We’re on a mission to provide equitable access to economic opportunity, for everyone.
We close critical skill gaps in the workforce through a new kind of apprenticeship that combines work and learning. We begin by recognizing high-potential individuals both inside and outside of a company's current workforce and then we create applied, guided and equitable learning programs, with measurable impact. Because we believe the world needs a better way to match its potential.
We work with over 1,500 leading companies including the likes of Microsoft, Citi and Just Eat to help solve their business-critical problems, and we’ve trained over 16,000 professional apprentices in the tech and data skills of the future. This is made possible by our global team who are driven to achieve a mission that matters, together.
Join Multiverse and help us set a new course for work.
The Opportunity
Multiverse is at an exciting juncture, one that requires transformation of both scale (16,000 to 100,000 apprentice learners) and technology (recognising potential of our expanded product, platform and AI offerings). Success in the short to mid-term will be defined by how well we execute against our central strategy, how capable we are to continuously improve core operating metrics and process, and how supported our 300+ coaches are to have a daily, positive impact to our apprentices and learners.
The InfoSec Manager will be responsible for leading and managing the implementation of organisational changes within the company relating to our ambitious plans for operational maturity. This individual will work closely with cross-functional teams to identify areas for improvement to business operations including but not limited to how we process sensitive company information, how we capture and broadcast change internally and how we select and review new systems and tools proposed for internal use.
The opportunity
As an Information Security Manager at Multiverse, you will support our Infosec Director and Privacy team to help us secure our modern cloud-native platforms. You will help by securing work delivered by dev ops engineers, IT operations (end-user computing), suppliers, and support client security requirements.
Specifically, you will:
- Help to build and scale out a secure engineering culture, working with teams to embed secure engineering practices & secure–by–design principles
- Review the security posture of our cloud platforms and identify cloud security risks and issues and work with our platform and product teams to improve our platforms.
- Deliver clear recommendations for building security capabilities to deliver security policy and compliance objectives.
- Lead internal learning sessions, giving our security champions help and support to improve their security knowledge
- Conduct maturity assessments of application security practices
- Improve security culture and awareness program for Engineering / IT Operations / Business Teams
- Support our sales teams/clients with the timely completion of Self Assurance Questionnaires (SAQ) accurately at pace.
- Review client contracts for security/privacy requirements, assessing compliance posture and suggesting mitigations if required.
- Manage the delivery of security tooling.
- Produce Documentation - documenting standard operating procedures (SOPs), Policy reviews and updates.
- Secure critical business products/services to internal requirements in line with good practice and to meet client expectations.
About you:
- Confidence in working with security engineering teams with expertise in Secure By Design and Privacy By Design.
- Proficient in security and compliance frameworks (e.g., CE+, NIST SP 800-207) and experienced in security operations, incident response, and patching/vulnerability management.
- Able to work at pace to deliver system and security designs, manage team workflows, and foster a culture of diverse thought and continuous learning.
- Skilled in collaborating with senior stakeholders, building complex services, and ensuring compliance with data and security policies.
- Capable of responding to security incidents and supporting Governance, Risk, and Compliance efforts, including supply chain security and client SAQ completion.
- Experienced in planning and delivering roadmaps and contributing to cloud security strategy, with knowledge of cloud security risk management and regulatory requirements such as UK GDPR and CCPA.
- Knowledgeable in securing AWS in line with the Well-Architected Framework. A plus if you have elevant certifications such as AWS Certified Security - Specialty (SCS-C01).
- Familiarity and experience with implementing Security Architecture using defined frameworks such as TOGAF and NIST CSF.
Bonus points if you have or are willing to learn:
- Experience with SIEM and log monitoring technologies, such as Google Security Operations (Chronicle).
- Experience with Threat Modelling with familiarity of OWASP and experience of tooling such as the AWS Labs Threat Composer.
- Experience and familiarity of Security Testing, such as penetration testing, SAST, DAST and SCA.
- Knowledge of Infrastructure as Code such as Terraform and OpenTofu, with certifications such as Terraform Certified Associate.
- Knowledge of, and experience securing, Azure (Cloud Adoption Framework, Enterprise Access Model), Google (Both GCP and Workspace) and Kubernetes cloud-native services
- Securing GitOps inclusive of Continuous Integration and Continuous Delivery/Deployment
- Identity and Access Management, including securing privileged access (JIT, PAM, PIM, Securing Lateral Account Movement)
- Relevant certifications such as SABSA, CISSP, CCSK, SC-100, GIAC, CISM, ISO Lead Auditor/ Implementer, CISLA, CISMP, Security +, MSc Information Security
Benefits
- Time off - 27 days holiday, plus 7 additional days off: 1 life event day, 2 volunteer days and 4 company-wide wellbeing days
- Health & Wellness- private medical Insurance with Bupa, a medical cashback scheme, life insurance, gym membership & wellness resources through Gympass and access to Spill - all-in-one mental health support
- Hybrid & remote work offering - with one weekly visit to the London office and the opportunity to work abroad 45 days a year
- Team fun - weekly socials, company-wide events and office snacks!
Our commitment to Diversity, Equity and Inclusion
We’re an equal opportunities employer. And proud of it. Every applicant and employee is afforded the same opportunities regardless of race, colour, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender, gender identity or expression, or veteran status. This will never change.
Safeguarding
All posts in Multiverse involve some degree of responsibility for safeguarding. Successful applicants are required to complete a Disclosure Form from the Disclosure and Barring Service ("DBS") for the position. Failure to declare any convictions (that are not subject to DBS filtering) may disqualify a candidate for appointment or result in summary dismissal if the discrepancy comes to light subsequently.