Information Security & Risk Management Lead

Information Security & Risk Management Lead

A rare chance to join as the first full-time, dedicated Information Security and Risk Management related hire at a venture capital funded, ex-Uber, WeWork and Amazon team providing an AI-powered and data-driven SaaS product to employees at large enterprises globally.

You will have a high level of autonomy to operationalise and further develop our posture, with the chance to build relationships with relevant teams at enterprise customers worldwide (e.g. Deloitte, Legal & General, Miro).

A varied role with the chance to build on the fundamentals of our ISO 27001 compliance and across IT, information security, data protection and wider risk management.

ABOUT NATTER

Natter exists to give everyone a voice at work by leveraging the power of AI & video.

Built by a team of ex-Uber, WeWork and Amazon builders, Natter has selectively hired a team of exited founders, specialist domain experts and SaaS unicorn founding team members. They are now looking for their first Information Security & Risk Management Lead.

Natter is already being used by some of the world’s largest companies, ranging from big four consultancies like Deloitte, institutional financial services providers like Legal and General, to technology innovators like Miro.

Natter’s conversational AI platform allows tens of thousands of users to simultaneously share ideas and feedback through real-time video conversations. Its uniquely scalable tech allows anyone with a smartphone to, literally, have a say on the most important decisions – ranging from workplace strategy to new product offerings.

Information Security & Risk Management Lead Responsibilities

As our Information Security & Risk Management Lead at Natter you will…

1. Have ownership of our information security and risk management policies and procedures, working to ensure these meet the risk-related expectations of enterprise customers (including, e.g. incident response, vulnerability management, vendor and asset management, system access and backup, business continuity and disaster recovery).
2. Lead efforts to build credibility with our customers’ information security, IT, legal, risk and data teams, including acting as the working level contact to complete their vendor assessment exercises, negotiate and enact data processing or related agreements and address ongoing compliance check-ins.
3. Maintain and report on our compliance with our ISO 27001 certification, GDPR and any future AI-related legal or risk-related requirements, working cross-functionally and proactively to avoid policy and procedure-related non-conformities.
4. Manage our IT and other risk management policies (including e.g. physical security, data classification, retention and backup), adopting a pragmatic mindset that balances the need to identify, manage and escalate risk with our ambitious commercial objectives.
5. Collaborate with our Engineering and Product teams to put security and data protection at the forefront of how we design, build and maintain our products to stay in line with industry best practices and evolving customer expectations.
6. Lead efforts to upskill commercial-facing teams on specialist subject matter to ensure all our people understand and can communicate our posture to external parties effectively.
7. Work closely with senior leaders to further embed security and the appropriate evaluation of risk as part of Natter’s DNA.

We’d love to hear from you if you have…

1. 5+ years’ varied experience in information security, data protection, risk management, enterprise IT, legal or (relevant) compliance roles.
2. Hands-on experience building credibility with external stakeholders, including enterprise clients, critical system vendors, certification auditors and regulatory bodies.
3. Proven experience shepherding a B2B SaaS product with the potential to capture special category data through enterprise-grade vendor assessment exercises and data processing-related legal negotiations.
4. A high level of understanding and experience in how to maintain IT, security, monitoring and logging tools and continuous compliance platforms.
5. Excellent verbal and written communication skills, with the ability to explain sometimes complex concepts to non-specialist stakeholders.
6. A proactive and solution-oriented mindset, with a strong attention to detail.
7. Given the variety of this role (spanning both operational policy and more technical procedure), those with an intellectually curious mindset who can adapt under pressure and use limited resources effectively are likely to succeed. Whilst experience working at an early stage start-up is not necessarily required, tangible experience operating in fast-paced, sometimes fluid working environment requiring proactivity, accountability and pragmatism is highly desirable.

️ Quarterly international team offsite
Company laptop and supporting tech as necessary
Mindfulness/meditation sessions for all employees
Complimentary daily breakfast and weekly lunch provided In office
Dedicated, private office space in Soho, London

HOW TO APPLY

The application journey has 4 key steps. Our interview process involves four main stages after an informal recruiter call:

1. 30 min screening interview
2. Interview with James Stevens (COO)
3. Interview with Chief of Staff and Operations Lead
4. Final stage in-person meet with founding team

This process should take around 3-4 weeks – your schedule is really important to us, so we promise to be as flexible as possible!

You will have the chance to speak to our recruitment team at various points during your process but if you do have any specific questions or want to talk through reasonable adjustments ahead of or during application please us at any point on

Please also use that email to let us know if there’s anything we can do to make your application process easier for you, because of disability, neurodiversity or any other personal reason.

#J-18808-Ljbffr