Security Architecture and Risk Lead

Partnering with security colleagues and business stakeholders, in this role you will aid Flo to design and implement friction-free security solutions and controls that enable us to build, grow and deliver a trusted, secure platform, for the millions of users choosing Flo’s women’s health app. The Security Architecture and Risk Lead will partner with the business to design secure system environments, embed security controls that mitigate risks within engineering, business processes, and third-party solutions. You will lead the security risk management domain, collaborating with stakeholders to understand context, identify, and manage security risks, supporting risk-based prioritization decisions. You will ensure controls are designed to reduce friction and enable Flo to operate in a fast, safe, and secure manner.

Your Experience

• Must have:

• At least 10 years of experience as an information security engineer or architect across security domains, including Security Risk Management, Security Management, and Security Architecture.
• Strong knowledge of (Secure) Software Development LifeCycle (SDLC) practices, including security requirements, threat modeling, security testing, application security review, and securing CI/CD pipelines.
• Understanding of cloud security best practices and DevSecOps methodologies.
• Experience in security risk identification and analysis, with working knowledge of security risk management methodologies.
• Strong management skills, including influencing and communication abilities.

• Relevant security certifications or academic qualifications (e.g., MSc in Information Security, CCSP, CISSP).
• Experience supporting security audits and certification processes.
• Knowledge of various security control frameworks.

What you’ll be doing

• Responsibilities include:

• Developing security patterns and standards.
• Collaborating with stakeholders to establish security tooling and capabilities, ensuring alignment with goals.
• Evolving Flo’s security risk management framework and processes for consistency and practicality across the business.
• Supporting business planning through security risk management processes.
• Performing security assessments of third-party solutions and making actionable recommendations.
• Developing a software risk analysis framework to manage residual security risks.
• Supporting security monitoring programs, audits, and compliance checks.
• Creating and rolling out security training and awareness campaigns.
• Advising stakeholders on security issues and coaching team members.
• Maintaining knowledge of cyber technology trends to identify improvements.

• Embedding security patterns and standards.
• Reducing security risks.
• Engaging with business stakeholders effectively.
• Providing expertise and support.
• Delivering targets with a collaborative approach.

The salary starts from €8000 gross/month.

Reward

Flo offers competitive pay, benefits, and a supportive environment, including:

• Flexible work options
• Employee equity via ESOP
• Paid holidays and sick leave
• Paid health and sick leave for women
• Workations abroad
• Paid parental leave
• Career development resources
• Salary reviews
• Free Flo subscriptions
• Additional benefits (health, pension, social schemes)