At Deliveroo, it is our mission to build the definitive food company. In order to do that, we’re building a company that is secure and protects the data and money of our customers, employees and investors.   

We are looking for an experienced, outcome-driven and hands-on Senior Security Compliance Specialist with excellent stakeholder management skills to join our fast-growing Security function. In this role you’ll be primarily responsible for designing, embedding and monitoring compliance with Deliveroo’s information security policy suite, driving compliance with industry standards and supporting internal and external audits.

This role presents a fantastic opportunity to have a meaningful impact on a business growing at a breakneck pace. You’ll work directly with stakeholders across Deliveroo to drive higher security maturity and play a major part in our growth journey.

What you’ll be doing. You will:

  • Develop, update and embed information security policies, standards and guidance in collaboration with business stakeholders
  • Drive and maintain compliance with industry standards such as PCI-DSS, ISO27001 and SOC2
  • Coordinate information security responses and liaise with internal and external audit, and other key stakeholders 
  • Create and manage a security policy exception process and relevant governance structures
  • Assess compliance against policies, track risk exposure and remediation activities, and lead the implementation of a continuous compliance approach 
  • Produce and deliver management reporting on policy compliance and metrics to relevant committees and stakeholders
  • Organise relevant security policy awareness and training

Requirements. You are or have:

  • Experience in security compliance or audit in a fast paced business, ideally a public technology company or in a regulated industry
  • Previously defined information policies, processes and procedures
  • Performed policy compliance assessments in a cloud environment
  • Experience achieving and maintaining compliance with security standards such as PCI-DSS, NIST, ISO27001 and SOC2
  • Previously been responsible for defining security metrics and producing reporting
  • Comfortable engaging collaboratively with different stakeholders across the business in both technical/engineering and non-technical role, and building strong relationships

Preferred, but not required:

  • A mix of consulting and industry experience in a relevant role
  • Relevant industry certifications such as CISM, CRISC, CISA, CISSP 

Why Deliveroo?

Our mission is to be the definitive food company. We are transforming the way the world eats by making food more convenient and accessible. We give people the opportunity to eat what they want, when and where they want it.

We are a technology-driven company at the forefront of the most rapidly expanding industry in the world. We are still a small team, making a very large impact, seeking to answer some of the most interesting questions out there. We move fast, value autonomy and ownership, and we are always looking for new ideas.

Workplace & Diversity

At Deliveroo we know that people are the heart of the business and we prioritise their welfare. We offer a wide range of competitive benefits in areas including health, family, finance, community, convenience, growth and relocation.

We believe a great workplace is one that represents the world we live in and how beautifully diverse it can be. That means we have no judgement when it comes to any one of the things that make you who you are - your gender, race, sexuality, religion or a secret aversion to coriander. All you need is a passion for (most) food and a desire to be part of one of the fastest growing startups in an incredibly exciting space.

Apply for this Job

* Required


Voluntary Demographic Survey (UK)

These questions are voluntary, and help us understand more about our candidates. One of our core values at Deliveroo is We celebrate difference, and we are always working to make sure our hiring processes are equitable and inclusive. By answering the questions below, you'll help us do that.

Your responses are confidential, cannot be tied to your application, and has no bearing on your candidacy. We only use aggregated demographic data to measure the performance of recruiting efforts.

How would you describe your gender identity? (Select one)

What is your sexual orientation? (Select one)

Would you say you have a disability? (Select one)

How would your describe your ethnicity? (Select one)