Lead Security Engineer
Posted on Tuesday, February 7, 2023
We are Not On The High Street
We’re home to 5,000+ phenomenal small creative businesses that we are proud to call our Partners. But, now more than ever, this community needs our support.
So we’re doing all we can to shine a light on these dynamic entrepreneurs, waving the flag for small businesses and generally championing their socks off.
On top of our brilliant Partners, products, and customers (not to mention our incredible team who have been busy beavering away from home since 2020), the last couple of years has seen great progress with our tech platform and customer experience.
We are now looking to build on this momentum to drive our business to the next level. And that’s where you come in.
We’re a team of 200 or so who all thrive in roles that make an impact and a difference and we are looking for like-minded people.
You’re laser-focused when it comes to the task at hand. You’re not afraid to make big decisions and take some risks. You have a positive attitude to learn if things don’t go to plan and re-iterate to get your idea working. You’re a team player willing to lift others up and collaborate.
If this applies to you then we are the right fit for you, our perks and benefits are at the bottom of the description but if you want to know more about the role itself read on.
As a customer focussed technology company, Security (both cyber and Information) is of the highest priority and key to our commitment to our customers to keep their data safe.
The Lead Security Engineer will be accountable for our Technology security risk and management of any security incidents and will lead the transformation of our information security policies and practices. They will be proactive in working with senior business and technology leadership, and various engineering and operations teams to ensure security has an appropriate focus. They will champion security and share best practices by providing training, coaching and support. As well as providing confidence to stakeholders, but also conveying any risks we have in a realistic way.
- Overall accountability for our Security procedures, processes and policies whether proactive or reactive to incidents
- Responsible for identifying gaps in our approach and championing security practices both within Technology teams and with the wider business
- Accountable for more junior members of the Security team, line management duties and leading them in both their day-to-day and their personal development.
- Work with senior business and technology leadership to assess existing cyber/information security position; and to develop, manage and iteratively deliver enhancements to our policies and procedures
- Coordinate activities relating to legal and cyber/information security compliance best practices, such as GDPR, NIST, PCI-DSS
- Collaborate with the Legal team and Risk Management board in the management of the operational risk register and recommends appropriate actions and assist with mitigation planning
- Lead date-to-day operational security and incident resolution
- Own governing policies for security tools, responding to events and evaluating data to enable reporting and subsequent analysis
- Work with internal security, operations and engineering teams and 3rd party suppliers to assess and manage technology security risks for new and existing solutions
- Solid knowledge of GDPR, CIS, ISO27001/2, COBIT, NIST 800-53, PCI/DSS and similar controls frameworks and associated cyber/information security practices; with practical experience in successfully rolling them out into an organisation
- Understanding of the latest technologies, trends and emerging best practices in the cyber/information security space
- Experience in integrating software vulnerability management processes and the associated tools including Jira, dynamic & static code analysis, cloud posture scanning and vulnerability scanning
- Experience in managing security incidents and IT security risks, with associated stakeholder management including the software development teams
- Experience with modern cloud technologies and service providers would be desirable; specifically AWS platform, Containers and Serverless, Java, Node JS, relational and NoSQL DB’s
- Confident and engaging presence with strong stakeholder management and project delivery skills
- Able to communicate deep technical information with business stakeholders and simplify communication security matters
- Good people leadership ability and experience leading a team of security professionals
- Experience producing and communicating a roadmap of security improvements
It’s important to us that our people are well looked after, which is why we offer BUPA healthcare, Healthshield, life insurance, and additional Mental health support through Spill
We have also worked very hard to come up with a set of policies that support work/life balance, flexible working, diversity, and inclusion that help to reduce the stress of life, some of which can be found on our careers page
We offer 25 days standard with 8 days bank holidays and the ability to swap other religious holidays
We hold regular socials and events as well as holding hackathons and encourage the attendance of conferences and other events
We endeavour to support our people to make sure work... well, works for them. We’re using the lessons learned from the Pandemic to evolve our approach to flexible working, so we’ve introduced a hybrid working month.
The NOTHS team visits beautiful Richmond two to three times a month to ensure we all still get together as one #teamNOTHS (although you can come in more if you like)
For 2022 we began trialling fully remote months in January (to avoid the snow) and August (to enjoy the sun).
Diversity and Inclusion
Diversity and Inclusion is really important to us and that’s why everyone’s welcome at Not On The High Street – whoever they are, whatever their background.
As part of your application, you’ll be asked to complete an optional demographic survey to help us learn more about who wants to work with us and will only be used to help us figure out how to make our team(s) even more inclusive and attract more brilliant people to join us!
We have a DEI focus group as well as affinity groups that have their own budgets and can use this to help serve diversity and inclusion at NOTHS
Apply to join #teamNOTHS
For now, our recruitment and induction processes are fully remote, taking advantage of the wonders of modern-day technology.
You’ll speak with one of the recruitment team first (30 minutes) who will help you understand the role and company even better, you’ll then speak with the line manager (30 minutes), then a final interview (approx. 2 hours). This process may vary depending on the role you are applying to
We’d love to hear more about you, your experience and why you’d like to join our team.
See more open positions at notonthehighstreet
Something looks off?