We're building the future of Supply Chain Security. View Roles

Information Security Manager

About the Role

Do you have a good understanding of what it takes to design and operate a robust Information Security Management System and want to put it into practise in a fun, fast-paced growing company where security has been built in from the beginning and everyone is on-board for the journey?

Are you a secret nerd (outright nerds also encouraged) who loves to debate the ins and outs of security, and best ways to thwart potential attackers?

Do you love working in a team, owning and nailing your part of the puzzle so that we all succeed in our mission?

Risk Ledger is looking for an Information Security Manager to join our growing team. This person will have full ownership of our internal information security, working closely with our CTO (and the rest of the team!) to maintain our high standard of security.

About Risk Ledger

Our mission at Risk Ledger is to improve the security maturity of the global supply chain ecosystem, reducing the number and severity of data breaches experienced through supply chain attacks by companies and consumers alike.

The Risk Ledger platform uses a unique social network model to allow organisations to collaborate on improving supply chain security. Client organisations use Risk Ledger to conduct their third party risk management programmes (no more drowning in spreadsheets) and suppliers use Risk Ledger to manage their internal controls and showcase these to customers. Over time, Risk Ledger will develop to integrate multiple data sources and provide novel ways for organisations to collaborate on their security defences. Our vision is that Risk Ledger will become the first global network of connected organisations all working together to defend-as-one, detecting, responding and ultimately preventing cyberattacks, continuously and in real-time. Building this takes a dedicated team of smart, motivated, bold people.

Risk Ledger is backed by multiple high-profile VCs, including Lifeline Ventures, firstminute capital, Seedcamp, Village Global and Episode 1. We're already working with a number of great companies across multiple verticals to achieve our vision, including the likes of ASOS, Snyk, BAE Systems and the NHS.

We are building an amazing and talented team from a diverse set of backgrounds and skill sets to help us grow and build a truly special company. With ambitious growth plans, this is the perfect opportunity to put your stamp on a fun, fast-paced, early-stage startup.

What you'll be doing

Security is at the heart of what we do, so every member of our team is passionate about making life as difficult as possible for attackers across the globe, and that extends to our own internal systems and work environment. You will be leading the way in building our own world-class defence. You will be supported by our Chief of Staff and CTO who have built the foundations, but are now looking for someone to take the reigns. As we are a cyber security company, there may also be opportunity for you to support sales and product development to ensure we helping our clients reduce their own security risks.

Responsibilities will include:

  • Developing and operating our ISMS, and all that entails: conducting threat analysis and ongoing risk assessment to design effective controls that really make a difference; working closely with the engineers to maintain the technical controls that keep our production data safe; maintaining the security settings within our Google Workspace; monitoring access provisions to ensure we are keeping by the principle of least privilege; championing our security culture - training our team to be the best form of defence. You will also be responsible for obtaining and maintaining our ISO27001 certification.
  • Ensure our security controls are clearly communicated both internally and externally through internal documentation and through our own Risk Ledger profile. Communicating with stakeholders, clients and suppliers about how we manage and maintain our security controls.
  • Supporting sales by conducting gap analyses for prospective clients and responding to security requirements within RFPs.
  • Supporting our product development by: collating and writing knowledge base articles containing best practise advice and guidance; managing default policies for clients to use ‘out the box’; and supporting the ongoing development of our own Risk Ledger Controls Framework, used in our product by thousands of organisations, including developing a relationship between the controls framework and contextual risk.
  • Maintaining the Risk Ledger managed profiles: keeping up to date with security practises of large technology companies (Microsoft, Google etc.) and inputting current information into the relevant Risk Ledger profile.

We are an ambitious bunch at Risk Ledger, always learning and pushing boundaries to change the way cyber security is managed in the supply chain. Our own internal security is pivotal to this. We won’t compromise and don’t expect you to either.

We're looking for someone who

  • Has 2 or more years of work experience in an information security role, either in consulting or in-house.
  • Has a good understanding of cyber security industry standards (e.g. ISO27001, NIST CSF, NIST SP 800-53, NCSC CAF, Cyber Essentials) and how they are used in practise.
  • Has a good understanding of cyber security and data protection regulations within the UK and globally (e.g. GDPR, NIS Directive, EBA Guidelines)
  • Has a good understanding of cyber security threat and risk; ability to think like an attacker and design controls to make a real difference.
  • Has good research and analytical skills utilising a variety of sources: online research, industry forums, threat intel feeds etc.
  • Has an enthusiastic ‘roll up your sleeves’ mentality.
  • Has a strong interest in technology and loves learning.
  • Is feedback-driven with a positive attitude and ability to listen, learn, and iterate.

Why join us?

💰 Base salary, depending on level of experience, of £50,000 to £70,000.

📈 Generous EMI stock options

📚 Support to obtain whichever professional qualification you deem most valuable (e.g. CISSP)

👌 The autonomy and flexibility you need to deliver the work as you see fit

💻 The equipment you need to get the job done, and £500 equipment budget.

🏖 24 days of holiday a year, plus all bank holidays - take a break, enjoy yourself!

✈️ Up to an additional 30 days of unpaid leave a year to use as you wish

🎉 Regular socials to unwind and have some fun

How to Apply

Email us an introduction along with your CV to jobs@riskledger.com.

We'll be in touch with next steps as quickly as we can.