elliptic - Information Security Team Lead
Upload My Resume
Drop here or click to browse · PDF, DOCX, DOC, RTF, TXT
Requirements
• Programme ownership and delivery • Own delivery of the InfoSec roadmap and metrics. Translate strategy into quarterly plans with measurable outcomes. • Establish gates, controls and reporting for SSDLC v2.0 across build and deploy pipelines. • Lead CSPM/SSPM baselining and targeted burn‑down of misconfigurations and vulnerabilities. • Risk, assurance and audit readiness • Maintain ISMS processes aligned to ISO 27001. Coordinate evidence for customer audits and external assurance (e.g., pen test, TPOs). • Chair or contribute to risk forums. Ensure timely remediation, risk acceptance and exception tracking. • Cloud and SaaS security • Partner with Platform to harden AWS (IAM, KMS, network segmentation, Security Hub, GuardDuty, logging). • Uplift endpoint, identity and access, vulnerability management, and logging across the estate. • People leadership and ways of working • Provide day‑to‑day guidance to TISO, Analysts and cross‑functional contributors. • Embed a pragmatic, developer‑friendly security culture through enablement, playbooks and training. • Vendor and data governance • Oversee vendor security due diligence with clear SLAs and evidence trails. Support data protection and BC/DR control owners. • Proven experience leading security delivery in a cloud‑native product company. • Strong understanding of AWS security architecture, modern CI/CD, and application security practices. • Experience operationalising ISMS controls and preparing audit evidence for enterprise customers. • Excellent stakeholder management and communication skills. • Relevant certifications are a plus (e.g., CISSP, CCSP, AWS Security), but practical impact matters most. • Success measures in the first 12 months: • SSDLC v2.0 gates defined and enforced across critical services. Coverage reported monthly. • 40% reduction in outstanding high/critical vulnerabilities and misconfigurations. • Green audit outcomes for priority customers with evidence pack library established. • Baseline CSPM/SSPM metrics in place with trend improvement quarter‑on‑quarter. • Vendor DD process with SLAs and scorecards operating and measured. • Hybrid working and the option to work from almost anywhere for up to 90 days per year • £500 Remote working budget to set up your home office space • Learning & Development • $1,000 Learning & Development budget to use on anything (agreed with your manager) that contributes to your growth and development • Holidays: 25 days of annual leave + bank holidays • An extra day for your birthday • Enhanced parental leave: we provide eligible employees, regardless of gender or whether they become a parent by birth or adoption, 16 weeks fully-paid leave
Responsibilities
• Lead the day‑to‑day operation and uplift of Elliptic’s information and cyber security programme. Drive SSDLC v2.0 adoption, improve cloud and SaaS security posture, and ensure external audit and customer due diligence readiness. Partner with Engineering, Platform, Legal, Procurement and Customer teams to reduce risk while enabling delivery and revenue, including Enterprise Tier security features. • What we expect from you • Programme ownership and delivery • Own delivery of the InfoSec roadmap and metrics. Translate strategy into quarterly plans with measurable outcomes. • Establish gates, controls and reporting for SSDLC v2.0 across build and deploy pipelines. • Lead CSPM/SSPM baselining and targeted burn‑down of misconfigurations and vulnerabilities. • Risk, assurance and audit readiness • Maintain ISMS processes aligned to ISO 27001. Coordinate evidence for customer audits and external assurance (e.g., pen test, TPOs). • Chair or contribute to risk forums. Ensure timely remediation, risk acceptance and exception tracking. • Cloud and SaaS security • Partner with Platform to harden AWS (IAM, KMS, network segmentation, Security Hub, GuardDuty, logging). • Uplift endpoint, identity and access, vulnerability management, and logging across the estate. • People leadership and ways of working • Provide day‑to‑day guidance to TISO, Analysts and cross‑functional contributors. • Embed a pragmatic, developer‑friendly security culture through enablement, playbooks and training. • Vendor and data governance • Oversee vendor security due diligence with clear SLAs and evidence trails. Support data protection and BC/DR control owners.
Benefits
• Equity options mentioned but no specific details provided. • Paid PTO of 25 days plus bank holidays with an extra day for the birthday; however, this is part of vacation/leave benefits and should be listed separately if required as per instructions to extract only compensation aspects like salary or equity options without additional leave details. • Perks are mentioned with a £500 remote working budget, which is considered part of the overall package and can be categorized as perks/benefits for this task's purpose unless otherwise specified to separate it from other compensation aspects like salary or equity options. • Remote work option explicitly stated: Hybrid working with an option to work from almost anywhere for up to 90 days per year, and a £500 budget allocated specifically for setting up the home office space is provided as part of benefits/compensation.
No credit card. Takes 10 seconds.