Senior InfoSec Analyst FTC

Company Description

Depop is the community-powered circular fashion marketplace where anyone can buy, sell and discover desirable secondhand fashion. With a community of over 35 million users, Depop is on a mission to make fashion circular, redefining fashion consumption. Founded in 2011, the company is headquartered in London, with offices in New York and Manchester, and in 2021 became a wholly-owned subsidiary of Etsy. Find out more at www.depop.com 

Our mission is to make fashion circular and to create an inclusive environment where everyone is welcome, no matter who they are or where they’re from. Just as our platform connects people globally, we believe our workplace should reflect the diversity of the communities we serve. We thrive on the power of different perspectives and experiences, knowing they drive innovation and bring us closer to our users. We’re proud to be an equal opportunity employer, providing employment opportunities without regard to age, ethnicity, religion or belief, gender identity, sex, sexual orientation, disability, pregnancy or maternity, marriage and civil partnership, or any other protected status. We’re continuously evolving our recruitment processes to ensure fairness and are open to accommodating any needs you might have.

If, due to a disability, you need adjustments to complete the application, please let us know by sending an email with your name, the role to which you would like to apply, and the type of support you need to complete the application to adjustments@depop.com. For any other non-disability related questions, please reach out to our Talent Partners.

As part of the Information Security team, this role will be responsible for leading and supporting Depop's information security program, conducting risk assessments, developing and implementing security policies, and responding to security incidents.

FTC: May 2025 to March 2026

Responsibilities

• Support the Head of Information Security in defining and delivering upon a broad, company-wide security roadmap, including training, physical/cyber/information security, compliance, policies, etc.

• Monitor logging and alerting tooling for security issues

• Investigate security breaches and other cybersecurity incidents

• Install security measures and operate software to protect systems and information infrastructure

• Document security incidents and breaches and assess the damage they cause

• Work with the Engineering teams to respond to tests and uncover vulnerabilities

• Work with teams to fix detected vulnerabilities to maintain a high-security standard

• Develop and maintain company-wide best practices, policies and processes for Information Security

• Research security enhancements and make recommendations to management

• Stay up-to-date on information technology trends and security standards

• Ensure compliance with relevant regulations and standards, such as PCI DSS, HIPAA, and SOX

• Knowledge of risk assessment tools, technologies and methods

• Knowledge of disaster recovery, computer forensic tools, technologies and methods

• Contribute to the security incident response process and play an active role in it

• The role involves participation in an on-call rotation, during which the analyst will be responsible for monitoring and responding to security alerts and potential incidents.

Qualifications:

• Knowledge of CyberSecurity Frameworks (NIST, CIS, ISO27001)

• Experience with detection and remediation of security vulnerabilities

• Knowledge of risk assessment tools, technologies and methods

• Experience planning, researching and developing security policies, standards and procedures

• Experience in privacy and cyber governance, risk and compliance frameworks and controls

• Proven ability to identify and assess complex risks and understand the mechanisms (people, process, technology) available to manage those risks

Non-technical

• Exemplary communication skills, especially in dealing with multiple stakeholders

• Able to take a risk-based approach and effectively prioritise many competing demands

Desirable

• People management and mentoring experience; we want you to help shape and develop our Information Security Awareness

• Understand compliance, legal and ethical obligations organisations should have with respect to logical and physical security, personally identifiable information and data protection

Additional Information

Health + Mental Wellbeing

• PMI and cash plan healthcare access with Bupa

• Subsidised counselling and coaching with Self Space

• Cycle to Work scheme with options from Evans or the Green Commute Initiative

• Employee Assistance Programme (EAP) for 24/7 confidential support

• Mental Health First Aiders across the business for support and signposting

Work/Life Balance:

• 25 days annual leave with option to carry over up to 5 days

• 1 company-wide day off per quarter

• Impact hours: Up to 2 days additional paid leave per year for volunteering

• Fully paid 4 week sabbatical after completion of 5 years of consecutive service with Depop, to give you a chance to recharge or do something you love.

• Flexible Working: MyMode hybrid-working model with Flex, Office Based, and Remote options *role dependant

• All offices are dog-friendly

• Ability to work abroad for 4 weeks per year in UK tax treaty countries

Family Life:

• 18 weeks of paid parental leave for full-time regular employees

• IVF leave, shared parental leave, and paid emergency parent/carer leave

Learn + Grow:

• Budgets for conferences, learning subscriptions, and more

• Mentorship and programmes to upskill employees

Your Future:

• Life Insurance (financial compensation of 3x your salary)

• Pension matching up to 6% of qualifying earnings

Depop Extras:

• Employees enjoy free shipping on their Depop sales within the UK.

• Special milestones are celebrated with gifts and rewards!