ABOUT TOSCA
Tosca is a global leader in reusable packaging and pooling solutions that service the supply chain end to end. Re-use is the key word as Tosca facilitates moving away from single use packaging towards a circular model of reusable packaging with its robust portfolio of plastic containers, pallets, bins, crates and more. We focus on optimizing the flow of perishables, eliminating waste at every turn – product, packaging, labor and transportation waste. Our reusable plastic products improve the quality of product delivered, create more efficient supply chains, and are more sustainable than single-use packaging.
To strengthen our IT-department at our office in Dudley (UK), we are currently recruiting a driven Cybersecurity & Compliance Manager.
Position purpose
The Cybersecurity & Compliance Manager will lead Tosca's cybersecurity and compliance efforts, ensuring adherence to NIST CFS 2.0, ISO 27001, and other relevant standards. This critical role ensures Tosca’s cyber readiness through the development of security protocols, meticulous documentation maintenance, risk assessments, and strict compliance with regulations. Key responsibilities include monitoring and managing security infrastructure, defining and implementing security policies, managing incident response processes, and promoting cybersecurity awareness across the organization. This global position involves close collaboration with Global IT colleagues, various functions, and third-party partners to integrate security measures seamlessly. Key focus areas include cybersecurity, compliance, and enhancing the user experience while advocating for resilient security within budget constraints. Skills and qualifications required for this role include proven experience in cybersecurity and compliance management, strong understanding of NIST CFS 2.0, ISO 27001 standards, excellent risk assessment and management skills, ability to develop and maintain security protocols and documentation, and effective communication and collaboration skills.
This is a full-time role based in Dudley, UK, with travel up to 30% of the time.
Responsibilities
* Implement security protocols and manage information security programs
* Report performance, exceptions, and outages to all audiences transparently.
* Align disaster recovery with business continuity plans.
* Ensure compliance with ISO27001, NIST CFS 2.0, and maintain ISMS.
* Identify risks, develop a comprehensive security plan.
* Test cyber-attacks regularly to address vulnerabilities.
* Monitor security trends, adapt strategies.
* Oversee incident monitoring, detection, response via SOC and MSSPs.
* Manage security tools like SIEM and endpoint protection.
* Lead incident response and post-incident analysis.
* Enforce policies for data privacy (GDPR & NIST).
* Conduct regular security audits.
* Manage vendor relationships and negotiate contracts.
* Report service performance to stakeholders.
* Coordinate with other Tosca functions for effective implementation.
* Other relevant responsibilities as required.
Requirements, Experience & Education
* Bachelor's degree in Computer Science, Information Technology, Information Security, or a related field; a Master's degree is preferred.
* At least 7-10 years of experience in information security, specifically within security operations, with proven experience in a leadership or management role.
* Relevant certifications such as CISSP (Certified Information Systems Security Professional), CISM (Certified Information Security Manager), or CISA (Certified Information Systems Auditor) are highly desirable.
* Strong knowledge of security frameworks (e.g., ISO 27001, COBIT), security technologies, tools, and best practices across EU, UK, and USA
* Proficiency in risk management processes, vulnerability assessments, and incident response strategies.
* Current technical and hands-on experience with security tools and technologies, including Rapid7, Rubrik, Sentinel, and endpoint protection solutions like Microsoft Defender.
* Excellent analytical, problem-solving, and decision-making skills, with the ability to conduct post-incident analysis and implement corrective actions.
* Strong communication and interpersonal skills, capable of working effectively with diverse teams and stakeholders.
* Ability to stay current with security trends, emerging threats, and best practices in the cybersecurity landscape.
* Experience of manufacturing and/or supply chain industry is preferred.
* Able to operate in a multinational corporation with several locations.
Competencies
* You have expertise within Customer/Relationship Management.
* You have excellent communication skills. You excel in conveying ideas clearly and effectively.
* You possess specialized knowledge and skills in your field.
* You have a collaborative spirit. You thrive in teamwork and enjoy working with others.
* You can analyze situations and make informed decisions
* You think ahead and plan for long-term success.
Our Offer
You will have a permanent contract with a competitive remuneration package in line with your knowledge and experience.
We continuously invest in your personal and professional development through our training & coaching programs.
You will join a dynamic and fast growing company that is part of a strong international group. We take pride in our green service and encourage our employees to participate in our growth and help us co-define the path to success. You will work in a fun environment with a supportive team that cares about each other and encourages collaboration at all levels.
Interested?
We cultivate a tight-knit team of smart people who care about their work and their colleagues. We believe this is a really exciting opportunity for someone who is up for a fast-paced challenge and is eager to become an integral member of our team.
Send us your CV and your letter of motivation in English. We’re looking forward to meeting you!
We value diversity and equal opportunity. Applicants are welcomed on the basis of their individual merits as we do not discriminate on the grounds of age, sex, disability, ethnic or racial origin, religion or belief, or sexual orientation. With both customers and employees around the world, we are committed to ensuring our team reflects the unique communities around us.
External recruitment services/agencies will not be used for this position.