Security Architecture and Risk Lead

Social network you want to login/join with:

Client: Flo

Location: London, United Kingdom

Job Category: Other

EU work permit required: Yes

Job Reference: 2826bcafb0c4

Job Views: 29

Posted: 12.08.2025

Expiry Date: 26.09.2025

The Job

Partnering with security colleagues and business stakeholders, in this role you will aid Flo to design and implement friction-free security solutions and controls that enable us to build, grow, and deliver a trusted, secure platform for the millions of users choosing Flo’s women’s health app.

The Security Architecture and Risk Lead will partner with the business to design secure systems environments and embed security controls that mitigate risks within engineering, wider business processes, and third-party solutions.

You will lead the security risk management domain, working with the Security Risk and Controls Manager, collaborating with stakeholders to understand context, and supporting the business to identify, understand, and manage security risks, underpinning well-informed risk and value-based prioritization decisions.

You will ensure controls are designed to reduce friction and enable Flo to work in a fast, safe, and secure way.

Must have:

• An information security engineer/architect with at least 10 years experience across security domains, including Security Risk Management, Security Management, and Security Architecture.
• Strong command of (Secure) Software Development LifeCycle (SDLC) best practices, including security requirements, threat modelling, security testing, application security review, and securing CI/CD pipelines.
• Sound understanding of cloud security best practices and DevSecOps methodologies.
• Experience in identifying and analyzing security risks, with working knowledge of leading security risk management methodologies.
• Strong management experience, including excellent influencing and communication skills.

Nice to have:

• Relevant security industry certification or academic qualification (e.g., MSc in Information Security, CCSP, CISSP).
• Experience supporting security audits, including certification processes.
• Knowledge of various security control frameworks.

Responsibilities include:

• Developing security patterns and standards.
• Establishing security tooling and capability requirements with stakeholders.
• Evolving Flo’s security risk management framework and processes.
• Ensuring security risk management supports business planning and prioritization.
• Performing security assessments of third-party solutions and making actionable recommendations.
• Developing and implementing software risk analysis frameworks.
• Supporting security monitoring programs, audits, and compliance checks.
• Reviewing and rolling out security training and awareness campaigns.
• Advising business stakeholders on security issues.
• Mentoring team members.
• Keeping abreast of cybersecurity landscape and best practices.

Targeted outcomes:

• Embedding security patterns and standards.
• Reducing security risks.
• Engaging with business stakeholders.
• Providing expertise and support.
• Delivering targets with a collaborative approach.

The salary starts from €8000 gross/month. #LI-Hybrid #LI-LM12

Ranges may vary depending on skills and experience.

Flo offers competitive salaries and benefits, including:

• Flexible working environment
• Company equity via ESOP
• Paid holidays and sick leave
• Paid female health and sick leave
• Workations abroad
• Paid maternity and paternity leave
• Career development resources
• Annual reviews
• Unlimited Flo subscriptions
• Additional health, pension, and social benefits