Security Compliance Officer

**_Protect Data, Secure Futures: Join Gecko as a _**_Security Compliance Officer_**

Join Gecko in our mission to maintain the highest level of information security whilst we continue to deliver innovative solutions to the Higher Ed world

As the Security Compliance Officer of a remote-first company, you'll be the one making sure that Gecko's information is safe and sound. This is important because it gives our customers and other stakeholders peace of mind that we're taking all the necessary steps to safeguard their sensitive data. So, no pressure or anything

We're pretty serious about security around here and we're proud to say that in the past year, we've managed to get certified for both ISO27001 and SOC2 Type II. Now, we're on the lookout for someone who can keep up the good work and make sure we maintain these certifications, but also someone who can drive us to keep getting better and better when it comes to keeping our customers' information secure and compliant. Think you're up for the challenge?

Until now, information security and compliance has been shared across multiple people alongside their regular job duties. But we are now looking for someone to take the lead on this across Gecko. Someone who can single-handedly take charge of our approach and deliver processes and practices that ensure the utmost level of information security and compliance for Gecko and our customers. So if you're someone who's really into security, has a ton of experience with security frameworks, and likes to work independently, then you might be just the person we need

You'll be the go-to person for all things security-related in this key role. It's up to you to make sure everyone follows the rules for keeping things secure, and you'll need to come up with some strong measures to make sure everything stays on track. You'll also be responsible for working with outside vendors and auditors to keep everything running smoothly.

**Responsibilities: Here's what you'll be in charge of**:

- Making sure we keep up with all the latest security policies and standards like GDPR, ISO27001, SOC2 Type II, CyberEssentials Plus, and do an annual Penetration Test.
- Keeping all the paperwork and processes related to these frameworks current.
- Helping out with the shift to the latest version of ISO27001 and getting new accreditations, like TexRAMP and/or StateRAMP, if needed.
- Continuously improving our information security management system (ISMS) to ensure that everything is as secure as possible.
- Keeping a lookout for vulnerabilities, meeting SLA targets, and managing any breach incidents.
- Using security and vulnerability tools to carry out risk audits, develop corrective action procedures, and prioritize tasks.
- Coordinating with the ISMS Governance Council to ensure everyone's on the same wavelength.
- Assisting with audits and making sure we follow up on any corrective action plans.
- Managing the information security Risk Register and making sure we're addressing any risks.
- Ensuring that we have the right security software and tools installed on all our devices.
- Helping out with client security questionnaires, keeping ISO27001 documents up to date, and training users on best practices.
- Overseeing device security, including mobile device management (MDM) and enforcing protocols.

**The Hard Skillz**

To crush it in this gig, you gotta bring these qualifications and skills to the table:

- Proven chops in a similar GRC-focused Security Compliance Office role.
- Strong understanding of security frameworks and standards like ISO27001, SOC2.
- Solid knowledge of security frameworks and standards like ISO 27001.
- CISSP certification [this role is also open to someone working towards their CISSP certification].
- Do some wicked project management, and stay on top of priorities like it's nobody's business.
- Be able to produce security documentation to a predefined standard.
- Be an analytical ninja with a keen eye for detail.
- Be flexible and able to keep up with the latest and greatest security threats and solutions.
- Roll with processes and keep those communication skills tight.
- Be adaptable to stay on top of the latest security threats and solutions.
- Have some smarts when it comes to cost-effective security solutions.

**Here's what's in it for you**:

- 34-hour Workweek
- 4-day Workweek (optional, after qualifying period of service)
- 33 days Holiday
- Remote Working & Home Office Setup
- Flexible Working
- Private Healthcare
- Death in Service
- Pension
- EAP, plus employee discounts & benefits via Perkbox
- Work with some of the best in the biz in a dynamic, autonomous and super-fun working environment (you can find out more about working with us here)
- And lots more...

**_ If all of this excites you then you may be our next Gecko_**

To apply, please submit your CV and be sure to tell us why you are passionate about information security at Gecko, highlighting your relevant experience.

**_
To get star