The Team
The Security Team sits within the technical side of the organisation and serves security and
compliance requirements across the breadth of the business.
Tumelo maintains a strong focus on culture and the well-being of staff members, which
means you'll get to work in a team that encourages collaboration and learning new skills.
The Role
We're seeking an ambitious Senior Cyber Security Engineer to help evolve the security and
compliance function at Tumelo. This is initially a team of one but will be closely supported
by internal teams.
The role provides an exciting opportunity to mature your experience across a diverse range
of cyber security and compliance domains. Tumelo's software products support stewardship
services for some of the larges investment firms in the world and we're committed to
ensuring that security and compliance are foremost concerns.
Core Responsibilities
- Manage the ISO 27001 program, including evolving the policy framework, gathering
- control evidence, managing internal stakeholders, and maintaining the ISMS for
- successful annual audits.
- Assist in IT support, including triage of support tickets, managing IT assets/endpoint
- devices, and maintaining and evolving IT systems such as Microsoft Entra ID, Microsoft
- InTune, Microsoft Defender, JAMF Pro, and AWS Security Hub.
- Accountable for customer due diligence processes, ensuring timely responses to security
- questionnaires, and building resources to streamline the process. This requires working
- in close collaboration with internal Ops and Sales teams.
- Advocate for operational changes that promote 'shift left' in security practices,
- implementing tools that make security adoption easier while ensuring controls are high-
- impact but low-friction.
- Promote security awareness at all levels and cultivate a DevSecOps culture by
- encouraging 'Secure by Design' principles and helping teams select secure technologies.
- Monitor and respond to security logs and alerts using tools like AWS Security Hub and AWS
- GuardDuty, ensuring prompt action on vulnerabilities.
- Manage the business security posture by applying risk management practices and
- continuously improving security controls.
- Design and implement a comprehensive security strategy that safeguards the business
- while supporting its growth and scalability.
Skills & Experience
We don't expect prospective candidates to tick every single box here. We are committed to
your professional growth and will support opportunities for further development, including
certifications and hands-on experience with strategic security initiatives.
- You have experience in Governance, Risk, and Compliance, and have a keen
- understanding of enterprise security.
- You have directly implemented ISO 27001, maintained an ISMS and you're confident in
- the negotiating external audits for a business.
- You're accustomed to navigating customer due diligence processes and have experience
- in providing timely, accurate and well rationalised responses to security questionnaires.
- You've ideally used this experience to streamline the process.
- You advocate for security best practices and are driven by achieving meaningful security
- outcomes that introduce minimal friction for internal teams.
- You balance security decisions based on risk exposure and use data-driven decision-
- making to implement 'defence in depth' strategies.
- You’re an excellent collaborator, comfortable driving security awareness across the
- organisation, and experienced in ‘shift left’ approaches to security.
- You’re proficient with IT systems such as Microsoft Entra ID, Microsoft Defender, Microsoft
- InTune, JAMF Pro, and AWS Security Hub, and enjoy improving security and IT systems to
- ensure they are effective.
- You have a solid understanding of data protection regulations like GDPR and can apply
- that knowledge in complex, real-world situations.
- You have applied security controls across cloud environments, IT infrastructure, and
- software development processes. You are confident in advising teams on security best
- practice and helping them to improve security posture.
- You have experience building and executing security strategy that aligns to business goals.
- You may hold relevant cybersecurity certifications such as Security+, CISSP, GICSP, CISM, or equivalent. Not essential.