Security Risk and Policy Lead

Job Description

Thought Machines mission is bold - to properly and permanently rid the worlds banks of legacy technology. To achieve this, we have developed the foundations of modern banking and built core and payments technology which runs natively in the cloud. Whatwe are attempting is hard and means we need great people working together to build great technology. We have grown rapidly in the past few years - growing our team to more than 500 individuals across offices in London, New York, Singapore and Sydney. We have raised more than $500m in funding and are now valued at $2.7bn. Our investors include Molten Ventures,Eurazeo, Intesa Sanpaolo, Temasek, Nyca Partners, JPMorgan Chase, Standard Chartered, and more. We have created a culture enabling our team to produce the best work in the industry, ensuring we have fun along the way. Were regularly cited as having a fantastic workplace culture and have been recognised by Sifted magazine as having one of the highestGlassdoor ratings for a UK fintech company and the most generous employee share package in the industry. Weve been named AltFis B2B Fintech of the Year, placed in the FinTech50, and named one of Europes fastest-growing companies by the Financial Times in2023. Thought Machines Security Risk and Policy team focuses on building the companys security risk assessment, collaborating on the design of controls and capabilities to mitigate risks to acceptable levels, managing our security and business continuity certifications,and maintaining a program of continuous improvement that puts us at the forefront of industry good practices. This focus is driven by four principles:

• Risk Quantification: We believe that quantification and measurement are critical to providing the company with evidence-based recommendations for risk mitigation and prioritisation.
• Collaborative Development: We believe in collaboration with every team across the company to build security that mitigates identified risks in ways that support Thought Machines ways of working and solving hard problems.
• Demonstrated Commitment: Managing and maintaining security certifications showcasing our dedication to security and demonstrating our credentials.
• Continuous improvement: Monitoring and nurturing the evolution and operation of our Information Security Management System so that we remain at the forefront of industry best practices, evolve as threats evolve, and build world-class technologies.

Duties

• Lead the process of obtaining, renewing, and maintaining Thought Machines certifications, including ISO27001, ISO22301, PCI-DSS, and SOC2.
• Maintain security risk assessments focusing on risk quantification and FAIR, ensuring that potential threats are identified, quantified, and addressed promptly.
• Participate and collaborate on the design of controls, technical capabilities, and procedures to mitigate security risks to acceptable levels.
• Oversee the creation, maintenance, and updating of all security-related policies and documentation, ensuring that they are current and reflect industry best practices.
• Oversee business continuity and operational resilience design, guaranteeing that the company can weather unforeseen events without major disruptions.
• Assist the commercial team by providing expert insights and answers to security-related queries from clients and prospects, instilling confidence in our security positioning.
• Collaborate with the Head of Security in drafting the departments strategy and security roadmap that align with risk assessments and business goals.
• Directing and mentoring the Security Risk & Policy team on team initiatives and work efforts.

Requirements Essential

• Solid understanding and experience with security risk management, policy formulation, and compliance.
• Hands-on experience with obtaining and maintaining security certifications.
• Proficiency in leading security risk assessments, preferably with knowledge of the FAIR framework.
• Technical experience with designing and applying security controls and capabilities to cloud-based infrastructure and applications.
• Excellent communication skills with an ability to translate technical jargon into business-relevant insights.
• Strong technical background, with experience in distributed systems, cloud security, and related technologies.

Desirable

• Experience in a fast-paced tech environment or fintech sector.
• Knowledge of container security, Kubernetes, Kafka, and other emergent technologies.
• Ability to liaise effectively with other departments and external stakeholders.
• People leadership experience with a track record of leading teams to success.

Benefits

• Highly competitive salary
• Pension plan (match up to 7%)
• Life insurance - three times annual salary
• Competitive maternity (6 months fully paid) and paternity leave (4 week fully paid)
• Shared parental leave (matched to our maternity leave for the same point in time)
• 25 days holiday and bank holidays
• Private health insurance with Bupa for you and your family
• Health cash plan (including dental and optical)
• Flexible working hours
• Cycle-to-work scheme
• Electric car scheme
• Season ticket loan
• Access to outstanding learning materials and courses
• Sports and hobby clubs, subsidised by Thought Machine
• All the latest tech you need
• Start the day properly with fresh fruit and cereals
• Huge range of healthy (and not-so-healthy) snacks, smoothies and drinks
• A talented and experienced team as your colleagues
• An environment where we encourage learning and progress
• Two charity days a year
• Weekly food pop up

Thought Machine are committed to making a measurable positive impact on peoples everyday lives. We are an equal opportunity employer and value diversity at our company. We actively hire for cultural growth. We welcome people of all ages, backgrounds and valuepeople who take a journey unique to them. We provide everyone with equal access to professional development. You are encouraged to apply even if your experience doesnt precisely match the job description.