Security Risk Management Lead (12 month FTC)

At Deliveroo, it is our mission to build the definitive food company. To do that, we’re building mature security capabilities that support our ambitious growth.

We are looking for an experienced and outcome-driven Security Risk Lead with excellent stakeholder management skills to join our fast-growing Security function as a 12 month maternity leave cover from 1st May 2025. 

In this role you’ll be primarily responsible for improving and implementing Deliveroo’s Security Risk Framework for managing security risks, setting out appropriate governance structures and driving appropriate risk reporting. You’ll manage a small team to drive the underlying activities.

You’ll directly impact how Deliveroo manages its security risk across the business. As we continue to increase our security maturity, your role in driving sound risk management practices will play a major part in our story and enable us to deliver on our mission.

What you’ll be doing. You will:

• Manage a small team of security risk analysts
• Develop, implement and manage a scalable security risk management framework, taking into account business context and relevant industry standards, regulatory requirements and stakeholder expectations
• Manage a security risk acceptance process and relevant governance structures
• Assess security risks and track exposure and remediation activities
• Operate and maintain GRC tooling, including a register of security risks
• Produce and deliver management reporting of security risks and metrics to relevant committees and stakeholders
• Oversee the ongoing maturity of the NIST Cybersecurity Framework

Requirements. You are or have:

• Significant experience in security risk management in a fast paced business, ideally a public technology company or in a regulated industry
• Expertise in performing security risk assessments in a cloud environment
• Previously been responsible for defining security metrics and producing security risk management reporting
• Good people management skills, preferably having worked with a mixture of on site and off shore team members
• Comfortable having difficult risk management conversations with different stakeholders across the business in both technical/engineering and non-technical role
• Experience working with enterprise-grade integrated risk management or GRC solutions
• Familiar with security standards such as PCI-DSS, NIST, ISO27001 and SOC2

Preferred, but not required:

• A mix of consulting and industry experience in a relevant role
• Relevant industry certifications such as CISM, CRISC, CISA, CISSP 

Why Deliveroo?

Our mission is to be the definitive food company. We are transforming the way the world eats by making food more convenient and accessible. We give people the opportunity to eat what they want, when and where they want it.

We are a technology-driven company at the forefront of the most rapidly expanding industry in the world. We are still a small team, making a very large impact, seeking to answer some of the most interesting questions out there. We move fast, value autonomy and ownership, and we are always looking for new ideas.

Workplace & Diversity

At Deliveroo we know that people are the heart of the business and we prioritise their welfare. We offer a wide range of competitive benefits in areas including health, family, finance, community, convenience, growth and relocation.

We believe a great workplace is one that represents the world we live in and how beautifully diverse it can be. That means we have no judgement when it comes to any one of the things that make you who you are - your gender, race, sexuality, religion or a secret aversion to coriander. All you need is a passion for (most) food and a desire to be part of one of the fastest growing startups in an incredibly exciting space.

Please click here to view our candidate privacy policy.