Information and Security Compliance Officer
Companies and people all over the world have changed how they think about offices. At Desana, we’re building a brand new workplace experience where people can choose to work in amazing spaces near where they’d like to be, or to suit what they need to do.
Over the last year our customer pipeline has grown over 2400%, and includes global enterprises that place a huge amount of importance on information and security. While we’ve started putting policies and procedures in place, we’re looking for someone to take the reins.
About the Role
This is a vital role which enables Desana to provide a service to some of the world’s largest companies and their staff. You’ll be liaising with people at all levels of customers’ organisations while getting an opportunity to internally shape our scaling company too. You’ll be helping to improve our existing operations processes, create policies and manage security considerations. It's a chance to have an impact in a small but growing team while, at the same time, working with big brand enterprise customers.
Right now we’re going through procurement with some global companies and information and security are top priority - your main focus when you first join. However, the role blends information and security compliance with involvement across all company operations which will give you loads of exposure to different parts of our business.
Information and Security Compliance
- Develop and implement our information and security strategies.
- Complete our Cyber Essentials & IASME governance accreditations, creating and maintaining internal policies and ensuring they're adhered to.
- Taking a prominent role in the company achieving ISO27001, ISO27017 and ISO22301 accreditations.
- Lead annual auditing and maintain accreditations as well as compliance with regulations such as UK Data Protection and EU GDPR regulations.
- Manage penetration testing and our vulnerability management schedule.
- Interface directly with our customers’ information security teams, providing timely, accurate, and credible information security input to customer proposals and tender responses.
- Be on top of new IT trends related to Information and Security and inform our team about new security risks.
- Plan and coordinate internal and third-party led security tests, assessments, and audits of our information security policies, procedures, and systems.
- Provide regular updates covering information security key performance indicators as well as any incidents / events and key security risks.
- Train Desana staff on the importance of Information and Security and ensure that everyone in the team remains compliant.
- Assist with tech and IT related challenges.
- Assist with the management of daily operational activities.
- Help to build internal systems and processes.
- Arrange and assist with the onboarding of new employees, particularly from a tech perspective.
- Prepare and maintain operations documents and reports.
- Conduct research, investigate workflows, business procedures, and recommend changes.
- Work to ensure that we're following compliance standards and regulations across all aspects of our operations.
- Good knowledge of Cyber / Information Security frameworks, supporting processes and toolsets.
- Experience designing and leading the execution of Information and Security across businesses.
- Ability to breakdown and solve complex problems across multiple domains and successfully lead the recovery of major and / or complex security incidents.
- Ability to build trusting relationships with customers including understanding their business needs and security challenges plus find opportunities for customers to gain additional value from Desana.
- Strong on Excel / Google Sheets and comfortable building systems and processes.
- Excellent written and verbal communication with the ability to liaise with people at all levels.
- Strong organisational skills and attention to detail.
- You love to learn and continually develop.
- You like to have fun and you are a team player.
- Eligible to work in the UK.
- Based in a timezone between UTC+0 and UTC+3.
- A relevant information security professional accreditation.
- Previous experience of managing or supporting the implementation of ISO27001, ISO27017 and ISO22301 is a plus.
- So is any experience designing / developing software or secure development practices.
Your career and progression are massively important to us.
That’s why we’re building complete career progression transparency—mapping salaries and company share options to every stage of your development—so that you know exactly how you can progress, and how much you’ll be paid when you achieve your goals. We also happen to be a leading company in one of the biggest market changes in history...
Salary and Progression
Pay and Share Options have always been a bit of a dark art 🔮
We strongly believe the dark needs some light. That’s why we’re building tools to facilitate complete salary transparency and progression paths so that you’ll always know how you can grow and what it will mean when you do. You can find that here: http://bit.ly/SalaryandShareOptionCalculator.
It doesn't matter who you are and what your background is - so long as you have the right skills and are a great team player, we believe that you should be paid fairly and the same as everyone else at your level.
Based on our framework (which computes above average salaries for your role across a number of sources and applies factors to account for things like your experience, seniority and location), your salary for this role will be between £33,390 to £47,000 depending on your experience and location.
Here’s what we have for you so far (but we want to add to our benefits all the time as we grow)
- Your salary
- Plus regular salary reviews measured against transparent, clearly defined milestones and market benchmarks.
- With company performance related bonuses - when we do well, you do well.
- Not to mention Share Options in our company that grow as you do.
🤸🏽♂️ Flexible working hours
- We’re a company built around the idea of flexible working. We don’t just sell the dream, we live it.
- As long as you’re hitting your targets & covering your contracted hours we’re easy about when you work - it’s what works best for you.
🌏 Work Remotely
- You’ll get free access to the Desana app to work from wherever’s most convenient or best for you. Anywhere.
- Or, if the Amazon-lady is dropping off a parcel, or if it’s just better for you, choose to work from home.
- You’ll officially get 28 days in your contract.
- Unofficially, we’re pretty relaxed. If you’re doing a great job and not taking the mickey, who’s counting?
- Also, take your birthday off, no questions.
- Meaningful work with people who care.
- We work with you to set and achieve your professional and personal goals.
- Friday afternoons are dedicated to personal development - read, meet with mentors, listen to Podcasts, jump on YouTube - but there’s one catch: it has to be relevant to your role & we want to hear what you’ve been learning so we can all benefit and grow too.
- Personal budgets for books, training courses and conferences for everyone.
- We offer a 4% employer contribution (we pay you 100% of your salary, then 4% extra into your pension).
- We use SMART Pensions because they invest in passive Index Funds that are relatively low cost - meaning they should (note the emphasis on should) provide better returns than actively managed funds in the long-term.
- We’ll automatically enrol you but you can choose to opt-out if you’d like.
Like most companies at the moment, our team is entirely remote, and so is our interview process. You’ll need access to a device for video calls and a good internet connection.
- Initial application (short questionnaire that’ll tell us a bit about you)
- Initial video call(30 mins)
- A written "take home" task
- Role specific interview (1 hour)