Information Security Manager (GRC)



London, UK
Posted on Thursday, September 14, 2023

Thriva is the UK's leading diagnostics business and we’re on a mission to help millions of people worldwide become actively invested in their long term health, through using health insights to help them thrive.

Our consumer business is for everyone who wants to improve and understand what is happening inside their bodies. From taking a home test to getting actional results and GP advice all through a website and app.

Our B2B business, Thriva Solutions offers health services and provides a full end to end diagnostic service (DAAS). We offer speed, reduced risk and scaling of diagnostic capabilities for partners who work with us. We’re building a new category in the market and would love for you to come on this journey with us.

What the role is all about

Information Security never ceases managing risks and improving our security controls. You will be responsible for developing and implementing policies, procedures, and strategies to protect our organisation's confidential data and systems from unauthorised access, use, disclosure, and destruction. You will ensure we are compliant with all policies and maintain strong audit trails. You will push information security improvement and maturity across the organisation to better serve our teams and our customers.

As the Information Security Manager Specifically, you will be responsible for:

Maintaining ISO 27001 certificationConducting internal audits and leading on external auditsEnsuring that risks are managed using the correct controlsEngaging with internal/external stakeholders on security incidents, queries etcManage business continuity and disaster recovery policies/procedures/schedulesLeading Access Management improvements and initiatives in the organisation on internal and external IdP systems and employee security initiativesOverseeing access management recertification programmesManaging cross-functional projects across multiple teams and stakeholders to drive Identity and Access Management (IAM) business objectives and requirementsProvide operational data protection compliance support in areas of cross-over with information security and ISO27001Line management of one team member with workplace IT responsibilities

About you

You are entrepreneurial, agile and comfortable working in a start-up environment and energised by working in a fast-paced environment characterised by constant change.

You will have:

  • Experience in the IT or InfoSec field with 2+ years of experience as an operations manager or service lead within the IT field
  • Strong experience with leading and operating employee support and change management programmes
  • Experience being a people manager and knowing how to manage the needs of the team while meeting business objectives in an agile environment
  • Hands-on experience with owning common employee productivity SaaS tooling such as Google Workspaces, Okta, Jira, and similar technologies
  • The ability to see the big picture, define plans that align to business goals and set measurable metrics
  • Ability to manage multiple/varied tasks and prioritise workload with attention to detail.
  • Comfortable operating autonomously once goals and objectives are set.
  • Strong interpersonal and organisational skills, with the ability to successfully work both independently and effectively within a team.
  • Strong leadership capability, executing as appropriate in the areas of responsibility.
  • Excellent oral and written communication skills, including the ability to explain technology solutions to non-technology internal client base.
  • Proven ability to engage constructively with colleagues at all levels across different departments to deliver objectives.
  • Ability to quickly establish credibility and build rapport and trust.
  • Experience of security auditing and monitoring

Nice to have

  • Hands on experience or good knowledge of other ISO Management Systems eg. ISO 13485, ISO 14001
  • Strong experience with leading people, teams and projects, and engaging with various stakeholders cross functionally
  • Knowledge of IT architecture and underpinning technologies
  • Certification holder (CIPP-E, CISM, Security+, CISSP, etc)

How we work: We work in a hybrid way and offer flexible working options. Our office in Old street is open for anyone who wants to go in – whether you find the office is the best place to work and want to come in frequently; or you enjoy a change of scenery and are meeting your team weekly or monthly.

We want to help you do your best, be yourself, and ultimately never have that "Sunday fear", here are some of our perks:

  • Employee option scheme 📈
  • 28 days holiday (plus bank holidays) ✈️
  • 6-week paid sabbatical on your 4-year Thrivaversary 🌴
  • Wellbeing budget, from a mindfulness app subscription, to childcare, a new hobby or a massage, you choose how you want to spend it 🧘
  • Private healthcare with Bupa 🩺
  • Enhanced parental leave 🐥
  • Nursery scheme 🍼
  • Income protection & Life insurance 🏡
  • £600/year professional development budget 🌱
  • Free Thriva tests 💜
  • 2 days paid voluntary / charity / community work🎗
  • Pet friendly office 🐶
  • Climate perks programme 🌍
  • 12 weeks work from anywhere per year 🗺

We embrace diversity at Thriva. To build a product that is loved by everyone we need a team with all kinds of different perspectives, experiences and backgrounds. That's why we're committed to hiring people from different backgrounds, race, religion, national origin, gender identity, sexual orientation, gender identity, age or disability.

We understand that applying for a new job takes a lot of work and we really value your time. We are really looking forward to reading your application!