The Team
The Security Team sits within the technical side of the organisation and serves security and compliance requirements across the breadth of the business.
Tumelo maintains a strong focus on culture and the well-being of staff members, which means you'll get to work in a team that encourages collaboration and learning new skills.
The Role We're seeking an ambitious Cyber Security Engineer to help evolve the security and compliance function at Tumelo. This is initially a team of one but will be closely supported by the VP of Engineering.
The role provides an exciting opportunity to mature your experience across a diverse range of cyber security and compliance domains. Tumelo's software products support stewardship services for some of the largest investment firms in the world and we're committed to ensuring that security and compliance are foremost concerns.
Core Responsibilities
Manage the ISO 27001 program with support from the VP of Engineering, including evolving the policy framework, gathering control evidence, managing internal stakeholders, and maintaining the ISMS for successful annual audits. Assist in IT support, including triage of support tickets, managing IT assets/endpoint devices, and maintaining and evolving IT systems such as Microsoft Entra ID, Microsoft InTune, Microsoft Defender, JAMF Pro, and AWS Security Hub. Advocate for operational changes that promote 'shift left' in security practices, implementing tools that make security adoption easier while ensuring controls are high-impact but low-friction. Promote security awareness at all levels and cultivate a DevSecOps culture by encouraging 'Secure by Design' principles and helping teams select secure technologies. Monitor and respond to security logs and alerts using tools like AWS Security Hub and GuardDuty, ensuring prompt action on vulnerabilities. Manage the business security posture by applying risk management practices and continuously improving security controls. Assist with customer due diligence processes by gathering evidence and responding to security-related questionnaires. Support the VP of Engineering in evolving the company's security strategy to align with business change and product requirements.
Skills & Experience We don't expect prospective candidates to tick every single box here. We are committed to your professional growth and will support opportunities for further development, including certifications and hands-on experience with strategic security initiatives.
You have experience in Governance, Risk, and Compliance, possibly managing an information security program like ISO 27001, or you're eager to gain this experience. You advocate for security best practices and are driven by achieving meaningful security outcomes with minimal friction. You balance security decisions based on risk exposure and use data-driven decision-making to implement 'defence in depth' strategies. You're an excellent collaborator, comfortable driving security awareness across the organisation, and experienced in 'shift left' approaches to security. You're proficient with IT systems such as Microsoft Entra ID, Microsoft Defender, Microsoft InTune, JAMF Pro, and AWS Security Hub, and enjoy improving security and IT systems to ensure they are effective. You have a solid understanding of data protection regulations like GDPR and can apply that knowledge in complex, real-world situations. You have applied security controls across cloud environments, IT infrastructure, and software development processes. You have experience building and evolving security strategy or you are excited to contribute and learn in this area. You may hold relevant cybersecurity certifications such as Security+, CISSP, GICSP, CISM, or equivalent. Not essential.
What we offer: We're incredibly passionate about Tumelo's culture and ways of working. We have an amazing team who care deeply about our mission. We value team well-being and strive to build a safe, healthy environment where people can bring their whole selves to work.
Salary between £55,000 - 75,000 dependent on experience. Private health insurance - via Equipsme, including 24/7 private GP access, dental, optical, and mental health support. Generous company share scheme - We are all owners of Tumelo and beneficiaries of our collective success. Work From Home budget - To get you everything you need to be able to work comfortably from home. Great Maternity & Paternity policies - We recognise how important parental leave is to the well-being of our team. Our maternity policy offers the first 26 weeks at 100% pay, followed by Standard Maternity Pay thereafter, and our paternity policy offers six weeks at 100% pay. 5% employer pension contribution £50 per month wellness budget - Pick the benefit that works for you, whether that's a monthly gym membership, a regular massage, career coaching or a regular delivery of healthy food. There are over 1000 things to choose from! 33 days holiday - These include bank holidays, but you can take bank holidays off at your discretion, some of the team prefer to work those days and save the holiday for another time, and that's fine by us! You'll also get an extra day of holiday when you've been with us for 3 years! Flexible hours - We commit to being available to each other on slack/email between 10am and 3pm Monday - Friday (save for lunch), but outside of these hours you can work whenever you feel most productive. Tumfests - The team commit to gathering together for a full day at least once per month in Bristol or an off-site location. Travel costs are covered by the business. Hybrid working - We encourage staff to come into the office a few times a month to encourage collaboration but we're flexible and pragmatic about this.
#J-18808-Ljbffr
Tumelo maintains a strong focus on culture and the well-being of staff members, which means you'll get to work in a team that encourages collaboration and learning new skills.
The Role We're seeking an ambitious Cyber Security Engineer to help evolve the security and compliance function at Tumelo. This is initially a team of one but will be closely supported by the VP of Engineering.
The role provides an exciting opportunity to mature your experience across a diverse range of cyber security and compliance domains. Tumelo's software products support stewardship services for some of the largest investment firms in the world and we're committed to ensuring that security and compliance are foremost concerns.
Core Responsibilities
Manage the ISO 27001 program with support from the VP of Engineering, including evolving the policy framework, gathering control evidence, managing internal stakeholders, and maintaining the ISMS for successful annual audits. Assist in IT support, including triage of support tickets, managing IT assets/endpoint devices, and maintaining and evolving IT systems such as Microsoft Entra ID, Microsoft InTune, Microsoft Defender, JAMF Pro, and AWS Security Hub. Advocate for operational changes that promote 'shift left' in security practices, implementing tools that make security adoption easier while ensuring controls are high-impact but low-friction. Promote security awareness at all levels and cultivate a DevSecOps culture by encouraging 'Secure by Design' principles and helping teams select secure technologies. Monitor and respond to security logs and alerts using tools like AWS Security Hub and GuardDuty, ensuring prompt action on vulnerabilities. Manage the business security posture by applying risk management practices and continuously improving security controls. Assist with customer due diligence processes by gathering evidence and responding to security-related questionnaires. Support the VP of Engineering in evolving the company's security strategy to align with business change and product requirements.
Skills & Experience We don't expect prospective candidates to tick every single box here. We are committed to your professional growth and will support opportunities for further development, including certifications and hands-on experience with strategic security initiatives.
You have experience in Governance, Risk, and Compliance, possibly managing an information security program like ISO 27001, or you're eager to gain this experience. You advocate for security best practices and are driven by achieving meaningful security outcomes with minimal friction. You balance security decisions based on risk exposure and use data-driven decision-making to implement 'defence in depth' strategies. You're an excellent collaborator, comfortable driving security awareness across the organisation, and experienced in 'shift left' approaches to security. You're proficient with IT systems such as Microsoft Entra ID, Microsoft Defender, Microsoft InTune, JAMF Pro, and AWS Security Hub, and enjoy improving security and IT systems to ensure they are effective. You have a solid understanding of data protection regulations like GDPR and can apply that knowledge in complex, real-world situations. You have applied security controls across cloud environments, IT infrastructure, and software development processes. You have experience building and evolving security strategy or you are excited to contribute and learn in this area. You may hold relevant cybersecurity certifications such as Security+, CISSP, GICSP, CISM, or equivalent. Not essential.
What we offer: We're incredibly passionate about Tumelo's culture and ways of working. We have an amazing team who care deeply about our mission. We value team well-being and strive to build a safe, healthy environment where people can bring their whole selves to work.
Salary between £55,000 - 75,000 dependent on experience. Private health insurance - via Equipsme, including 24/7 private GP access, dental, optical, and mental health support. Generous company share scheme - We are all owners of Tumelo and beneficiaries of our collective success. Work From Home budget - To get you everything you need to be able to work comfortably from home. Great Maternity & Paternity policies - We recognise how important parental leave is to the well-being of our team. Our maternity policy offers the first 26 weeks at 100% pay, followed by Standard Maternity Pay thereafter, and our paternity policy offers six weeks at 100% pay. 5% employer pension contribution £50 per month wellness budget - Pick the benefit that works for you, whether that's a monthly gym membership, a regular massage, career coaching or a regular delivery of healthy food. There are over 1000 things to choose from! 33 days holiday - These include bank holidays, but you can take bank holidays off at your discretion, some of the team prefer to work those days and save the holiday for another time, and that's fine by us! You'll also get an extra day of holiday when you've been with us for 3 years! Flexible hours - We commit to being available to each other on slack/email between 10am and 3pm Monday - Friday (save for lunch), but outside of these hours you can work whenever you feel most productive. Tumfests - The team commit to gathering together for a full day at least once per month in Bristol or an off-site location. Travel costs are covered by the business. Hybrid working - We encourage staff to come into the office a few times a month to encourage collaboration but we're flexible and pragmatic about this.
#J-18808-Ljbffr
