Thought Machine's mission is bold - to properly and permanently rid the world's banks of legacy technology. To achieve this, we have developed the foundations of modern banking and built core and payments technology which runs natively in the cloud. What we are attempting is hard and means we need great people working together to build great technology.

　　We have grown rapidly in the past few years - growing our team to more than 500 individuals across offices in London, New York, Singapore and Sydney. We have raised more than $500m in funding and are now valued at $2.7bn. Our investors include Molten Ventures, Eurazeo, Intesa Sanpaolo, Temasek, Nyca Partners, JPMorgan Chase, Standard Chartered, and more.

　　We have created a culture enabling our team to produce the best work in the industry, ensuring we have fun along the way. We're regularly cited as having a fantastic workplace culture and have been recognised by Sifted magazine as having one of the highest Glassdoor ratings for a UK fintech company and the most generous employee share package in the industry. We've been named AltFi's B2B Fintech of the Year, placed in the FinTech50, and named one of Europe's fastest-growing companies by the Financial Times in 2023.

　　Thought Machine's Security Risk and Policy team focuses on building the company's security and business continuity risk assessments, collaborating on the technical design of controls and capabilities to mitigate risks to acceptable levels, managing our security and business continuity certifications, and maintaining a program of continuous improvement that puts us at the forefront of industry good practices. This focus is driven by four principles:

　　Creativity: we are a company filled with unique thinkers, who design and engineer solutions to hard problems in ways that are unique and challenge convention.Collaborative: we believe in collaboration with every team across the company to mitigate identified risks in ways that support Thought Machine's ways of working and solving hard problems.Quantification: we believe that quantification and measurement is critical to being able to provide evidence-based recommendations for risk mitigation and prioritisation to the company.Continuous Improvement: Monitoring and nurturing the evolution and operation of our ISMS and BCMS so that we remain at the forefront of industry best practices, evolve as threats evolve, and build world-class technologies.

　　Duties:

　　Control Architecture & Design: Actively participate in the technical and operational design of capabilities, tools, and procedures to mitigate security and business continuity risks to acceptable levelsCertifications Management: Lead the process of obtaining, renewing, and maintaining Thought Machine's certifications, including ISO27001, ISO22301, PCI-DSS, and SOC2. This also includes the design of capabilities, tools, and procedures that satisfy the requirements of these regimens.Security Risk Assessments: Spearhead security risk assessments with a focus on risk quantification and FAIR, ensuring that potential threats are identified, quantified, and addressed promptly.Policy, Standards, and Procedures: Oversee the creation, maintenance, and updating of all security-related policies and documentation, ensuring that they are current and reflect industry best practices.Business Continuity Oversight: Oversee the business continuity and operational resilience design and operation, guaranteeing that the company can weather unforeseen events without major disruptions.Client Relations Support: Assist the Commercial team by providing expert insights and answers to security-related queries from clients and prospects, instilling confidence in our security posture.Strategic Planning: Collaborate with the Head of Security in drafting the department's strategy and setting a security roadmap that aligns with risk assessments and business goals.Team Direction & Leadership: Directing and mentoring the Security Risk & Policy team on team initiatives and work efforts.

　　Requirements

　　Essential:

　　Technical experience with designing and applying security controls and capabilities to cloud-based infrastructure and applications in creative ways that bring efficiency to operations.Experience in working directly with software engineering teams in designing new capabilities, controls, and procedures that results in collaborative designs that are effective and highly efficientStrong technical background, with experience in distributed systems, cloud security, and related technologies, and a passion for finding creative solutions to difficult problems.Hands-on experience with obtaining and maintaining a security certification such as SOC 2, ISO 27001, PCI-DSS.Knowledge of threat modelling for the purposes of understanding threat probabilities and frequency.Excellent communication skills with an ability to translate technical and security jargon into business-relevant insights.Ability to liaise effectively with other departments and external stakeholders.

　　Desirable:

　　Experience in a fast-paced tech environment or fintech sector.Knowledge of container security, Kubernetes, Kafka, and other emergent technologies.Proficiency in leading security risk assessments, preferably with knowledge of the FAIR framework.People leadership experience with a track record of leading teams to success.

　　Benefits

　　Highly competitive salaryPension plan (match up to 7%)Life insurance - three times annual salaryCompetitive maternity (6 months fully paid) and paternity leave (4 week fully paid) Shared parental leave (matched to our maternity leave for the same point in time)25 days holiday and bank holidaysPrivate health insurance with Bupa for you and your familyHealth cash plan (including dental and optical)Flexible working hoursCycle-to-work schemeElectric car schemeSeason ticket loanAccess to outstanding learning materials and coursesSports and hobby clubs, subsidised by Thought MachineAll the latest tech you needStart the day properly with fresh fruit and cerealsHuge range of healthy (and not-so-healthy) snacks, smoothies and drinksA talented and experienced team as your colleaguesAn environment where we encourage learning and progressTwo charity days a yearWeekly food pop up

　　Thought Machine are committed to making a measurable positive impact on people's everyday lives. We are an equal opportunity employer and value diversity at our company. We actively hire for cultural growth. We welcome people of all ages, backgrounds and value people who take a journey unique to them. We provide everyone with equal access to professional development. You are encouraged to apply even if your experience doesn't precisely match the job description.