At a Glance
- Tasks: Lead security governance, ensuring compliance and operational excellence in a tech-driven environment.
- Company: Join a forward-thinking company dedicated to protecting millions of customers with innovative security solutions.
- Benefits: Enjoy a competitive salary, flexible working arrangements, and opportunities for professional growth.
- Other info: Fast-paced environment with a focus on inclusion and diversity.
- Why this job: Make a real impact on security governance while collaborating with talented teams in a dynamic setting.
- Qualifications: Experience in Information Security GRC and knowledge of NIST CSF and ISO27001 frameworks required.
The predicted salary is between 60000 - 80000 £ per year.
- Position: Operational Governance Lead Department: Info
- Sec
Location: London - 3 days on-site Full Time About this role JET’s Information Security organisation protects a technology‑led, cloud‑native platform serving millions of customers across multiple markets.
Our Security Governance function sets the standards that keep a large, cloud‑native technology organisation secure and compliant.
Responsibilities Maintain and operationalise JET’s security governance documentation, policies, standards, and control models keeping them aligned to JET’s risk appetite and frameworks, including NIST CSF and ISO27001.
Run governance forums and working groups, ensuring decisions are documented, tracked, and communicated to engineering, risk, and compliance stakeholders in a timely way.
Coordinate evidence gathering and control validation across L1 and L2, supporting audit cycles and maintaining a clear, accountable control registry.
Draft and refine technical security standards for cloud platforms (AWS/GCP), CI/CD pipelines, and third‑party integrations, working with Engineering Leads to embed these into delivery workflows.
Track exceptions and remediation plans with technical owners, escalating risks where needed and maintaining visibility across the Three Lines of Defence.
Build and maintain KPI/KRI dashboards that provide stakeholders with clear, accurate visibility of control health and compliance posture.
Qualifications Solid hands‑on experience in Information Security GRC within a technology‑led or cloud‑first organisation, with a track record of keeping governance frameworks operational at pace.
Working knowledge of security control frameworks (NIST CSF, ISO27001) and how they apply to modern engineering environments including cloud infrastructure, microservices, and Dev Ops.
Proven ability to coordinate across the Three Lines of Defence translating audit and compliance requirements into clear, actionable tasks for engineering teams without creating unnecessary friction.
Clear communicator who can explain governance requirements and control expectations to both technical engineers and non‑technical risk or business stakeholders.
Organised and delivery‑focused, with the ability to manage multiple governance workstreams, track remediation through to closure, and keep processes running in a fast‑moving organisation.
Data‑driven approach to compliance tracking, comfortable building dashboards, spotting trends in control data, and surfacing the right information to support leadership decisions.
Inclusion, Diversity