Information Security Manager in Leatherhead

About us

Zest is transforming the way employers engage with their people. Our market leading SaaS platform empowers businesses to deliver a world class employee proposition, allowing employees to tailor their benefits package, understand their total reward, access personalised content and communications, and celebrate their colleagues’ achievements. Our platform supports hundreds of market-leading employers create a workplace where employees feel valued, informed, and deeply connected to their company’s success.

We’re proud to boast an impressive NPS of +82%, a testament to our commitment to outstanding client and end-user experiences. But what truly sets us apart is our culture. Here at Zest, we foster a work environment that’s as friendly as it is professional, as high-performing as it is supportive. We’re a team that thrives on empowerment, autonomy, and the support each member needs to excel.

Our doors are open to those who bring a natural drive to excel in their discipline, who challenge the status quo, and who drive continuous improvement. We celebrate achievements, learn openly from failures, and set a high bar for ourselves and our peers. If you’re ready to contribute to a positive, dynamic team that helps each other grow, Zest might just be the place for you.

About the job

Are you passionate about security and eager to work where it’s not just a feature but the foundation? As our Information Security Manager you’ll be at the forefront of safeguarding our platform. You’ll work closely with our Platform & Security Lead, but report directly to the Chief Product Officer to provide the role with the independence it demands. We’re committed to processing personal data with the highest level of diligence, and you’ll play a pivotal role in maintaining and enhancing our robust infosec management system, acquiring and upholding security certifications, fulfilling the role of our Data Protection Officer and ensuring we have appropriate controls to mitigate risk.

You’ll need a strategic mindset to navigate the future of cybersecurity, ensuring that we’re always a step ahead. Simultaneously, your comfort with detail will see you managing the day-to-day operations, keeping our platform and business secure.

Key responsibilities

Information Security Management & Certifications

• ISMS Oversight: Maintain and enhance Zest’s Information Security Management System. This includes maintaining documentation, conducting and documenting risk assessments, driving improvements, monitoring compliance and ensuring decisions are endorsed by the Information Security Steering Committee where appropriate.
• Security Audits and Certifications: Coordinate regular internal and external audits and address any issues raised to maintain certifications (currently ISO27001 and Cyber Essentials Plus), which are essential in demonstrating our commitment to information security to our clients.
• Security Training: Deliver information security awareness training for all employees.

Security Operations

• Threat Intelligence: Stay abreast of the latest cybersecurity threats and trends to inform strategic security planning.
• Security Infrastructure: Oversee the installation and maintenance of security systems, controls and infrastructure.
• Incident Management: Take charge of the response to all information security and data protection incidents and collaborate with various business units to understand, document and learn from any incidents to prevent the same or similar issues from reoccurring.
• Data Protection Officer: Ensure business compliance with GDPR and managing other regulatory obligations, including the timely reporting of data breaches to the supervisory authority as required by law and notify affected clients within contractually agreed timescales.

Security Design

• Security by Design: Review and inform the design of our platform. Inform our software development lifecycle to ensure privacy and security remain integral to our product design.
• Vulnerability Management: Maintain and continuously improve our vulnerability management approach to objectively evaluate, prioritise and address security weaknesses.

Supplier Management

• Supplier Program Management: Oversee Zest’s supplier management program, ensuring it continues to reflect best practice, conducting assessments for new suppliers and evaluating existing suppliers for compliance.
• Contract Analysis: Review and advise on supplier contracts, focusing on security and data protection clauses.

Sales Support & Legal Guidance

• Client Security Assessments: Respond to client information security and data protection due diligence assessments as part of the sales process and in line with our contractual obligations.
• Sales Documentation: Maintain concise, up-to-date summaries of Zest’s security and data protection measures for sales purposes.
• Contractual Guidance: Advise on information security and data protection clauses in client contracts, ensuring compliance and risk mitigation. Propose contract wording changes to maintain legislative compliance and protect the business.

Ideally you'll possess the following qualifications

• SaaS Experience: 3 years+ working for SaaS provider (B2B or B2B2C), where you routinely interacted with product, engineering and commercial teams.
• ISO 27001 Implementation: 3 years+ in an information security role with direct responsibility for implementing and maintaining an ISO 27001-aligned ISMS. Direct involvement in at least one full ISO 27001 certification audit, demonstrating familiarity with the audit process.
• Data Protection Leadership: Experience serving as a Data Protection Officer or in a similar role with daily responsibilities for personal data protection and compliance with GDPR.
• Contractual Expertise: Strong experience in reviewing and revising contracts, with a keen eye for information security and data protection clauses.

Zest is an equal opportunities employer. If you don't meet every single requirement, please don't let that hold you back. Research indicates that some candidates hesitate to apply for roles unless they meet every criterion. We're committed to fostering an inclusive workforce, so if you're enthusiastic about this opportunity but your experience isn't an exact match, we still encourage you to apply.

Additional Information:

• Salary of £57,500 - £67,500 with a comprehensive range of flexible benefits
• Normal Working Hours 37.5 per week
• Location: Leatherhead House, Station Road, Leatherhead, Surrey KT22 7FG
• Hybrid role with office/home working split.