At Deliveroo, it is our mission to build the definitive food company. To do that, we're building mature security capabilities that support our growth.
We are looking for an experienced Security Risk Lead with excellent stakeholder management skills to join our fast-growing Security function. You'll design and implement Deliveroo's Security Risk Framework for managing security risks, setting out appropriate governance structures and driving appropriate risk reporting. You'll manage a small team to lead the underlying activities.
You'll directly affect how Deliveroo manages its security risk across the business. As we continue to increase our security maturity, your role in driving sound risk management practices will play a major part in our story and allow us to achieve our mission.
Reporting to our Head of Security Risk Management, we are looking for you to be based one or two days per week in our River Building London office.
What you'll do:
- Manage a small team of security risk analysts
- You'll develop and manage a scalable security risk management framework, taking into account business context and relevant industry standards, regulatory requirements and stakeholder expectations
- Set out and manage a security risk acceptance process and governance structures
- Assess security risks and track exposure and remediation activities
- Produce and deliver management reporting of security risks and metrics to relevant committees and stakeholders
Requirements. You are or have:
- 7+ years experience in security risk management in a fast paced business, ideally a public technology company or in a regulated industry
- Expertise in performing security risk assessments in a cloud environment
- Previously been responsible for defining security metrics and producing security risk management reporting
- People management skills
- Comfortable having difficult risk management conversations with different stakeholders across the business in both technical/engineering and non-technical role
- Experience working with enterprise-grade integrated risk management or GRC solutions (eg OneTrust)
- Familiar with security standards such as PCI-DSS, NIST, ISO27001 and SOC2
Preferred, but not required:
- A mix of consulting and industry experience in a relevant role
- Relevant industry certifications such as CISM, CRISC, CISA or CISSP
Why Deliveroo?
Our mission is to be the definitive food company. We are transforming the way the world eats by making food more convenient and accessible. We give people the opportunity to eat what they want, as they want it.
We are a technology-driven company at the forefront of the most expanding industry in the world. We are still a small team, making a very large impact, looking to answer some of the most interesting questions out there. We move fast, value autonomy and we are always looking for new ideas.
Workplace & Diversity
At Deliveroo we know that people are the heart of the business and we prioritise their welfare. We offer different great benefits including health insurance, discounted medical and dental insurance, shared paternal leave and free Deliveroo Plus.
We believe a great workplace is one that represents the world we live in and how beautifully diverse it can be. That means we have no judgement when it comes to any one of the things that make you who you are - your gender, race, sexuality, religion or a secret aversion to coriander. All you need is a desire to be part of one of the fastest growing startups in an very exciting space.
