Security Risk Specialist (L4)
At Deliveroo, it is our mission to build the definitive food company. In order to do that, we’re building a company that is secure and protects the data and money of our customers, employees and investors.
We are looking for a pragmatic and motivated Security Risk Specialist with a solid understanding of security risk management and desire for growth to join our Security function. In this role you’ll be primarily responsible for supporting the design and implementation of Deliveroo’s framework for managing security risks.
Reporting to the Security Risk Management Lead, this hands-on role will be working on a wide variety of security risk management projects and activities in support of the risk management strategy. You’ll directly influence how Deliveroo manages its security risk and engage with a variety of stakeholders across the business to drive higher maturity.
What you’ll be doing. You will:
- Support the design and implementation of a scalable security risk management framework, which takes into account business context and relevant industry standards, regulatory requirements and stakeholder expectations
- Work to deliver the security risk management roadmap and underlying projects and activities
- Assess security risks and track exposure and remediation activities
- Collaborate with diverse teams across the business to implement risk management processes and provide advice on risks and controls
- Facilitate the security risk acceptance process and relevant governance structures
- Contribute to management reporting of security risks and metrics to relevant committees and stakeholders
- Support security awareness training
Requirements. You are or have:
- Experience in security risk management in a fast paced business, ideally a public technology company or in a regulated industry
- Supported and contributed to processes and procedures for managing security risk
- Expertise in performing security risk assessments in a cloud environment
- Understanding of the technologies and processes used by modern agile businesses
- Familiar with security metrics and security risk management reporting
- Comfortable having discussing security risks with different stakeholders across the business in both technical/engineering and non-technical role
- Familiar with security standards such as PCI-DSS, NIST, ISO27001 and SOC2
Preferred, but not required:
- A mix of consulting and industry experience in a relevant role
- Experience working with enterprise-grade integrated risk management or GRC solutions (eg OneTrust)
- Relevant industry certifications such as CISM, CRISC, CISA, CISSP
Our mission is to be the definitive food company. We are transforming the way the world eats by making food more convenient and accessible. We give people the opportunity to eat what they want, when and where they want it.
We are a technology-driven company at the forefront of the most rapidly expanding industry in the world. We are still a small team, making a very large impact, seeking to answer some of the most interesting questions out there. We move fast, value autonomy and ownership, and we are always looking for new ideas.
Workplace & Diversity
At Deliveroo we know that people are the heart of the business and we prioritise their welfare. We offer a wide range of competitive benefits in areas including health, family, finance, community, convenience, growth and relocation.
We believe a great workplace is one that represents the world we live in and how beautifully diverse it can be. That means we have no judgement when it comes to any one of the things that make you who you are - your gender, race, sexuality, religion or a secret aversion to coriander. All you need is a passion for (most) food and a desire to be part of one of the fastest growing startups in an incredibly exciting space.