Information Security Officer

Information Security Officer

• Full time; reporting to SVP Information Security
• Remote/Hybrid UK based (HQ in Central London with Global Responsibilities and expected to visit the office for team meetings and in-person meetings when required)
• UK Right to work required (No visa sponsorship provided) 
• £52k - up to £62k + annual bonus
• Company Benefits

Description

For far too long, pensions have been difficult to understand and manage. Founded in 2014, we aspire to make as many people as possible pension confident so that everyone can enjoy a happy retirement.

PensionBee is creating a global leader in the consumer retirement market with over £5.5 billion in assets on behalf of more than 260,000 customers. We help our customers to combine their retirement savings into a new online account, which they can manage from the palm of their hand.

PensionBee accounts are invested by the world’s largest investment managers, collectively looking after more than $10 trillion in savings between them. Each PensionBee customer has a personal account manager (“BeeKeeper”) to guide them through their savings and retirement journey. PensionBee has an “Excellent” Trustpilot rating based on over 10,000 reviews.

As a public company, we aspire to the highest standards in everything we do because our customers deserve peace of mind. Our team of over 200 pension professionals, based in London and New York, has one focus: our customer.

PensionBee is named in FT1000 Europe’s ‘Fastest Growing Companies in 2023 and 2024’ and is listed on the London Stock Exchange (LON: PBEE).

PensionBee is growing at scale and we are seeking a highly skilled Information Security Officer to support our global Information Security and data compliance initiatives. This role will be integral to our Information Security and IT Operations Team, ensuring adherence to cybersecurity frameworks, data protection regulations in both the UK & US, and best practices across multiple jurisdictions.

About the role

We are looking for an Information Security Officer who not only understands security frameworks, standards and best practices but can also simplify and unify complex IT, Information Security, and Data Privacy processes to enhance adoption across the business. The ideal candidate will work closely with various teams to implement security measures that are both effective and easy to integrate, ensuring that security and compliance are embedded into daily operations without unnecessary complexity.

This role requires someone with exposure to ISO 27001, NIST, GDPR, UK Data Protection Act, US cybersecurity regulations, and data privacy and governance frameworks, particularly in a Cloud SaaS environment. You will be responsible for streamlining security processes, helping teams onboard new systems securely, and automating workflows where possible to improve efficiency.

This is a UK-based role, but as we operate globally, flexibility to collaborate across different time zones may be required.

Hiring Process 

1. Include a Cover Letter with your CV describing:
   1. What motivates you to apply for this role at PensionBee, and what draws you to the company specifically? 

Please note - applications without a Cover Letter will not be shortlisted to the next stage.

1. Shortlisted candidates will be selected for a structured 1hr interview
2. Final stage interview will consist of a series of questions and the candidate will be given a task to complete in advance of the interview which they will be expected to present to the interview panel

Additional information about the structured interview;

• behavioural/competency interviews
• questions are pre-determined to keep things consistent

Requirements

Key responsibilities

Information & Cybersecurity Frameworks

• Act as a trusted advisor for information security across the business.
• Ensure ongoing compliance with ISO 27001, Cyber Essentials Plus, and other relevant certifications through monitoring and reporting.
• Continuously assess and enhance security controls in response to evolving risks and business operations.
• Work cross-functionally to embed security best practices, promoting a "Shift-Left" and 
• "Secure-By-Design" mindset.
• Conduct risk assessments and vulnerability analyses to proactively identify and address potential threats.

Data Protection, Privacy & Governance Compliance

• Develop and enforce policies and processes to ensure compliance with UK GDPR, US data protection laws, and global privacy standards.
• Monitor regulatory changes and adapt internal processes accordingly.
• Conduct Data Privacy Impact Assessments (DPIAs) and compliance audits.
• Support the VP of Data, Platforms & AI; in developing data governance policies and standards, including data catalog management.
• Provide security and compliance guidance for data governance initiatives.

Process Simplification, Automation & Continuous Improvement

• Work with business teams to simplify and automate security and data privacy processes to improve usability and compliance. An example of some of the process improvements you will be involved in are: Access Control Review & Recertification, Ongoing Vulnerability scanning embedded into Secure Software Development Lifecycle (SSDLC), Streamline GDPR processes in relation to Subject Access Requests and deletion etc. The vision is to implement or onboard new capability to automate these processes.
• Assist with the secure onboarding of new systems and capabilities while ensuring compliance with security frameworks.
• Participate in internal and external audits to assess security and compliance effectiveness.
• Collaborate with stakeholders to address audit findings and implement corrective actions.

Training & Awareness

• Work with the Junior Information Security Analyst to help develop and deliver engaging security awareness training to enhance employee understanding of data protection and cybersecurity best practices.
• Stay informed about emerging threats and evolving security technologies to continuously refine security policies and training.

Candidate Experience & Skills

• 5+ years of experience in Information Security, Cybersecurity, or Data Privacy, with a solid foundation in IT Operations & Infrastructure.
• Previous exposure to Frameworks and Standards such as ISO 27001, NIST, GDPR, UK Data Protection Act, US cybersecurity regulations, and data governance frameworks.
• Experience working in an Agile development environment.
• Proven ability to simplify and automate complex security and compliance processes for broader adoption across the business.
• Hands-on experience working in Cloud SaaS environments, implementing cloud security best practices.
• Exposure to IT risk management and security control implementation.
• Knowledge of network security, cloud security, and security operations.
• Experience with Data Loss Prevention (DLP) controls to protect sensitive information.
• Strong analytical, problem-solving, and communication skills, with the ability to explain security concepts to both technical and non-technical audiences.
• Experience working in a global security environment, with the ability to collaborate across multiple time zones.
• Clear written and spoken English.
• Experience in a regulated environment is a plus but not essential.

Benefits

We welcome all candidates and are proud to have been awarded Employer of the Year at the Financial Adviser Diversity in Finance Awards 2022 and Trailblazing Company of the Year 2024. 

We know the need to meet every criteria can sometimes get in the way of meeting brilliant candidates. We believe the right drive is often more important than degrees, so if you have an interest in the role, relevant past experience and are passionate about what we do, get in touch as we'd love to hear from you. 

Additionally, it’s not just about paying lip service but monthly celebrations of our differences and opportunities to learn more about our colleagues and friends; from our discussion on men’s mental health to our Pride Picnic. At PensionBee we're committed to provide equal rights, opportunities and treatment for all. We believe all companies have a duty to provide a supportive working environment for their employees and should be transparent. Here you can find ourGender Equality policyandDiversity and Inclusion policywhich provide more information on our approach, including our commitments to flexible working requests and reasonable adjustments from day one. 

We want everyone to be able to access the same opportunity, and some people might need extra support to have this access. If there’s an adjustment we can make that would help you perform to the best of your ability during the application process, like using a computer during a task instead of writing by hand, or booking in time for a longer interview, please reach out to our Training & Culture Manager and we kindly ask you to only contact Emma related to reasonable adjustments enquiries. You can contact Emma on . 

Benefits

• end of year bonus and generous equity schemes;

●      remote working enabled environment and culture;

●      25 days annual leave, 5 extra days for people with caring responsibilities and additional leave days for people living with a disability;

●      generous and transparent gender inclusiveParental Leave policy; 

●      pension scheme with 5% matching employer contribution;

●      UK Healthcare Cash Plan, Thrive, SmartHealth Virtual GP, Income Protection Insurance and Enjoy Benefits;

●      regular company-wide sessions: CEO Session, Show & Tell and varied D&I agenda; giving you an opportunity to share your ideas and learn about other areas of the business;

●      a  Happiness! meeting: Every 6 weeks you will have the chance to speak with your manager about your well-being; and 

●      a warm and motivated team working to make a real difference for our customers.