Security Engineer focused on enhancing cloud security at Ramp, ensuring safe management of financial data. Collaborating with cross - functional teams to remediate security issues and deploy secure solutions.
About the role
- Lead Information Security Manager ensuring compliance for NQC's SaaS platform. Oversee audit processes and improve security frameworks for cloud migration efforts.
Responsibilities
- Act as the primary point of contact and project lead for ISO 27001 and TISAX recertification cycles.
- Conduct a comprehensive review of our existing systems, policies, and controls against necessary audit standards.
- Identify, analyse, and formulate treatment plans for information security risks.
- Identify vulnerabilities within the new cloud architecture and ensure the platform maintains security standards.
- Lead the external penetration testing requirements for our platforms.
- Draft, refine, and implement essential documentation, including the Statement of Applicability (SoA) and internal security policies.
- Work with our Development and Infrastructure teams to embed security controls into our SaaS workflow (e.g., access management, incident response, and change management).
- Perform a "pre-audit" to ensure all departments are compliant before the external body arrives.
- Brief senior staff on security best practices and their specific responsibilities under the ISMS.
- Any other ad-hoc duties as assigned.
Requirements
- Proven experience leading organisations to successful audit certification or recertification.
- Proven experience implementing ISO 27001 within cloud-native (AWS/Azure/GCP) environments.
- Proven experience leading organisations through pentesting workflows within cloud-native environments,
- Exceptional documentation skills with the ability to simplify complex compliance requirements for non-technical stakeholders.
- *Desirable*: ISO 27001 Lead Implementer or Lead Auditor; CISSP or CISM.
- **Key Competencies**
- Is consistently motivated, committed and able to perform duties in all situations.
- Communicates and receives ideas, views and information to achieve understanding.
- Champions NQC’s values and consistently acts in a principled, open and conscientious manner, challenging unacceptable behaviour.
- Plans and prioritises activities and resources to maximise performance and minimise errors.
- Thinks creatively and embraces opportunities for change.
- Works collaboratively with cross-functional teams and acts as a team player while supporting colleagues.
Benefits
- Hybrid working policy of 60% office-based
- Salary sacrifice scheme
- 25 days holiday (Increasing with service) + bank holidays
- Enhanced Maternity and Paternity Leave
- Health Cash Plan
- Learning & Development through Udemy platform
- 24/7 Access to a Virtual GP
- Life Assurance (4 x Salary after 6 months)
- YuLife: Employee discounts and wellbeing platform
- Regular company socials & events
Job title
Job type
Experience level
Salary
Not specified
Degree requirement
No Education Requirement
Tech skills
Location requirements
Senior Information Security Analyst at Banco ABC Brasil securing digital assets and ensuring compliance with industry standards. Collaborating with teams to enhance cybersecurity measures and manage incidents.
Sales Enablement Manager at Upwind Security crafting compelling narratives for technical audiences. Collaborating across teams to enhance market readiness and impact through influential content.
Talent Acquisition Partner owning recruitment cycles and enhancing Upwind's culture through AI - driven strategies in a fast - growing startup. Proactively sourcing global Go - To - Market roles while partnering closely with hiring managers.
Principal Associate in Capital One’s Cyber Division managing Information Security for Financial Services. Supporting stakeholders with analysis, reporting, and execution of cyber initiatives within the FS ISO Command Center.
Senior Information Governance Security Consultant at Civica improving information governance and cyber security for public and private sector clients. Leading security engagements and consultancy for resilience, compliance, and risk management.
IT Security Expert developing and maintaining a scalable hybrid multicloud network architecture across multiple European locations. Managing security and connectivity solutions in Azure and AWS environments.
Cybersecurity Learning Specialist at Avaron developing digital learning solutions to promote secure behaviors across a global cybersecurity organization. Focusing on pedagogical methods for effective learning experiences.
Manager of IS Architecture & Compliance supporting security and compliance initiatives at Connecticut Children's health system. Partnering with teams to implement controls and assess risks across IT and business functions.
Associate Manager in Accenture's Global Protection & Security Team for Central Europe. Advising on physical safety, crisis management, and threat analyses in a dynamic, international environment.