Job Title:
Information Security Principal
About the Role:
We are seeking a highly skilled Information Security Principal to join our Technology Governance department. As a key member of our team, you will be responsible for implementing and maintaining our organisation's ISMS in line with ISO27001, NIST, CIS, and global security/privacy strategy.
You will work closely with our Global Head of Security and Privacy to identify and address risks, assess and guide security controls across AWS, MS Azure, and GCP, ensuring security by design. Your responsibilities will also include coordinating local incident response and supporting global investigations under the follow-the-sun model.
Maintaining and testing incident response plans, leading post-incident reviews and remediation, ensuring compliance with security/privacy requirements, regulations, and standards, while supporting audits and third-party risk assessments. Promoting a positive security culture and delivering role-specific awareness training.
You will act as a trusted advisor to senior stakeholders and integrate security into business processes. Monitoring emerging threats, vulnerabilities, and trends, and adjusting security posture proactively. Recommending and implementing continuous improvements to tools, processes, and technologies, while contributing to global initiatives.
This is an exciting opportunity to work with a global leader in education technology, driving innovation and excellence in security practices. If you have experience in managing projects and information security programmes, strong knowledge of ISMS frameworks (ISO27001, NIST CSF) and regulatory requirements (UK GDPR, Australian Privacy Principles), hands-on expertise with cloud platforms and cloud security posture management, proficiency with security tooling (SAST, DAST, DevSecOps, Secrets Management, Dependency Tracking), experience in vulnerability management, penetration testing, and incident response, background in disaster recovery and business continuity planning, ability to communicate security, risk, and compliance effectively to senior and non-technical stakeholders, skilled in developing security policies, procedures, standards, and awareness training, in-depth knowledge of risk management, compliance, and cloud security practices, and able to work within a global team, we want to hear from you!