to join us on the journey!

We're hiring for an Information Security Manager who will join our mission and ensure learners and managers can trust the eduMe platform that delivers them a great learning experience seamlessly integrated to their day to day tools and environment. In this role, you will:

• Oversee our security programme and maintain our annual SOC 2 compliance recertification
• Represent eduMe security and compliance towards our customers and prospects
• Lead our information security efforts: define approaches, help teams and individuals adopt good practices and run security related processes
• Work with key stakeholders to ensure that security is built into the design of projects and initiatives across the business

You will report to the CTO and work closely with product teams and other internal stakeholders such as finance and people teams.

This is a great opportunity to join a well funded startup, shape our security culture, technology and have a big impact on how we pursue new market opportunities.

What you’ll do:

• Lead and evolve eduMe’s information security and privacy programme
• Manage our annual security and compliance activities such as our annual SOC 2 Type 2 recertification and annual penetration testing
• Act as the central point of contact with the business based in the UK and US with regards to security and compliance
• Manage vendor security processes such as completing security questionnaires and including security language in contractual agreements
• Facilitate eduMe’s response to security incidents with the support from the management team and the necessary squads
• Articulate security and compliance requirements in our evaluation of third party products
• Work with teams collaboratively across the business to implement processes and tooling that facilitate a strong security conscious culture
• Work with customer facing teams to communicate eduMe’s security and compliance posture effectively
• Take a pragmatic approach to balance security best practices and the needs of the business
• Collaborate closely with our Product, Engineering, Sales, People, Finance and Customer Success teams to drive solution that align with business goals, user needs and security best practices

What you’ll need:

• 1-2 years experience in a startup and/or SaaS environment
• Knowledge and experience of designing controls and processes against the SOC 2 Type 2 requirements and the NIST Cyber Security Framework or similar
• Hands on experience with information security, especially working with security technologies in cloud based environments
• Ability to conduct threat and risk assessments across varied technology stacks, identifying suitable mitigating controls
• Good understanding of privacy requirements (including UK and EU GDPR and CCPA)
• Experience working with developer and product teams to improve security processes and integrate security tooling
• Experience in managing and completing incoming vendor security reviews and working with legal and procurement teams on contractual agreements.
• Ability to manage or support incidents requiring coordination across teams
• Strong cross functional collaboration skills and problem solving skills
• Excellent spoken and written communication skills in English
• Ability to participate in-person in team and company activities in London at least 2 days per week

We’d be particularly excited if you have:

• Experience using compliance automation tooling such as Drata
• Experience in putting the following domains into practice: privacy engineering principles, identity and access management, infrastructure security
• Experience in interpreting and applying data protection regulation (US and EU)
• Experience in drafting and completing DPIAs and PIAs
• Hands on coding experience implementing security controls in CI/CD workflows
• Experience with implementing security controls within AWS, Azure or GCP
• Experience with Workday
• Understanding of the role of generative AI in today's software businesses

If you are excited about working with us but aren’t sure if you meet our requirements, get in touch or apply anyway.

What we will offer you:

• 33 days of paid leave a year, with the option to carry 5 days over
• Vitality Health cover for physical & mental health support
• Inclusion in the company share option plan - you're a part of the success!
• Flexible working to support you, your life, and those around you
• On top of the above, we offer every employee the chance to spend 30 days working from anywhere around the globe, every year
• Enhanced parental leave for primary and secondary carers
• Sick pay for physical and mental health
• A Personal Learning and Education budget and time dedicated for any learning activities you want to pursue
• Team socials twice a year
• We take the entire company for a multi-day off-site every year!

eduMe is committed to providing reasonable adjustments for qualified individuals with disabilities and disabled veterans in our job application process. If you need assistance or an accommodation due to a disability, please contact us at [email protected]

eduMe is an equal opportunity employer. As a company we are committed to the unlearning of unconscious bias, diversity and inclusion long-term, which will remain a key focus of ours as we scale. We welcome all applicants, regardless of religion, ethnicity, nationality, disability status, sex, sexual orientation, gender identity, family or parental status (and any other status protected by applicable law). We aim to be transparent in our efforts to become a thriving, diverse and inclusive place to work, and you can find the continuous action we're taking to achieve this here.