Information Security Team Lead

The impact you will have:

Lead the day to day operation uplift of Elliptic's information and cyber security programme. Drive SSDLC v2.0 adoption, improve cloud and SaaS security posture, and ensure external audit and customer due diligence readiness. Partner with Engineering, Platform, Legal, Procurement and Customer teams to reduce risk while enabling delivery and revenue, including Enterprise Tier security features.

What we expect from you

Programme ownership and delivery

• Own delivery of the InfoSec roadmap and metrics. Translate strategy into quarterly plans with measurable outcomes.

• Establish gates, controls and reporting for SSDLC v2.0 across build and deploy pipelines.

• Lead CSPM/SSPM baselining and targeted burn down of misconfigurations and vulnerabilities.

Risk, assurance and audit readiness

• Maintain ISMS processes aligned to ISO 27001. Coordinate evidence for customer audits and external assurance (e.g., pen test, TPOs).

• Chair or contribute to risk forums. Ensure timely remediation, risk acceptance and exception tracking.

Cloud and SaaS security

• Partner with Platform to harden AWS (IAM, KMS, network segmentation, Security Hub, GuardDuty, logging).

• Uplift endpoint, identity and access, vulnerability management, and logging across the estate.

People leadership and ways of working

• Provide day to day guidance to TISO, Analysts and cross functional contributors.

• Embed a pragmatic, developer friendly security culture through enablement, playbooks and training.

Vendor and data governance

• Oversee vendor security due diligence with clear SLAs and evidence trails. Support data protection and BC/DR control owners.

You must have:

• Proven security delivery in a cloud native product company.

• Strong understanding of AWS security architecture, modern CI/CD, and application security practices.

• Experience operationalising ISMS controls and preparing audit evidence for enterprise customers.

• Excellent stakeholder management and communication skills.

• Relevant certifications are a plus (e.g., CISSP, CCSP, AWS Security), but practical impact matters most.

Success measures in the first 12 months:

• SSDLC v2.0 gates defined and enforced across critical services. Coverage reported monthly.

• 40% reduction in outstanding high/critical vulnerabilities and misconfigurations.

• Green audit outcomes for priority customers with evidence pack library established.

• Baseline CSPM/SSPM metrics in place with trend improvement quarter on quarter.

• Vendor DD process with SLAs and scorecards operating and measured.

• Hybrid working and the option to work from almost anywhere for up to 90 days per year

• £500 Remote working budget to set up your home office space

• $1,000 Learning & Development budget to use on anything (agreed with your manager) that contributes to your growth and development

• Holidays: 25 days of annual leave + bank holidays

• An extra day for your birthday

• Enhanced parental leave: we provide eligible employees, regardless of gender or whether they become a parent by birth or adoption, 16 weeks fully paid leave

• Private Health Insurance - we use Vitality!

• Full access to Spill Mental Health Support

• Life Assurance: 4 times your salary to your beneficiaries

• £100 cryptocurrency for you!

• Cycle to Work Scheme