Global Cyber Security Manager

Internal IT

Full-time

London, England, United Kingdom

Apply

Our vision is to be the source of truth in global supply chains. Our mission is to build a world-class business that will evolve for decades and help create a tangible difference in our world.

Oritain is the global leader in scientifically verifying origin, notably in the cotton/textiles, food, and pharmaceutical sectors. We exist to protect the reputations of our customers and US borders by identifying and mitigating well-known risks in global supply chains. Sustainability isn't just about tackling climate change; it represents a growing conscience around our actions and their impact on people, animals, and the planet. The personal, professional, and governmental move to sustainable practice is driven by a desire to change our impact on the world. We can only do this by knowing the certainty of our actions.

Take the Lead as Our Global Cybersecurity Expert!

As a result of our continued growth, we're looking for an experienced cybersecurity professional passionate about building secure systems and fostering a culture of security. You'll take charge of our Cybersecurity function, ensuring our digital products and infrastructure are secure, robust, and always ahead of the curve. 

Are You Ready to Shape Global Cybersecurity at Oritain?

This is a fantastic opportunity to step into a unique global role where you’ll lead the charge in cybersecurity, driving cutting-edge tools, embedding robust governance, and enjoying the freedom to design impactful processes across our global operations. As the sole expert in this position, you’ll spearhead Cyber projects with plans to build your own team in 2025

The role combines two dynamic elements: 

  • Core IT Security: Leverage your deep technical expertise to maintain the security of our infrastructure, servers, and systems. From leading our Managed Security Service Providers (MSSPs), building a best-in-class Cyber training and awareness programme, and performing security audits on critical systems.
  • Cybersecurity Governance: Implement governance and frameworks to embed security across the business, across IT, Engineering, and other business verticals, ensuring best-practice configurations become the norm.

Your Mission 

As our Cybersecurity Lead, you will: 

  • Build and implement a DevSecOps framework to ensure our digital products are secure and meet the highest Cyber assurance standards.
  • Lead the Cybersecurity function, managing people, processes, and tools while ensuring the business is "Secure by Design."
  • Identify and remediate Cyber risks across the organisation, focusing on vulnerability management for all Oritain assets. 

Your Day-to-Day Responsibilities

Leadership & Strategy

  • Lead the Cybersecurity team and assure the CIO, ELT, and board that Oritain’s systems and products are secure.
  • Be a key representative for Cybersecurity in decision-making forums such as the Change Advisory Board (CAB).
  • Manage penetration testing for customer-facing and internal systems, working with internal teams and external partners to implement remediations effectively.

·         Cloud & Application Security

  • Act as the go-to expert for securing Microsoft Azure, ensuring that cloud security requirements are integrated into all new systems and services.
  • Drive application and platform security by conducting penetration tests, running audits, and managing automated scans like SCA, SAST, and DAST.

·         Maintain a strong Cloud Security Posture by continuously improving infrastructure, processes, and policies.

Risk & Compliance

  • Own vulnerability and threat management, identify risks and work with stakeholders to ensure swift and effective remediation.
  • Ensure ongoing compliance with industry standards such as ISO27001, NIST, Cyber Essentials Plus, and CIS.
  • Assist with developing and enforcing cloud security policies, aligning with industry best practices and regulatory requirements.

Security Awareness

  • Deliver engaging cybersecurity awareness training, including phishing simulations, lunch-and-learn sessions, and companywide initiatives.
  • Foster a strong security culture by defining and promoting best practices for secure infrastructure and secure coding.

What We’re Looking For: Must-Haves

We’re seeking a cybersecurity expert who thrives on technical challenges and brings a wealth of knowledge and hands-on experience. These are the essential requirements for this role:

Experience & Technical Expertise

  • At least 5+ years of Cybersecurity Experience: A hands-on role that builds upon a solid foundation as an engineer, with a demonstrated ability to work across teams and integrate security into processes.
  • Extensive Microsoft Azure Knowledge: Proven expertise in securing Azure environments, including:
  • Serverless functions, Blob Storage, API Management, Cosmos DB, and SQL and Cloud networking architecture: VNets, application gateways, private and service endpoints, and firewalls.
  • Secure Software Development: Deep experience implementing effective secure coding practices (e.g., OWASP Top 10, SAST, DAST, SonarCloud). You can seamlessly integrate security into the SDLC with a shift-left approach.
  • Cloud Security Tools: Practical experience with Azure Sentinel, Defender, and tools like Wiz or MS Defender for Cloud to identify, mitigate, and monitor security threats.
  • Penetration Testing: Experience managing pen-testing and remediation, including working with third-party suppliers or using tools like Wiz, Cobalt, or internal systems.
  • Infrastructure Security: Hands-on experience designing and troubleshooting secure cloud infrastructure solutions (PaaS and IaaS).

Compliance & Standards

  • Familiarity with industry standards such as ISO27001, Cyber Essentials Plus, NIST, and CIS. You know how to ensure compliance and integrate these standards into processes.
  • An appreciation for maintaining Cyber assurance aligned with ISO27001 certification.

Certifications (preferred)

  • Cybersecurity Architect Expert or Azure Security Engineer Certification is preferred.
  • Communication & Leadership Skills
  • Exceptional communication skills, with the ability to explain complex security concepts to technical and non-technical stakeholders.
  • Proven experience coordinating with managers and team leads across technical and non-technical areas. 

Additional Skills That Will Make You Stand Out 

  • Experience taking organisations through Cyber Essentials Plus certification.
  • A proven ability to develop, implement, and enforce cloud security policies, standards, and procedures.
  • Strong organisational skills to prioritise tasks, manage competing deadlines, and deliver results in a dynamic environment. 
  • Willing and able to travel to our company HQ in NZ and to additional sites as required.
  • This hybrid role is based out of our (dog-friendly) office in Farringdon 3 days a week.

If you want to join a growing, mission-driven company that sells truly unique solutions with a purpose, this could be the ideal role for you.

  • 27 Days annual leave
  • Your birthday off
  • Pension
  • 2 paid volunteer days
  • Dog-friendly office and hybrid working
Apply

Published: 2 January 2025