Job description
Description
The position
The role of the Information Security Manager is to operate the information security management system of Sympower as per ISO 27001. Itβs an inherently cross-departmental role, as the Information Security Management System has policies and procedures that affect the entire company. The system ensures the security of Sympowerβs data and systems, which includes data protection, integrity and continued availability and business continuity. The person will also be responsible for external communication with customers and partners about security related issues, answering questionnaires and handling any incoming requests or incidents via the security email inbox. The person will also oversee audits, contact with certification bodies and security budgets.
What is in it for you
We are committed to creating an inclusive and values based culture where everyone feels that they belong, and where everyone has the opportunity to do meaningful work.
We offer a market competitive compensation package, including but not limited to:
30 Days Paid Holiday Leave
1 Day Paid Wellness Leave
1 Day Paid Birthday Leave
Paid Maternity and Partner Leave
Pawternity Leave
Mental Health and Wellbeing Support
Remote Office Budget
Internet Allowance
Development Plan & Budget
Stock Appreciation Rights
2 Days Paid Volunteer Leave
Learn about all of our benefits on our careers page.
What you will do
This is your opportunity to shape Sympowerβs cybersecurity position and influence company-wide processes.
Information Security Management System (ISMS):
Oversee the ISMS based on our chosen standard ISO 27001, including policy and procedure updates, document reviews, and audits.
Organize and lead internal audits, management reviews, and external ISO 27001 audits.
Conduct regular ISMS Governance Council updates to inform leadership of the cybersecurity landscape and ISMS performance.
Ensure that the ISMS complies with NIS2.
Risk and Compliance:
Perform risk analyses and coordinate risk mitigation strategies.
Handle non-conformities, implement corrective actions, and maintain compliance documentation.
Manage vendor security, ensuring third-party compliance with Sympowerβs security standards.
Take part in incident retrospectives.
Training and Awareness:
Plan and conduct security awareness training for employees.
Foster a company-wide understanding of security policies and their impact on day-to-day operations.
Collaboration and Leadership:
Facilitate cross-departmental collaboration to implement security measures effectively.
Be available to support and take part in customer facing interactions that require explanation of our ISMS.
Lead the security team without direct managerial authority, driving results through influence and coordination
Work closely with product managers, legal, and Engineering Operations to balance feature delivery and security.
Overseeing Product Security Development Practices
Managing and reviewing our Pen Tests, making sure our Product Development teams have the correct knowledge to act on the outcomes
Handling Customer Security Policies and Questionnaires
Requirements
Fluent written and spoken English; other European languages also beneficial
Experience managing or implementing ISO 27001 ISMS.
Background in IT security, risk management, or compliance.
Familiarity with cloud-first environments and remote-first organizations.
Project Management and Organisational Skills:
Proven ability to coordinate complex, cross-departmental projects with precision and efficiency.
Experience managing systems and processes with multiple interdependencies.
Systematic Thinking: Deep understanding of structured systems like ISO 27001 ISMS, with the ability to navigate interlinked documents and processes effectively.
Security Knowledge:
Solid understanding of IT security fundamentals, DevSecOps processes, risk management, and data protection. In-depth cryptography knowledge is not required, but a foundational understanding is essential.
Knowledge of such applications as SIEM and Risk management tools
Experience with OWASP Top 10, SANS, and other security frameworks.
Organisational Awareness: Experience in developing and implementing policies with a keen awareness of their practical implications on teams and workflows.
Communication and Presentation:
Ability to present information clearly and actionably to diverse stakeholders, including senior leadership and external auditors.
Skilled at translating complex security concepts into accessible language.
Ability to speak with customers on security related topics
Leadership without Authority: Track record of influencing teams and driving outcomes in environments without direct reporting lines.
Who we are
Sympower is accelerating the global transition towards βnet-zeroβ by helping to build smarter, cleaner renewable energy systems. Using our proprietary software platform, we help balance the supply and demand of electricity across international energy networks.
We help businesses, grid operators, asset owners and other energy stakeholders around the world reduce their carbon emissions, integrate more distributed renewable energy resources, and generate new revenue streams by participating in demand-side response services.
Learn more about us in this video.
In 2022, Sympower became acertified B Corp, which shows the company is meeting high standards of verified performance, accountability, and transparency across 5 impact areas: governance, workers, community, environment, and customers.
Sympower is an equal opportunity employer. We encourage a diverse workforce and are committed to creating an inclusive environment for all team members.
Your personal data will be processed in accordance with our Privacy Policy.
MESSAGE TO RECRUITMENT AGENCIES: support for filling this position is not required, so proposals for recruitment services will not be reviewed or responded to.
