This role is responsible for information security and data protection at FutureLearn. The Information Security Manager will own the organisation's information security strategy and ensure our data handling meets our policies and standards. Reporting directly to the Director of Technology, they will work closely with the Product and Legal teams, as well as across the wider business, in order to develop a thorough understanding of our product and policies.
The Information Security Officer has the following responsibilities:
- Develop and maintain the organisation’s security strategy
- Own our journey to ISO27001 compliance, including the implementation of an information security management system.
- Develop, review and embed security policies and processes.
- Monitor, audit and report compliance, and support teams across the organisation making changes to ensure this.
- Be the Data Protection Officer
- Be the primary point of contact for any data protection related queries and requests, including responding to any data subject access requests, requests for erasure etc.
- Conduct and maintain data audits for all data held across the organisation, ensuing that our legal basis for processing remains correct.
- Conduct data privacy impact assessments for new feature requests or other changes to the platform.
- Manage security and data incidents, including investigation, reporting and our relationship with the ICO.
- Providing training for employees on GDPR compliance requirements.
- Manage internal and partner requests for security information
- Respond to audit, compliance and data processor questionnaires.
- Provide evaluations of third party software for on platform and internal use.
- Ensure continued security of the FutureLearn platform
- Manage security testing, including web application and infrastructure vulnerability assessments, ensuring that open vulnerabilities are raised, mitigated and remediated as appropriate.
- Work closely with the Technical Architects and Product Teams to ensure security is included by design.
- Identification and escalation of risks and opportunities for continual improvement and security best practices.
- Minimum of 4 years’ experience working in a similar role delivering information security management in a complex technical environment for an online business.
- An excellent knowledge of relevant information security standards and practices, specifically ISO27001: 2017 certification process and audits.
- In depth experience of maintaining and managing the ISMS on behalf of the company and undertaking risk and business impact assessments.
- An excellent knowledge of the GDPR and the Data Protection Act 2018 and experience supporting business to reach and retain compliance.
- Strong subject matter experience in application security, vulnerability and penetration testing.
- Experience with cloud environments (e.g. AWS or GCP).
- Familiarity working with cross functional product teams using agile methodologies.
- Excellent communication skills, able to communicate effectively with both technical and non-technical colleagues.
- A recognised security qualification e.g. CISSP, CISM, CSSLP would be an advantage.
- 28 days holiday (plus 8 days public holiday)
- Buy & sell up to 5 days holiday
- Dedicated personal learning & development budget
- Charity day (volunteer for a charity of your choice)
- Cycle to work scheme
- Season Ticket loan
- Flexible working environment/hours
- Pension (4% employer / employee contribution)
- OU Staff Fee Course Waiver Programme
- Great coffee, teas, fruit and daily breakfast
FutureLearn is a leading social learning platform formed in December 2012 by The Open University and is now jointly owned by The Open University and The SEEK Group. FutureLearn has over 10 million people signed up worldwide. FutureLearn uses design, technology and partnerships to create enjoyable, credible and flexible short online courses, microcredentials, as well as undergraduate and postgraduate degrees that improve working lives. It partners with over a quarter of the world’s top universities, as well as organisations such as Accenture, the British Council, CIPD, Raspberry Pi and Health Education England (HEE). It’s also involved in government-backed initiatives to address skills gaps such as The Institute of Coding and the National Centre for Computing Education.
Please use our online form by pressing 'Apply for this job' below, including your CV and a cover letter telling us why you'd like to come work with us.
Please note this role will be a remote role whilst FutureLearn's office is closed. Once the office is open again this role will be a full time, office based role.
Please contact firstname.lastname@example.org if you require any reasonable adjustments or alterations to be made, to support you through the recruitment process.
No recruitment agents please.
We value all the great benefits that diversity brings and encourage everyone to bring their whole self at work, regardless of gender, religion, ethnicity, sexual orientation, age or disability.
We encourage freelancers and people who have been made redundant as a result of COVID-19 to apply for opportunities at FutureLearn. We believe that in these difficult times, good employers have to rise to the occasion and play their part in the community. At FutureLearn, we take care of each other.