Job Description

HICX is a leading worldwide provider of enterprise SaaS solutions for digital supplier management. Learn more about HICX HICX helps Global 5000 companies to organize and manage their supplier data.

The HICX Supplier Management platform enables businesses with thousands of suppliers to efficiently on-board and manage the end-to-end lifecycle of all suppliers, and to find, re-use and maintain supplier data and information across any spreadsheet, app or system. High quality supplier data is essential to digital transformation and the key to becoming customer of choice for all suppliers. Some of the world’s largest companies, in a wide range of industries, trust HICX for the management of their supplier data; these include Unilever, Lenovo, Mars, Mondelez, Baker Hughes and EDF Energy.
 

We are hiring for a Information Security Manager to manage our internal IT function reporting to the CFO, or such other person as the Company may appoint from time to time.

Requirements

Security Strategy & Compliance

• Set up and drive the overall information security strategy.
• Own the ISMS standards and their adoption, ensuring compliance with company and external requirements including SOC 2 and ISO 27001.
• Organise and manage ISMS-related scheduled activities and drive continuous improvement of the ISMS.
• Contribute to security architecture and design decisions.
• Oversee security tooling such as EDR, SIEM, MFA, password managers, device management, and access review processes.

Incident & Escalation Management

• Act as the primary escalation point, during and outside business hours, for all major security-related incidents and events (as set out in the Out-of-Hours Major Security Incident process).
• Coordinate and manage corrective actions and responses to security incidents.

Governance, Risk & Audit

• Own security documentation, including policies, standards, exceptions, risk registers, and control evidence.
• Oversee the internal risk-assessment and audit programme, supporting internal and external audits, remediating findings, and tracking control improvements to closure.
• Support vendor and supplier risk management, including due diligence, sub-processor oversight, and security assessments.
• Own the access control process, validate and audit access across divisions and functions.
• Provide management reporting on risk posture, incidents, audit status, metrics, service trends, and improvement plans.
• Work with engineering, DevOps, HR, and customer facing teams to embed controls into everyday processes.
• Drive ongoing security governance improvements.

Data Privacy

• Address data privacy and data protection concerns, and manage responses to customer data privacy requests.
• Act as Data Protection Officer (DPO) for the organisation if and as required.

Policy, Awareness & Customer Assurance

• Help enforce security policies, building adoption, embedding them in the company culture, and introducing regular checks on departmental compliance.
• Own and deliver security awareness training and campaigns to strengthen the security culture.
• Complete security-related sections of RFPs and customer questionnaires, build and maintain a security knowledge base, and provide assurance of the integrity, confidentiality, and availability of information owned, controlled, and processed by the organisation.
• Attend meetings with customers and prospects to provide insights into how HICX implements security across the organization

Internal IT & Operations

• Manage a small team of IT support admins providing internal IT support to HICX employees and contractors.
• Act as the escalation point for complex IT issues, incidents, and problems requiring cross-team coordination.
• Ensure IT support activities align with security controls, access management, and acceptable use requirements.
• Oversee onboarding, offboarding, account lifecycle management, and device provisioning/deprovisioning.
• Own and maintain standard operating procedures and the operations platform.
• Help balance usability, cost, and security when selecting or renewing SaaS and IT tools.
• Carry out other reasonable duties as required by the Company.

Desired Skills and Experience: 

• Excellent track record of leading security audits; ISO 27001, SOC 2, Cyber Essentials Plus
• Proven experience in a senior information security leadership role (Head of Security, Information Security Manager, or similar), ideally within a SaaS or technology business.
• Demonstrable experience building, operating, and maturing an ISMS, including achieving and maintaining SOC 2 and ISO 27001 certification.
• Strong, hands-on knowledge of security tooling and controls; EDR, SIEM, MFA, identity and access management, device/endpoint management, and vulnerability management.
• Solid understanding of cloud security (AWS, Azure, and Microsoft 365 admin suite)
• Experience leading end-to-end security incident response, including out-of-hours management of major incidents.
• Knowledge of UK GDPR/GDPR and global data protection laws, with experience acting as, or working closely with, a Data Protection Officer.
• Experience of third-party, vendor, and supplier risk management, including due diligence and sub-processor oversight.
• Experience completing customer security questionnaires and RFPs, maintaining a security knowledge base, and presenting security posture to customers and prospects.
• Excellent communication skills, with the ability to translate technical risk into clear business language for technical and non-technical audiences, including executives and customers.
• Strong leadership and people-management skills, with a track record of developing and motivating a small team.
• Pragmatic, risk-based mindset that balances security with business enablement, usability, and cost.
• Highly organised, self-motivated, and comfortable working autonomously within a fully remote, international team.
• Collaborative and influential, able to embed a strong security culture across the whole organisation.
• Relevant professional certification is desirable (e.g. CISSP, CISM, CISA, or ISO 27001 Lead Implementer/Auditor).
• Experience managing internal IT operations and a small IT support team, onboarding/offboarding, account lifecycle, device provisioning, and SaaS administration is desirable

Benefits

ROW (Rest of the world):

• You must be Based in Bucharest, Romania for this role however can work remotely from this location.
• Flexible PTO - We offer 25 days of paid holiday per year + 3 Public Holidays.
• We celebrate special occasions with you - like your birthday! Additional PTO for all employees during their birthdays.
• Receive Competitive Pay - Our team makes sure to provide a highly competitive rate based on your skills and location.
• Work with a diverse, international team.

Apply for this job

HICX collects and processes personal data in accordance with applicable data protection laws. If you are a European Job Applicant see the privacy notice for further details.

HICX does not discriminate on the basis of race, sex, color, religion, age, national origin, marital status, disability, veteran status, genetic information, sexual orientation, gender identity or any other reason prohibited by law in provision of employment opportunities and benefits.