Chief Information Security Officer (CISO)

Ripjar specialises in the development of software and data products that help governments and organisations combat serious financial crime. Our technology is used to identify criminal activity such as money laundering and terrorist financing, enabling organisations to enforce sanctions at scale to help combat rogue entities and state actors. 

Lead Ripjar’s Global Security Strategy 

 As we scale globally, this role is central to our mission of delivering secure, resilient technology to governments and enterprises around the world. 

As Chief Information Security Officer (CISO), you will be responsible for developing and executing our cyber risk strategy, driving alignment with international frameworks such as ISO27001, SOC2, DORA and regional frameworks like Cyber Essentials, and leading executive team engagement on security governance, regulatory readiness, and organisational resilience. You will be responsible for monitoring and improving the information security of Ripjar’s technology infrastructure, products and services as we continue to scale. 

This is a hands-on leadership role. You will be responsible not only for setting strategy, but also for directly executing core activities such as policy development, supporting audits and accreditations, incident response, and day-to-day security operations. 

What you’ll be doing: 

Strategic Security Leadership 

• Set the organisation-wide security vision and roadmap; act as security evangelist at the executive level. 
• Maintain and evolve our security and compliance posture to support international expansion and customer growth. 
• Manage and own the Information Security budget, investments, and ROI. 

Governance, Risk, and Compliance 

• Maintain compliance with ISO27001, SOC2, Cyber Essentials and evolving DORA regulations. 
• Lead internal risk assessments, security audits, and regulatory readiness efforts. 
• Oversee third-party and supply chain security due diligence and assurance processes. 

Operational Security & Infrastructure 

• Partner with infrastructure and engineering teams to drive secure architecture, code, and systems. 
• Identify vulnerabilities and lead remediation in hybrid environments (AWS, private cloud). 
• Ensure security principles are implemented and continuously improved. 

Culture, Education, and Awareness 

• Embed a security-first culture across the business through education, training, and policy. 
• Support the commercial team in client conversations and security due diligence including contributing actively to RFI/RFP processes. 
• Act as the point of contact for external audits, client reviews, and incident communications. 

About You:  

We’re looking for a security leader who blends deep technical acumen with strong strategic and business leadership. You will take a pragmatic approach to information security and its practical application to our organisation as it scales.  

 Ideally, you will have: 

• Proven leadership in high-growth scale-up environments. 
• Expertise in ISO27001, SOC2, NIST CSF, Cyber Essentials, and DORA. 
• Experience with modern cloud infrastructure and security (AWS, Azure, GCP, PaaS/IaaS/SaaS). 
• Familiarity with IAM, DLP, and Linux-based environments. 
• Strong understanding of security architecture, governance, and regulatory trends. 
• Professional certifications such as CISSP, CISM, or CRISC (preferred). 
• Exceptional communication skills to engage senior internal and external stakeholders. 
• High level of integrity, resilience, and executive presence. 

Key ​tasks:  

• Developing, implementing and maintaining IT information security strategies, policies and procedures for the organisation in line with security frameworks. 
• Author, review, and maintain IT security policies and procedures to support compliance and security goals. 
• Maintain awareness of the latest cybersecurity threats, trends, and compliance requirements to continuously improve the security framework. 
• Identifying and acting on opportunities to improve and update software and systems 
• Conduct risk assessments and information security audits to ensure compliance with regulatory standards and best practices, including SOC2. 
• Managing and reporting on the allocation of Information Security budget  
• Perform due diligence and assurance for supply chain security, assessing suppliers/third-party risks and compliance. 
• Act as the main point of contact for external security audits.  
• Support the commercial organisation by contributing to client security questionnaires  
• In conjunction with our operational product infrastructure team, assess and monitor current technology architecture for vulnerabilities, weaknesses and for possible upgrades or improvement  
• Educate the business on Information Security best practices and ensure training and internal standards are sufficient. 

The successful candidate should have these skills:  

 We recognise that demonstrable skills in all these technologies is not easy to find. Don’t let that stop you from applying! We can work in partnership to identify your strengths and provide you with the training necessary to fill any gaps 

• A strong understanding of IT including Cyber Security, Infrastructure, Cloud including IT Security standards and management across major cloud service providers such as AWS, Microsoft Azure and GCP  
• Working knowledge of Security Architecture and potential security issues across PaaS, IaaS, SaaS in AWS environments  
• Understanding of IAM, and Data Loss Prevention in an AWS environments  
• Knowledge of Infrastructure architecture, including Cloud / Hybrid Cloud / private data centres   
• Extensive experience in IT security leadership, leading teams and managing a budget 
• Collaborate with technology and business leaders to integrate security considerations into digital initiatives, cloud strategies, emerging technologies, and operational processes 
• Experience with supply chain security due diligence and assessment processes. 
• Proven experience implementing and managing security standards and frameworks including ISO27001, SOC-2, NIST CSF, NIST 800-53 and Cyber Essentials  
• Experience managing Linux (RHEL / CentOS ) environments  
• Excellent professional communication skills, both written and verbal, to effectively manage business interactions with internal and external stakeholders. 
• Professional certifications such as CISM / CISSP / CRISC are preferable  
• Strong analytical and problem-solving skills 
• Ability to work collaboratively across departments and drive initiatives in a fast-paced environment. 
• High level of integrity and professionalism in managing sensitive information. 

Why we think you’ll enjoy it here:

• Salary up to 140k DOE
• 25 days annual leave + your birthday off, rising to 30 days after 5 years of service
• Fully remote working with occasional travel.
• Life assurance
• Private Family Healthcare
• Employee Assistance Programme
• Company contributions to your pension
• Enhanced maternity/paternity pay
• The latest tech including a top of the range MacBook Pro
• Offices equipped with well-stocked pantries with food, snacks and drinks when in the office