Senior Business Information Security Specialist in London

Ready for a challenge? Then Just Eat Takeaway.com might be the place for you. We’re a leading global online delivery platform, and our vision is to empower everyday convenience. Whether it’s a Friday-night feast, a post-gym poke bowl, or grabbing some groceries, our tech platform connects tens of millions of customers with hundreds of thousands of restaurant, grocery and convenience partners across the globe.

About this role

The InfoSec team at JET is scaling its security partnership and vendor assurance capability across a complex, cloud-native environment spanning multiple markets. As Security Business Partner, you will own the day-to-day delivery of vendor security reviews and shift-left security practices within engineering and product teams. You will work closely with the Security Business Partner function to embed security thinking early and give JET confidence in its third-party supply chain. Based in the UK, this is a hands-on, high-impact individual role.

These are some of the key components to the position:

• Execute vendor security assessments by collecting, analysing, and documenting supplier control evidence, audit reports, and risk findings against defined frameworks including ISO 27001 and NIST CSF.
• Identify and document third-party security risks, recommending proportionate risk treatment options aligned to JET’s risk appetite.
• Support threat modelling, secure design reviews, risk remediation recommendations and early-stage risk assessments alongside engineering teams as part of the secure development lifecycle.
• Translate security findings into clear, business-aligned risk language for product and stakeholders, reducing reliance on technical jargon.
• Maintain accurate risk registers, vendor assessment records, and reporting inputs that feed into executive-level risk dashboards.
• Build working relationships with business and technology teams across multiple markets, acting as a visible and trusted point of contact for security guidance.

What will you bring to the team?

• Demonstrated ability to execute security risk assessments and vendor reviews end-to-end, including evidence collection, gap analysis, and documented findings.
• Working knowledge of security frameworks such as NIST CSF, ISO 27001, or CIS Controls applied in a product or engineering context.
• Ability to communicate security risk clearly to both technical and non-technical audiences, without defaulting to jargon or compliance-speak.
• Familiarity with GRC concepts including risk management, controls design, and third-party assurance, gained through hands-on practice rather than solely policy work.
• Comfort working across multiple teams and geographies in a fast-moving environment, managing competing priorities without losing accuracy or rigor.
• Relevant certifications (such as CISA, CRISC, or equivalent) are a plus, but not a barrier to applying if you can demonstrate the capability.

Inclusion, Diversity & Belonging

No matter who you are, what you look like, who you love, or where you are from, you can find your place at Just Eat Takeaway.com. We’re committed to creating an inclusive culture, encouraging diversity of people and thinking, in which all employees feel they truly belong and can bring their most colourful selves to work every day.