The Team
The Security Team sits within the technical side of the organisation and serves security and
compliance requirements across the breadth of the business.
Tumelo maintains a strong focus on culture and the well-being of staff members, which means you'll get to work in a team that encourages collaboration and learning new skills.
The Role
We're seeking an ambitious Senior Cyber Security Engineer to help evolve the security and compliance function at Tumelo. This is initially a team of one but will be closely supported by internal teams.
The role provides an exciting opportunity to mature your experience across a diverse range of cyber security and compliance domains. Tumelo's software products support stewardship services for some of the largest investment firms in the world and we're committed to ensuring that security and compliance are foremost concerns.
Core Responsibilities
Manage the ISO 27001 program, including evolving the policy framework, gathering control evidence, managing internal stakeholders, and maintaining the ISMS for successful annual audits. Assist in IT support, including triage of support tickets, managing IT assets/endpoint devices, and maintaining and evolving IT systems such as Microsoft Entra ID, Microsoft InTune, Microsoft Defender, JAMF Pro, and AWS Security Hub. Accountable for customer due diligence processes, ensuring timely responses to security questionnaires, and building resources to streamline the process. This requires working in close collaboration with internal Ops and Sales teams. Advocate for operational changes that promote 'shift left' in security practices, implementing tools that make security adoption easier while ensuring controls are high- impact but low-friction. Promote security awareness at all levels and cultivate a DevSecOps culture by encouraging 'Secure by Design' principles and helping teams select secure technologies. Monitor and respond to security logs and alerts using tools like AWS Security Hub and AWS GuardDuty, ensuring prompt action on vulnerabilities. Manage the business security posture by applying risk management practices and continuously improving security controls. Design and implement a comprehensive security strategy that safeguards the business while supporting its growth and scalability. Skills & Experience
We don't expect prospective candidates to tick every single box here. We are committed to your professional growth and will support opportunities for further development, including certifications and hands-on experience with strategic security initiatives.
You have experience in Governance, Risk, and Compliance, and have a keen understanding of enterprise security. You have directly implemented ISO 27001, maintained an ISMS and you're confident in negotiating external audits for a business. You're accustomed to navigating customer due diligence processes and have experience in providing timely, accurate and well rationalised responses to security questionnaires. You've ideally used this experience to streamline the process. You advocate for security best practices and are driven by achieving meaningful security outcomes that introduce minimal friction for internal teams. You balance security decisions based on risk exposure and use data-driven decision- making to implement 'defence in depth' strategies. You're an excellent collaborator, comfortable driving security awareness across the organisation, and experienced in 'shift left' approaches to security. You're proficient with IT systems such as Microsoft Entra ID, Microsoft Defender, Microsoft InTune, JAMF Pro, and AWS Security Hub, and enjoy improving security and IT systems to ensure they are effective. You have a solid understanding of data protection regulations like GDPR and can apply that knowledge in complex, real-world situations. You have applied security controls across cloud environments, IT infrastructure, and software development processes. You are confident in advising teams on security best practice and helping them to improve security posture. You have experience building and executing security strategy that aligns to business goals. You may hold relevant cybersecurity certifications such as Security+, CISSP, GICSP, CISM, or equivalent. Not essential. What we offer:
We're incredibly passionate about Tumelo's culture and ways of working. We have an amazing team who care deeply about our mission. We value team well-being and strive to build a safe, healthy environment where people can bring their whole selves to work.
Salary between £75,000 - £95,000 dependent on experience. Private health insurance - via Equipsme, including 24/7 private GP access, dental, optical, and mental health support. Generous company share scheme We are all owners of Tumelo and beneficiaries of our collective success. Work From Home budget To get you everything you need to be able to work comfortably from home. Great Maternity & Paternity policies We recognise how important parental leave is to the well-being of our team. Our maternity policy offers the first 26 weeks at 100% pay, followed by Standard Maternity Pay thereafter, and our paternity policy offers six weeks at 100% pay. 5% employer pension contribution £50 per month wellness budget Pick the benefit that works for you, whether that's a monthly gym membership, a regular massage, career coaching or a regular delivery of healthy food. There are over 1000 things to choose from! 33 days holiday These include bank holidays, but you can take bank holidays off at your discretion, some of the team prefer to work those days and save the holiday for another time, and that's fine by us! You'll also get an extra day of holiday when you've been with us for 3 years! Flexible hours We commit to being available to each other on slack/email between 10am and 3pm Monday - Friday (save for lunch), but outside of these hours you can work whenever you feel most productive. Tumfests The team commit to gathering together for a full day at least once per month in Bristol or an off-site location. Travel costs are covered by the business. Hybrid working We encourage staff to come into the office a few times a month to encourage collaboration but we're flexible and pragmatic about this.
#J-18808-Ljbffr
Tumelo maintains a strong focus on culture and the well-being of staff members, which means you'll get to work in a team that encourages collaboration and learning new skills.
The Role
We're seeking an ambitious Senior Cyber Security Engineer to help evolve the security and compliance function at Tumelo. This is initially a team of one but will be closely supported by internal teams.
The role provides an exciting opportunity to mature your experience across a diverse range of cyber security and compliance domains. Tumelo's software products support stewardship services for some of the largest investment firms in the world and we're committed to ensuring that security and compliance are foremost concerns.
Core Responsibilities
Manage the ISO 27001 program, including evolving the policy framework, gathering control evidence, managing internal stakeholders, and maintaining the ISMS for successful annual audits. Assist in IT support, including triage of support tickets, managing IT assets/endpoint devices, and maintaining and evolving IT systems such as Microsoft Entra ID, Microsoft InTune, Microsoft Defender, JAMF Pro, and AWS Security Hub. Accountable for customer due diligence processes, ensuring timely responses to security questionnaires, and building resources to streamline the process. This requires working in close collaboration with internal Ops and Sales teams. Advocate for operational changes that promote 'shift left' in security practices, implementing tools that make security adoption easier while ensuring controls are high- impact but low-friction. Promote security awareness at all levels and cultivate a DevSecOps culture by encouraging 'Secure by Design' principles and helping teams select secure technologies. Monitor and respond to security logs and alerts using tools like AWS Security Hub and AWS GuardDuty, ensuring prompt action on vulnerabilities. Manage the business security posture by applying risk management practices and continuously improving security controls. Design and implement a comprehensive security strategy that safeguards the business while supporting its growth and scalability. Skills & Experience
We don't expect prospective candidates to tick every single box here. We are committed to your professional growth and will support opportunities for further development, including certifications and hands-on experience with strategic security initiatives.
You have experience in Governance, Risk, and Compliance, and have a keen understanding of enterprise security. You have directly implemented ISO 27001, maintained an ISMS and you're confident in negotiating external audits for a business. You're accustomed to navigating customer due diligence processes and have experience in providing timely, accurate and well rationalised responses to security questionnaires. You've ideally used this experience to streamline the process. You advocate for security best practices and are driven by achieving meaningful security outcomes that introduce minimal friction for internal teams. You balance security decisions based on risk exposure and use data-driven decision- making to implement 'defence in depth' strategies. You're an excellent collaborator, comfortable driving security awareness across the organisation, and experienced in 'shift left' approaches to security. You're proficient with IT systems such as Microsoft Entra ID, Microsoft Defender, Microsoft InTune, JAMF Pro, and AWS Security Hub, and enjoy improving security and IT systems to ensure they are effective. You have a solid understanding of data protection regulations like GDPR and can apply that knowledge in complex, real-world situations. You have applied security controls across cloud environments, IT infrastructure, and software development processes. You are confident in advising teams on security best practice and helping them to improve security posture. You have experience building and executing security strategy that aligns to business goals. You may hold relevant cybersecurity certifications such as Security+, CISSP, GICSP, CISM, or equivalent. Not essential. What we offer:
We're incredibly passionate about Tumelo's culture and ways of working. We have an amazing team who care deeply about our mission. We value team well-being and strive to build a safe, healthy environment where people can bring their whole selves to work.
Salary between £75,000 - £95,000 dependent on experience. Private health insurance - via Equipsme, including 24/7 private GP access, dental, optical, and mental health support. Generous company share scheme We are all owners of Tumelo and beneficiaries of our collective success. Work From Home budget To get you everything you need to be able to work comfortably from home. Great Maternity & Paternity policies We recognise how important parental leave is to the well-being of our team. Our maternity policy offers the first 26 weeks at 100% pay, followed by Standard Maternity Pay thereafter, and our paternity policy offers six weeks at 100% pay. 5% employer pension contribution £50 per month wellness budget Pick the benefit that works for you, whether that's a monthly gym membership, a regular massage, career coaching or a regular delivery of healthy food. There are over 1000 things to choose from! 33 days holiday These include bank holidays, but you can take bank holidays off at your discretion, some of the team prefer to work those days and save the holiday for another time, and that's fine by us! You'll also get an extra day of holiday when you've been with us for 3 years! Flexible hours We commit to being available to each other on slack/email between 10am and 3pm Monday - Friday (save for lunch), but outside of these hours you can work whenever you feel most productive. Tumfests The team commit to gathering together for a full day at least once per month in Bristol or an off-site location. Travel costs are covered by the business. Hybrid working We encourage staff to come into the office a few times a month to encourage collaboration but we're flexible and pragmatic about this.
#J-18808-Ljbffr
