Security Risk and Compliance Specialist

Trade Ledger are not your average company, we’re at the forefront of a revolution in our sector and we’re on the cusp of exploding onto the global software scene, but technology isn’t everything…We’re on the hunt for someone to come and help build our community!

Our Mission and Achievements

Trade Ledger is the world’s first business lending platform that transforms digital data from business supply chains in real time, allowing banks to assess and regularly update credit and default risk of businesses they lend to. We are a high growth fintech who simplify and automate complex banking services globally.

Our mission is to make commerce simple, by enabling banks and other lenders to address the underserved £1.2 Trillion corporate credit market opportunity. We do this by reimagining credit in a digital world and connecting company supply chain digital data to the financial service provider. Not got corporate banking experience? Not a problem, no one here does.

Our Culture

Diverse and open team culture is our differentiator. Bring your authentic self and we make great things together. With offices in London and Sydney we have a strong team focus. We work hard but we enjoy what we do. We actively invest in continuous professional development because we know our people are critical to our success. We are building a leading global software company and we can’t do this without also building one of the world’s best software teams

The Role

Information security is an integral part of Trade Ledger platform development, maintenance and business operation.

We are looking for a security risk and compliance specialist who has a proven track record of embedding security risk management processes and controls into operations using a pragmatic approach. As we’re a fast growing team, executing complex enterprise transactions with global banks, we need someone that thinks two steps ahead of where we are currently and ensures we are truly prepared to scale into a global technology company. We embrace people who love to travel and as part of the role we would expect there to be opportunities to visit the team in Europe, Sydney and help Open new regions. You must also be curious, able to dive deep into technical topics and collaborate effectively with people from different backgrounds and with diverse perspectives. It’s who you are as a person that matters most to us.

Your tasks

  1. Maintain and update a security defence strategy which fits for purpose including cloud infrastructure management, BCDR, Security for DevOps and automation
  2. Update and execute implementation roadmap to support the strategy and achieve desired state for compliance and security capabilities
  3. Manage security calendar and internal ISMS activities
  4. Liaise and collaborate with internal stakeholders to identify, monitor, manage and report security risks associated with technology, people, processes and changes in operating environment at the organisation level
  5. Drive the development and implementation of security incident response plan in accordance with applicable legislations and standards
  6. Define, implement and maintain security policies and controls (mandate and guidance)
  7. Maintain and update ISMS documentation package
  8. Manage self-assessment, internal and external audit programs, and maintain ISO 27001 certification
  9. Manage vulnerability assessment, penetration testing and remediation program including periodic penetration testing and technical infrastructure reviews
  10. Coordinate the preparation for customer security assessment and questionnaire
  11. Organise appropriate security training or communication to raise the security awareness of internal teams and customers when practical
  12. Give presentations and publish articles about Trade Ledger’s security capabilities at customer meetings and events
  13. Maintain asset inventory, classification and user access list
  14. Ensure timely provision and revocation of user access
  15. Maintain supplier register, perform security compliance due diligence and ongoing compliance monitoring

Your skills

  1. Professional information security certifications (e.g. CISA, PCI QSA, CISSP, ISO 27001 LA, AWS Certified Security Speciality, etc.)
  2. Demonstrated 7+ years experience in information technology or security
  3. Demonstrated experience in embedding security in an agile environment
  4. Demonstrated knowledge and experience with ISO 27001 compliance, experience with other regulatory compliance and information security frameworks is a plus (e.g. ISO 27001, PCI DSS, NIST, etc.)
  5. Demonstrated experience in implementing and monitoring security control mechanisms in an enterprise environment
  6. Demonstrated high attention to details, high quality and succinct security documentation
  7. Highly developed communication and interpersonal skills with the ability to liaise at all levels within and outside the organisation including security testers and auditors
  8. Demonstrated ability to effectively influence others to modify their opinions, behaviours and negotiate a more collaborative and risk-based plans
  9. Demonstrated experience with assessing controls for AWS environments and virtualisation/containerisation
  10. Preferrably demonstrated knowledge of attack vectors, threat tactics and attacker techniques, OWASP guidance and CIS benchmarks
  11. Preferably demonstrated experience working with monitoring and logging solutions