Information Security Team Lead

Elliptic Enterprises Limited

Job Overview

Location

Remote

Job Type

Full-time

Full Job Description

📋 Description

• As the Information Security Team Lead at Elliptic Enterprises Limited, you will be instrumental in shaping and executing our comprehensive information and cyber security program. This pivotal role demands a strategic thinker with a hands-on approach, responsible for the day-to-day operations and continuous enhancement of our security posture. You will be at the forefront of driving the adoption of our Secure Software Development Lifecycle (SSDLC) version 2.0, significantly improving our cloud and SaaS security, and ensuring we are consistently ready for external audits and rigorous customer due diligence processes.
• Your responsibilities will extend to fostering strong partnerships across various departments, including Engineering, Platform, Legal, Procurement, and Customer Success. The core objective is to proactively reduce risk while simultaneously enabling business delivery and revenue growth. A key focus will be on developing and implementing enterprise-tier security features that meet the highest standards of protection and compliance.
• Programme Ownership and Delivery: You will own the end-to-end delivery of the Information Security roadmap, establishing clear, measurable metrics for success. This involves translating high-level security strategy into actionable quarterly plans, defining measurable outcomes that align with business objectives. You will be responsible for establishing robust gates, controls, and reporting mechanisms for SSDLC v2.0, ensuring these are seamlessly integrated into our build and deploy pipelines. Furthermore, you will lead the establishment of Cloud Security Posture Management (CSPM) and SaaS Security Posture Management (SSPM) baselines, driving targeted initiatives to reduce misconfigurations and vulnerabilities.
• Risk, Assurance, and Audit Readiness: A critical aspect of this role is maintaining our Information Security Management System (ISMS) processes in alignment with ISO 27001 standards. You will coordinate the collection and presentation of evidence required for customer audits and external assurance activities, such as penetration tests and Third-Party Opinions (TPOs). You will actively participate in or chair risk forums, ensuring timely remediation of identified risks, appropriate risk acceptance, and meticulous tracking of exceptions.
• Cloud and SaaS Security Enhancement: You will collaborate closely with the Platform team to strengthen our AWS environment. This includes hardening critical security components such as Identity and Access Management (IAM), Key Management Service (KMS), network segmentation, and security monitoring tools like Security Hub and GuardDuty, as well as ensuring comprehensive logging. Your remit will also cover uplifting security across our entire estate, focusing on endpoint security, identity and access management, vulnerability management, and centralized logging solutions.
• People Leadership and Culture Embedding: You will provide essential day-to-day guidance and mentorship to the Third-Party Information Security Officer (TISO), Security Analysts, and other cross-functional contributors. A key leadership objective is to embed a pragmatic, developer-friendly security culture throughout the organization. This will be achieved through proactive enablement, the creation of clear playbooks, and targeted training initiatives that empower teams to integrate security into their workflows.
• Vendor and Data Governance Oversight: You will oversee the vendor security due diligence process, ensuring clear Service Level Agreements (SLAs) are established and evidence trails are maintained. Additionally, you will provide crucial support to the owners of data protection and Business Continuity/Disaster Recovery (BC/DR) controls, ensuring these critical areas are robustly managed and compliant.
• Your impact in the first 12 months will be measured by the successful definition and enforcement of SSDLC v2.0 gates across critical services, with monthly coverage reporting. You will aim for a 40% reduction in outstanding high and critical vulnerabilities and misconfigurations, achieve green audit outcomes for priority customers supported by an established evidence pack library, and implement baseline CSPM/SSPM metrics with demonstrable trend improvements quarter-on-quarter. The vendor DD process, including SLAs and scorecards, will be operational and actively measured.

🎯 Requirements

• Proven experience leading security delivery and operations within a cloud-native product company.
• Strong understanding of AWS security architecture, modern CI/CD pipelines, and application security best practices.
• Demonstrated experience in operationalizing ISMS controls and preparing audit evidence for enterprise-level customers.
• Excellent stakeholder management and communication skills, with the ability to influence and collaborate across diverse teams.
• Relevant security certifications (e.g., CISSP, CCSP, AWS Security) are a plus, but practical impact and demonstrable experience are prioritized.

🏖️ Benefits

• Hybrid working model with the flexibility to work remotely from almost anywhere for up to 90 days per year.
• A generous 500 remote working budget to help you set up an optimal home office space.
• A 1,000 Learning & Development budget, usable on any agreed-upon activity that supports your professional growth.
• 25 days of annual leave plus bank holidays, and an extra day off for your birthday.
• Enhanced parental leave policy, offering 16 weeks of fully-paid leave to eligible employees, regardless of gender or how they become a parent.
• Comprehensive Private Health Insurance through Vitality.
• Full access to Spill for mental health support.
• Life Assurance coverage, providing 4 times your salary to your beneficiaries.
• A unique 100 cryptocurrency bonus upon joining.
• Access to the Cycle to Work Scheme.

Skills & Technologies

AWS

Senior

Remote

Ready to Apply?

Apply Externally

You will be redirected to an external site to apply.

Elliptic Enterprises Limited

Visit Website

About Elliptic Enterprises Limited

Elliptic is a global leader in crypto-asset risk management. The company provides a comprehensive suite of tools and services designed to help businesses, regulators, and law enforcement agencies understand and manage the risks associated with cryptocurrencies. Their technology analyzes blockchain data to detect illicit activity, identify high-risk transactions, and ensure compliance with anti-money laundering (AML) and counter-terrorist financing (CTF) regulations. Elliptic's solutions are used by financial institutions, exchanges, and governments worldwide to protect against financial crime, enhance security, and foster the safe adoption of digital assets.

View Company Profile