Risk Ledger is developing a network of connected organisations, all working together to defend against cybersecurity attacks in the supply chain.

Organisations rely on us to establish trust, through sharing their security maturity and visualising the risks posed by their supply chain ecosystem. Risk Ledger is built on the respect we have for one another and our users, united by our shared values and mission.At Risk Ledger, we aim high to find the best solutions we can and always put our users first.The Head of Information Security has a bucket load of responsibility to protect the business, inform key risk-based decisions, and operate confidently and expertly with the clear understanding that their actions underpin every operational function and, ultimately, the organisations commercial success.Security is at the heart of what we do, so every member of our team is passionate about making life as difficult as possible for attackers across the globe, and that extends to our own internal systems and work environment. You will be leading the way, evolving and maintaining our own world-class defences as we scale.And if something doesnt go to plan, this role will be accountable alongside the executive team to contain, control and disrupt any threatand restore normal operations.Championing our security culturetraining our team to be the best form of defence.Conducting threat analyses and ongoing risk assessments to anticipate and design effective controls that really make a difference.Work collaboratively with the Product and Engineering teams to maintain the technical controls that keep our service and production data safe.Maintain the security configurations applied to our devices and SaaS services: protect colleagues with minimal friction to enable them to get their job done; Ensure our security controls are clearly communicated both internally and externally through: internal documentation, and through our own Risk Ledger profile; external communication with stakeholders, clients and suppliers about how we manage and maintain our security controls.Supporting our product development by: collaborating with the Product and Engineering teams to support their development of service features and the Framework used by thousands of organisations, including developing a relationship between the controls framework and contemporary contextual cybersecurity risks.You will also be responsible for maintaining our ISO 27001 and Cyber Essentials certificationsand other security-related compliance accreditations as may be required.We are a scaling business, staying lean wherever possible, which means currently, responsibility for the provision and management of the technology needed for the business to function effectively sits with the Head of Information Security, with support from a handful of individuals across the business.On day one, you will have Risk Ledgers current Security Engineer reporting into you, but you will have autonomy to define the needs and evolution of the function however you see fit, in line with business need.We are an ambitious bunch at Risk Ledger, always learning and pushing boundaries to change the way cyber security is managed in the supply chain. Our own internal security is pivotal to this. Has 5 or more years experience as a qualified Head (or Deputy Head) of Information Security role, seasoned with scale-up organisation challenges. {Has solid experience of assuring compliance with cyber security and data protection regulations within the UK and globally (e.g. Has a comprehensive understanding of what it takes to comply with cyber security industry standards and frameworks in practise (e.g. Has a thorough understanding of cyber security threat and risk with the ability to think like an attacker and design controls that make a real difference.Has good research and analytical skills utilising a variety of sources: online research, industry forums, threat intel feeds etc. Generous EMI equity package-3% employer match on pension-25 days annual leave + bank holidays- Additional 30 days of unpaid leave per year to use as you wish- Ad-hoc companywide time off - last year we gave everyone ''rest leave'' in August and over the festive period- Private healthcare with AXA Insurance - including enhanced mental wellbeing coverage- Hybrid working policy, typically 2-3 days in the office- Enhanced family (parental) leave - gender-neutral policy, 12 weeks paid leave-Enhanced occupational sick pay- indicates a required fieldPhone *Will you require visa sponsorship for this role? * Are you happy to come into the office in Old Street, London?*We''re hybrid and can be flexible with days in the office - start and finish times too. By checking this box, I agree to allow Risk Ledger to retain my data for future opportunities for employment for up to 365 days after the conclusion of consideration of my current application for employment.#