Senior Information Security Manager

We are seeking a proactive and experienced Information Security Manager to join our dynamic team. In this critical role, you will oversee Gousto's Information Security initiatives, ensuring the maintenance of ISO27001 and PCI:DSS certifications. Additionally, you will lead Business Continuity Management, Disaster Recovery, and the development and implementation of our cyber security strategy.

The role requires working closely with senior stakeholders, vendors, and other Tribes to deliver on our Tech2026 strategy, represent the team's interests, and contribute to quarterly OKR strategic planning.

Gousto is scaling at an incredible pace. This presents a unique opportunity to grow your skill set while solving interesting and challenging problems. Joining the IT & Security team you can have a massive impact on our colleagues and our customers. In the role your responsibilities will include:

Security Compliance and Certifications:

• Maintain current ISO27001 and PCI:DSS certifications
• Prepare for future SOC2 compliance
• Ensure compliance with all relevant security legislation and regulations
• Conduct regular security audits and coordinate external audits

Business Continuity and Disaster Recovery:

• Develop, implement, and maintain policies and procedures for business continuity and disaster recovery
• Conduct business impact analysis and risk assessments
• Coordinate and lead disaster recovery exercises, ensuring minimal disruption to operations

Cyber Security Strategy:

• Lead the development and implementation of a comprehensive cyber security strategy
• Stay informed of the latest security challenges and threats and adapt strategies accordingly
• Collaborate with IT, Software Engineering and other departments to enhance security protocols

Team Management:

• Manage and mentor one direct report and matrix manage cyber engineering resources, fostering a culture of security awareness and compliance
• Evaluate team performance and provide guidance and support to achieve security objectives

Stakeholder Engagement:

• Communicate effectively with various stakeholders including senior management and external partners
• Provide regular updates on the status of information security and propose necessary improvements or changes

Requirements

Technical Skills:

• Experience delivering ISO 27001, PCI:DSS, SOC2 compliance.
• ISO 22301 Business Continuity
• Experience in managing security compliance and control implementation across IT, OT and Software Development environments.
• Knowledge of security frameworks and standards such as NIST, CIS, COBIT 5, ITIL
• Experience working alongside development teams, in an agile software development (SDLC) environment

Leadership and Soft Skills:

• Proven leadership skills with the ability to mentor and develop a technical team
• Strong delivery abilities, with experience in Agile
• Excellent communication skills, capable of engaging with both technical and non-technical stakeholders
• Strategic thinker with a focus on continuous improvement and innovation