Companies you'll love to work for


Security Risk and Policy Lead

Thought Machine

Thought Machine

London, UK
Posted on Monday, September 4, 2023
Thought Machine’s mission is bold – to properly and permanently rid the world’s banks of legacy technology. To achieve this, we have developed the foundations of modern banking and built core and payments technology which runs natively in the cloud. What we are attempting is hard and means we need great people working together to build great technology.
We have grown rapidly in the past few years – growing our team to more than 500 individuals across offices in London, New York, Singapore and Sydney. We have raised more than $500m in funding and are now valued at $2.7bn. Our investors include Molten Ventures, Eurazeo, Intesa Sanpaolo, Temasek, Nyca Partners, JPMorgan Chase, Standard Chartered, and more. 
We have created a culture enabling our team to produce the best work in the industry, ensuring we have fun along the way. We're regularly cited as having a fantastic workplace culture and have been recognised by Sifted magazine as having one of the highest Glassdoor ratings for a UK fintech company and the most generous employee share package in the industry. We've been named AltFi's B2B Fintech of the Year, placed in the FinTech50, and named one of Europe’s fastest-growing companies by the Financial Times in 2023.
Thought Machine’s Security Risk and Policy team focuses on building the company’s security risk assessment, collaborating on the design of controls and capabilities to mitigate risks to acceptable levels, managing our security and business continuity certifications, and maintaining a program of continuous improvement that puts us at the forefront of industry good practices. This focus is driven by four principles:
  • Risk Quantification: We believe that quantification and measurement are critical to providing the company with evidence-based recommendations for risk mitigation and prioritisation.
  • Collaborative Development: We believe in collaboration with every team across the company to build security that mitigates identified risks in ways that support Thought Machine’s ways of working and solving hard problems.
  • Demonstrated Commitment: Managing and maintaining security certifications showcasing our dedication to security and demonstrating our credentials.
  • Continuous improvement: Monitoring and nurturing the evolution and operation of our Information Security Management System so that we remain at the forefront of industry best practices, evolve as threats evolve, and build world-class technologies.
  • Lead the process of obtaining, renewing, and maintaining Thought Machine's certifications, including ISO27001, ISO22301, PCI-DSS, and SOC2.
  • Maintain security risk assessments focusing on risk quantification and FAIR, ensuring that potential threats are identified, quantified, and addressed promptly.
  • Participate and collaborate on the design of controls, technical capabilities, and procedures to mitigate security risks to acceptable levels.
  • Oversee the creation, maintenance, and updating of all security-related policies and documentation, ensuring that they are current and reflect industry best practices.
  • Oversee business continuity and operational resilience design, guaranteeing that the company can weather unforeseen events without major disruptions.
  • Assist the commercial team by providing expert insights and answers to security-related queries from clients and prospects, instilling confidence in our security positioning.
  • Collaborate with the Head of Security in drafting the department's strategy and security roadmap that align with risk assessments and business goals.
  • Directing and mentoring the Security Risk & Policy team on team initiatives and work efforts.