We are looking for a Senior Cyber Security Specialist. In this role, you won't just be 'maintaining the system' – you will be the architect of our ISO 27001 framework and the person who sets the direction. We need someone who understands that security is more than just technology; it’s about finding the right balance between protection and keeping the business moving. You will have the authority to make real decisions, from selecting tools to assessing key suppliers. If you have the courage to say 'no' when it matters, but the insight to offer a 'how we can' solution, you’ll fit right in. This is a role for someone who wants to lead, influence the entire organization, and build a security culture from the ground up.

Who are we?

At Verne, we're building an ecosystem to progress our society through a journey of curiosity and innovation. Named in honor of Jules Verne "the man who invented the future,". We are the first European solution for autonomous journeys. We adopt an integrated approach, including vehicle design, infrastructure development, and the full digital experience.

As a growing startup, we thrive on curiosity, innovation, and bold ideas. If you’re ready to make your mark in a fast-paced, dynamic environment, this could be the role for you.

What will you do?

Regular tasks

·      Risk Assessment: Conduct regular risk assessments for internal processes, IT systems, and new business initiatives.

·      Business Request Validation & Approval: Evaluate and approve business and project requests from a security perspective, ensuring that new initiatives align with our risk appetite and security standards.

·      Endpoint Protection (EDR): Manage and oversee our EDR solution (CrowdStrike Falcon), ensuring optimal configuration, monitoring, and response capabilities.

·      Azure Security Management: Monitor and strengthen our cloud security posture within Azure, managing security groups, identity, and cloud-specific threats.

·      Threat Intelligence & Monitoring: Analyze the cyber threat landscape to proactively protect the organization from emerging risks.

·      Vulnerability & Penetration Testing: Orchestrate regular scans and penetration tests, prioritizing findings and managing remediation plans.

·      Internal Audits & Compliance: Conduct regular internal audits to ensure ongoing alignment with ISO 27001 controls.

·      Supplier & Third-Party Risk: Perform security assessments of suppliers to ensure third-party risks are managed throughout the contract lifecycle.

·      Incident Response Leadership: Lead incident response planning and act as the senior escalation point for security investigations.

Responsibilities

·      ISMS Management: Lead the maintenance and continuous improvement of the ISO 27001 Information Security Management System.

·      Security Governance: Define and enforce security policies, ensuring alignment with both regulatory requirements and business objectives.

·      Strategic Decision-Making: Exercise authority over the selection, implementation, and management of security tools and services.

·      Risk Management Leadership: Oversee the entire security risk management lifecycle, ensuring risks are identified, assessed, and treated in line with business appetite.

·      Stakeholder Influence: Act as the primary advisor on security topics, providing expert opinions to leadership and business units.

·      External Expert Management: Lead and coordinate the work of external consultants, auditors, and subject matter experts.

What do you need to succeed?

·  Risk Management Experience: Practical experience in identifying, evaluating, and mitigating information security risks.

·      Technical Proficiency: Hands-on experience with CrowdStrike Falcon (or similar EDR platforms) and Azure Security services.

·      ISO 27001 Knowledge: Solid understanding of the ISO 27001 standard and how to apply its controls in a practical business environment.

·      Strategic Mindset: Ability to align security initiatives with business goals and think long-term about organizational resilience.

·      Communication Excellence: Exceptional verbal and written English, with a focus on translating technical risks into business impact.

·      Decision-Making Courage: The confidence to stand your ground with logical arguments, combined with the pragmatism to find "how-to" solutions.

·      Bachelor’s degree in Computer Science or a related field.

·      Experience: Minimum of 5+ years in Cyber Security, with a track record of success in dynamic and complex environments.

·      Certifications (Optional): Possession of certifications such as CISM, CISSP, or ISO 27001 Lead Implementer/Auditor is considered a strong advantage but is not a mandatory requirement.

What’s in it for you?

Joining Verne means becoming part of a team shaping the future of autonomous mobility. Here’s what we offer:

• The chance to collaborate with experts from 20+ industries.

• Ownership of your projects, with the freedom to innovate and take initiative.

• A culture of transparency, feedback, and open communication.

• Comprehensive financial and wellbeing support designed to meet diverse needs.

• The excitement of working in a fast-growing startup where your ideas truly matter.

How can you apply?

If this role and our mission resonate with you, hit the Apply button! We typically review applications within 3-4 business days, but since we want to give each one the attention it deserves, please allow a little extra time if needed. Once we've had a chance to fully evaluate your submission, we’ll reach out with details about the next steps.

If shortlisted, here’s what to expect:

1. An initial HR interview focused on culture fit.

2. A technical interview with the Hiring Manager.

3. A final interview with C-level.

Not sure if this role is the right fit?

We’re always looking for creators who challenge the status quo and aren’t afraid to take the lead. If that’s you, explore our story - we might have other opportunities that spark your interest.

Verne (Project 3 Mobility) is a company comprised of people with different qualities and backgrounds, because we believe our differences make us stronger. That is why we evaluate qualified applicants fairly and equally, without regard to race, colour, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status, age, familial status, and other legally protected characteristics. All applications will be considered in accordance with the regulations of personal data protection.