Rodeo
ResourcesPartnersSign in

Linnworks

Information Security Project Manager

Tallinn
Posted about 21 hours ago
Sign up to applySee more jobs like this

How your CV stacks up

1Upload CV
2Analyse CV
3Improve CV

Upload your CV to see how well it fits this job role

?%

Information Security Project Manager

Reports to: Director of Technical Operations

Location: UK / Estonia / US (remote-friendly within these regions)

Role purpose

The Information Security Project Manager is responsible for coordinating and driving the company’s information security activities in a pragmatic, commercially aware way. This role exists to manage security-related projects, audits, and customer security interactions so that we stay compliant and credible without blocking sensible business decisions or over-engineering controls.

Scope and context

This role sits within the technology function and partners closely with Technical Operations, Engineering, Product, Legal, and Sales. The focus is on governance, coordination, and communication, not on dictating policy in isolation or acting as the final decision-maker on security matters. Final risk and tooling decisions sit with the Director of Technical Operations and the broader leadership team; the Information Security Project Manager’s job is to provide clear input, well-reasoned recommendations, and organised execution. We are a growing SaaS business without PCI, PHI, or highly sensitive PII in scope, and we are not subject to HIPAA or classified/secret information regime – our security approach should be proportionate: strong, credible, and well-documented, but not theatrical or unnecessarily restrictive.

Key responsibilities

ISO 27001 and internal audits

  • Plan, coordinate, and execute internal audits and control reviews against ISO 27001 (and related frameworks where relevant).
  • Maintain audit schedules, evidence repositories, and action logs so that we are consistently “audit ready” rather than scrambling before assessments.
  • Work with control owners across the business to ensure that required processes are in place, understood, and operating in a pragmatic way.
  • Track findings and remediation actions, ensuring owners are clear on what needs to be done and by when, and following up to completion.
  • Support external ISO 27001 surveillance and recertification audits, including planning, evidence collation, and managing auditor queries.

Security projects and initiatives

  • Coordinate discrete security improvement projects (for example, rolling out new security tooling, tightening access controls, or updating key policies).
  • Break down security initiatives into clear tasks, owners, and timelines, and keep stakeholders informed on progress and risks.
  • Work with Technical Operations and Engineering to ensure technical changes are understood, documented, and reflected in our security posture.
  • Help prioritise security work by articulating risk, impact, and effort, while understanding the wider commercial and delivery context.

Customer security, RFPs and RFQs

  • Partner with Sales, Pre-Sales, and Customer Success to respond to customer security questionnaires, RFPs, RFQs, and due diligence requests.
  • Maintain and continuously improve a central library of standard security responses and artefacts (for example, summaries of our controls, certifications, and processes).
  • Coordinate input from Technical Operations, Engineering, and Legal where deeper technical or contractual responses are required.
  • Attend customer calls when needed to explain our security posture in clear, non-alarmist language and build confidence in our approach.

Reasons to use Rodeo

I’m in my final year doing Economics and I don’t know whether to apply for grad schemes now or do a masters first. What do you think?

Honest answer — it depends on where you want to end up. A lot of top grad schemes (Big 4, civil service, banking) don’t need a masters. Let’s look at the ones you’d be competitive for now, and we can decide if a masters actually adds anything.

Also worth knowing: most autumn 2026 applications are open now. Timing matters more than you think.

Start with a chat, not a search bar

Grad scheme, placement, apprenticeship? Not sure what you want yet — that's fine. Your agent talks it through with you and turns "I have no idea" into a shortlist.

P

Graduate Consultant — 2026 Scheme

PwC·London, UK
£35,000/yr

Why you're a good match

Strong

Your economics background and your summer at a regional bank line up with what PwC looks for on the consulting scheme. Applications close in four weeks.

See breakdown
Save jobNot relevant
View details

It searches the market for you

Every day your agent scans the market matching roles against what actually matters to you, not just keywords on a CV.

Why you're a good match

You’ve got the grades and the economics background, and your bank internship is exactly the experience this scheme looks for. Apply soon — deadlines close within the month.

See breakdown
Strong

Experience fit

Your summer at the bank plus your econometrics coursework map directly to the day-one responsibilities on this scheme — client modelling, market briefings, and deal support.

See breakdown
Strong

Only hits

No noise. No "maybe this fits." Just roles with a clear explanation of why they're right — and where to focus when applying.

Security information and communication

  • Develop and maintain a clear, concise view of our security posture that can be communicated internally and to customers (for example, how we handle data, access, monitoring, and incident response at a high level).
  • Ensure that key facts (such as use of encryption at rest and in transit, SSO capabilities, backup approaches, and incident processes) are understood and kept up to date, even if technical details are owned by others.
  • Translate technical explanations from engineers into language suitable for non-technical audiences, including customers and internal stakeholders.
  • Help ensure that security-related messages are proportionate, avoiding both complacency and unnecessary drama.

Policies, standards, and pragmatic governance

  • Maintain a focused, manageable set of security policies and procedures that reflect how we actually operate.
  • Work with policy owners to keep documents current, usable, and aligned to ISO 27001 and customer expectations, avoiding policy sprawl and unnecessary complexity.
  • Coordinate periodic reviews of key policies and standards, ensuring changes are communicated and understood.
  • Provide recommendations to the Director of Technical Operations on improvements to policies, controls, or tooling, with clear reasoning and trade-offs.

What this role is not

  • This is not a “head of security” or ultimate decision-maker role; final go/no-go and tooling decisions sit with the Director of Technical Operations and leadership.
  • This is not a role for writing endless policies or blocking change; it is about enabling sensible decisions with good information and structured follow-through.
  • This is not a hands-on security engineering or development role, though you will need enough technical understanding to ask good questions and interpret answers.
  • This is not an internal “police” function; success is based on collaboration, influence, and clarity, not on authority.

What You'll Bring To The Role

We’re looking for someone who brings most of the following:

  • 3–5 years of experience in information security, compliance, risk, or IT audit within a SaaS or technology environment.
  • Hands-on experience with ISO 27001 (or similar frameworks), including audits, evidence collection, and remediation tracking.
  • Solid project management skills — planning, tracking progress, managing stakeholders, and communicating clearly.
  • Working knowledge of core security concepts such as encryption (at rest/in transit), access control, SSO/identity providers, backup and recovery, logging, and incident response — enough to discuss confidently and know when to bring in a specialist.
  • Comfortable engaging directly with customers and auditors, answering questions calmly and credibly.
  • Strong writing skills for policies, reports, and customer communications, paired with clear verbal communication across technical and non-technical audiences.

Get help with your application

Your very own career expert that helps elevate your application to the next level.

Get help applying for this job

Personal qualities

  • Pragmatic and commercially aware: able to distinguish between theoretical risk and real-world impact.
  • Collaborative, working with teams to find workable solutions rather than simply saying “no”.
  • Organised and methodical, keeping track of multiple audits, projects, and requests without dropping details.
  • Calm and credible under pressure, especially during audits, customer escalations, or security-related incidents.
  • Comfortable asking questions, challenging assumptions, and highlighting risk while still respecting broader business priorities.

Why this role matters

Done well, this role gives the business confidence that our security posture is robust, evidenced, and well-articulated, without turning security into a blocker for growth. It ensures we meet our obligations to customers and auditors, support sales with clear and honest answers, and make security improvements in a deliberate, organised, and commercially sensible way.

Why us?

Perks & Benefits

  • Remote & flexible working – with hybrid options in London or Chichester
  • Fantastic team culture based on trust and belonging.
  • Laptop & home office budget – 500 EUR to set up your ideal workspace.
  • Private Medical Insurance with Aviva, including Dental & Optical.
  • Group Life Insurance & Yulife Wellbeing & Rewards.
  • Mental well-being support – Access therapy, mental health sessions, and yoga through a free premium subscription to Headspace.
  • EAP confidential benefit – 24/7 access to compassionate guidance & expert advice
  • 25 days holiday + bank holidays
  • Training, support, and personal development

About us

As the global leader in the eCommerce automation sector, Linnworks has one mission: Giving our clients back their time to grow and lead their brands. Companies wanting to sell their products via marketplaces like Amazon, eBay, Facebook, etc need a platform to automate and monitor retail, inventory and shipping processes and performance. We have teams across North America and Europe, and we are backed by Marlin Equity Partners, a leading growth equity firm headquartered out of California. Linnworks not only has the market-leading product for e-commerce automation but also attracts the best people in the industry. Highly skilled, passionate, and collaborative with a winning and customer-centric attitude - we pride ourselves on our people.

Life at Linnworks:

Linnworks is proud to be an Equal Opportunity Employer (EoE). We believe that diversity of experience, perspectives, and background leads to a better environment for our employees and better service for our customers. We value the training and development of our employees deeply. We are committed to continuous investment in their personal growth, providing clear paths for career progression, and equipping them with the tools and training required to become experts in their profession.

Trusted by 25,000+ job seekers

“It took my CV and asked me questions relevant to understanding what kind of jobs to suggest for me. Suggestions were almost perfect. Jobs were exactly what I’ve been looking for.”

Jessica, London

Get help applying for this job

Skills

ISO 27001
Information Security
Project Management
IT Audit
Compliance
Risk Management
Stakeholder Management
Technical Writing
Customer Security Questionnaires
Governance
Access Control
Encryption
SSO
Incident Response
SaaS Security
RFP/RFQ Response

Location

Tallinn, Estonia

Sign up to applySee more jobs like this