Security Risk Management Lead
At Deliveroo, it is our mission to build the definitive food company. In order to do that, we’re building a company that is secure and protects the data and money of our customers, employees and investors.
We are looking for an experienced and outcome-driven Security Risk Management Lead with excellent stakeholder management skills to join our fast-growing Security function. In this role you’ll be primarily responsible for designing and embedding Deliveroo’s framework for managing security risks, developing security policy suite and setting out appropriate governance structures.You’ll build and manage a small team to drive the underlying activities.
This role presents a superb opportunity to have an outside impact on the trajectory of a business that is growing at a breakneck pace. You’ll directly impact how Deliveroo manages its security risk across the business. As we continue to increase our security maturity, your role in driving sound risk management practices will play a major part in our story.
What you’ll be doing. You will:
- Build and manage a small team of security risk analysts
- Design, embed and manage a scalable security risk management framework, taking into account business context and relevant industry standards, regulatory requirements and stakeholder expectations
- Develop and update security policies, standards and guidance in collaboration with business stakeholders
- Create and manage a security risk acceptance process and relevant governance structures
- Assess security risks and track exposure and remediation activities
- Produce and deliver management reporting of security risks and metrics to relevant committees and stakeholders
- Drive and maintain compliance with industry standards such as PCI-DSS, ISO27001 and SOC2
- Organise relevant security awareness training
Requirements. You are or have:
- Significant experience in security risk management in a fast paced business, ideally a public technology company or in a regulated industry
- Previously defined policies, processes and procedures for managing security risk
- Expertise in performing security risk assessments in a cloud environment
- Previously been responsible for defining security metrics and producing security risk management reporting
- Good people management skills
- Comfortable having difficult risk management conversations with different stakeholders across the business in both technical/engineering and non-technical role
- Experience working with enterprise-grade integrated risk management or GRC solutions (eg OneTrust)
- Familiar with security standards such as PCI-DSS, NIST, ISO27001 and SOC2
Preferred, but not required:
- A mix of consulting and industry experience in a relevant role
- Relevant industry certifications such as CISM, CRISC, CISA, CISSP
Our mission is to be the definitive food company. We are transforming the way the world eats by making food more convenient and accessible. We give people the opportunity to eat what they want, when and where they want it.
We are a technology-driven company at the forefront of the most rapidly expanding industry in the world. We are still a small team, making a very large impact, seeking to answer some of the most interesting questions out there. We move fast, value autonomy and ownership, and we are always looking for new ideas.
Workplace & Diversity
At Deliveroo we know that people are the heart of the business and we prioritise their welfare. We offer a wide range of competitive benefits in areas including health, family, finance, community, convenience, growth and relocation.
We believe a great workplace is one that represents the world we live in and how beautifully diverse it can be. That means we have no judgement when it comes to any one of the things that make you who you are - your gender, race, sexuality, religion or a secret aversion to coriander. All you need is a passion for (most) food and a desire to be part of one of the fastest growing startups in an incredibly exciting space.