Chief Information Security Officer (CISO)

Ripjar specialises in the development of software and data products that help governments and organisations combat serious financial crime. Our technology is used to identify criminal activity such as money laundering and terrorist financing, enabling organisations to enforce sanctions at scale to help combat rogue entities and state actors.

As Chief Information Security Officer (CISO), you will be responsible for developing and executing our cyber risk strategy, driving alignment with international frameworks such as ISO27001, SOC2, DORA and regional frameworks like Cyber Essentials, and leading executive team engagement on security governance, regulatory readiness, and organisational resilience. You will be responsible for monitoring and improving the information security of Ripjar's technology infrastructure, products and services as we continue to scale.

This is a hands-on leadership role. You will be responsible not only for setting strategy, but also for directly executing core activities such as policy development, supporting audits and accreditations, incident response, and day-to-day security operations.

What you'll be doing:

• Strategic Security Leadership
  • Set the organisation-wide security vision and roadmap; act as security evangelist at the executive level.
  • Maintain and evolve our security and compliance posture to support international expansion and customer growth.
  • Manage and own the Information Security budget, investments, and ROI.
• Governance, Risk, and Compliance
  • Maintain compliance with ISO27001, SOC2, Cyber Essentials and evolving DORA regulations.
  • Lead internal risk assessments, security audits, and regulatory readiness efforts.
  • Oversee third-party and supply chain security due diligence and assurance processes.
• Operational Security & Infrastructure
  • Partner with infrastructure and engineering teams to drive secure architecture, code, and systems.
  • Identify vulnerabilities and lead remediation in hybrid environments (AWS, private cloud).
  • Ensure security principles are implemented and continuously improved.
• Culture, Education, and Awareness
  • Embed a security-first culture across the business through education, training, and policy.
  • Support the commercial team in client conversations and security due diligence including contributing actively to RFI/RFP processes.
  • Act as the point of contact for external audits, client reviews, and incident communications.

About You:

We're looking for a security leader who blends deep technical acumen with strong strategic and business leadership. You will take a pragmatic approach to information security and its practical application to our organisation as it scales.

Ideally, you will have:

• Proven leadership in high-growth scale-up environments.
• Expertise in ISO27001, SOC2, NIST CSF, Cyber Essentials, and DORA.
• Experience with modern cloud infrastructure and security (AWS, Azure, GCP, PaaS/IaaS/SaaS).
• Familiarity with IAM, DLP, and Linux-based environments.
• Strong understanding of security architecture, governance, and regulatory trends.
• Professional certifications such as CISSP, CISM, or CRISC (preferred).
• Exceptional communication skills to engage senior internal and external stakeholders.
• High level of integrity, resilience, and executive presence.

Key tasks:

• Developing, implementing and maintaining IT information security strategies, policies and procedures for the organisation in line with security frameworks.
• Author, review, and maintain IT security policies and procedures to support compliance and security goals.
• Maintain awareness of the latest cybersecurity threats, trends, and compliance requirements to continuously improve the security framework.
• Identifying and acting on opportunities to improve and update software and systems.
• Conduct risk assessments and information security audits to ensure compliance with regulatory standards and best practices, including SOC2.
• Managing and reporting on the allocation of Information Security budget.
• Perform due diligence and assurance for supply chain security, assessing suppliers/third-party risks and compliance.
• Act as the main point of contact for external security audits.
• Support the commercial organisation by contributing to client security questionnaires.
• In conjunction with our operational product infrastructure team, assess and monitor current technology architecture for vulnerabilities, weaknesses and for possible upgrades or improvement.
• Educate the business on Information Security best practices and ensure training and internal standards are sufficient.

Requirements

The successful candidate should have these skills: We recognise that demonstrable skills in all these technologies is not easy to find. Don't let that stop you from applying! We can work in partnership to identify your strengths and provide you with the training necessary to fill any gaps.

Benefits

Why we think you'll enjoy it here:

• Salary up to 140k DOE
• 25 days annual leave + your birthday off, rising to 30 days after 5 years of service
• Fully remote working with occasional travel
• Life assurance
• Private Family Healthcare
• Employee Assistance Programme
• Company contributions to your pension
• Enhanced maternity/paternity pay
• The latest tech including a top of the range MacBook Pro
• Offices equipped with well-stocked pantries with food, snacks and drinks when in the office