Security Architecture and Risk Lead

Social network you want to login/join with:

Client: Flo

Location: London, United Kingdom

Job Category: Other

EU work permit required: Yes

The Job

Partnering with security colleagues and business stakeholders, in this role you will aid Flo to design and implement friction-free security solutions and controls that enable us to build, grow, and deliver a trusted, secure platform, for the millions of users choosing Flo’s world-leading women’s health app. The Security Architecture and Risk Lead will partner with the business to design secure systems environments and embed security controls that mitigate risks within engineering, wider business processes, and third-party solutions being implemented. You will lead the security risk management domain, working with the Security Risk and Controls Manager, collaborating with stakeholders to understand context, and supporting the business in identifying, understanding, and managing security risks, underpinning well-informed risk and value-based prioritization decisions. You will ensure controls are designed to reduce friction and enable Flo to work in a fast, safe, and secure way.

Your Experience

Must have:

• An information security engineer/architect with at least 10 years experience across security domains (including Security Risk Management, Security Management, and Security Architecture).
• Strong command of (Secure) Software Development LifeCycle (SDLC) best practices, including security requirements, threat modelling, security testing, application security review, and securing CI/CD pipelines.
• Sound understanding of cloud security best practices and DevSecOps methodologies.
• Experience in identifying and analyzing security risks with working knowledge of leading security risk management methodologies.
• Strong management experience, including excellent influencing and communication skills.

Nice to have:

• Relevant security industry certification or academic qualification (e.g., MSc in Information Security, CCSP, CISSP).
• Experience supporting security audits and certification processes.
• Knowledge of various security control frameworks.

What you'll be doing

Responsibilities include:

• Developing security patterns and standards.
• Collaborating with stakeholders to establish security tooling and capability requirements, ensuring alignment with goals.
• Evolving Flo’s security risk management framework and processes for transparency and practicality.
• Ensuring security risk management supports business planning and prioritization.
• Performing security assessments of third-party solutions and making actionable recommendations.
• Developing a software risk analysis framework to manage residual security risks.
• Supporting internal security audits, technical compliance, and control maturity assessments.
• Reviewing and rolling out security training and awareness programs.
• Advising business stakeholders on security issues.
• Mentoring team members for technical and professional growth.
• Proactively researching cyber technology landscape for improvements.

Targets:

• Embedding security standards and reducing risks.
• Engaging with stakeholders effectively.
• Providing expertise and support.
• Delivering targets with a collaborative approach.

The salary range starts from €8000 gross/month. #LI-Hybrid #LI-LM12

Ranges may vary depending on skills and experience.

Flo offers a competitive package including:

• Flexible working options
• Company equity via ESOP
• Paid holidays and sick leave
• Paid female health and sick leave
• Workations abroad
• Paid parental leave
• Career development resources
• Annual salary reviews
• Unlimited Flo subscriptions
• Additional benefits (health, pension, social schemes)