National AI Awards 2025Discover AI's trailblazers! Join us to celebrate innovation and nominate industry leaders.

Nominate & Attend

Security Engineer, Governance, Risk and Compliance

Duffel
Greater London
1 month ago
Create job alert

Security Engineer, Governance, Risk and ComplianceCreate the future of travel with usWhether it’s to visit the people closest to us, starting an exciting adventure, or a career-defining business trip, travel is an essential part of our lives. Yet we've all experienced the aches and pains of getting to our destination. Today, more than 4 billion airline passengers rely on technology that hasn't kept up with the expectations of the modern connected traveller.That’s why we’ve started to rebuild the infrastructure that underpins the travel industry. We’re on a mission to unravel travel — simplifying systems and building the tools that will make the future of travel effortless.Central to this mission is ensuring seamless, secure, and reliable payment experiences, which are crucial for every transaction and a cornerstone of trust in our platform.We were part of Y Combinator S18's cohort and we are backed by Benchmark, Blossom, Index Ventures, and Kima Ventures. A fantastic set of investors that has helped build some of the world's largest companies.Our team in London is growing, and we’re looking for talented people to join us on our journey.Foundations at DuffelThe Foundations team is responsible for the reliability, performance, resilience and security of our infrastructure and applications. The team is working closely with our various engineering teams to understand their needs and help meet the demands of our platform as we scale globally.What you’ll doAs a Security Engineer on our Foundations team, you will play a crucial role in establishing and maintaining a robust security governance framework. Your work will be instrumental in ensuring the organisation's compliance with industry standards and regulations, safeguarding our data and systems and building trust with key partners. You will contribute to fostering a culture of security awareness and operational excellence, directly impacting the company's ability to achieve its ambitious goals.Spearhead the development of Duffel's Information Security Management System (ISMS) and guide the organisation through SOC 2 certifications.Implement and continuously improve security policies and technical controls, ensuring alignment with industry best practices and operational excellence.Monitor and maintain compliance with regulations, third-party requirements, and internal security policies, identifying and proactively addressing potential gaps.Partner with Engineering, Product, and Legal to implement robust data governance solutions, encompassing data labelling, access control, audit trails, de-identification, and data lifecycle management.Develop and execute internal audit programs, and effectively respond to external audits and due diligence requests.Leverage your technical knowledge to define risk management plans, secure vendor solutions and meet third party requirements.Actively contribute to Duffel’s security awareness program, fostering a strong security culture throughout the organisation.Manage Vendor Security Assessment operations and drive continuous improvement of these processes.Support the implementation and enhancement of Incident Management and Vulnerability Management policies.Partner with our Legal team to ensure security practices align with legal and regulatory requirements, particularly concerning data privacy and protection.What we're looking for in you:Strong software and cybersecurity technical background, including experiences with major cloud platforms.Demonstrated experience developing and implementing security policies, standards, and procedures.Solid understanding of risk management frameworks, and industry-specific compliance requirements (, PCI, SOC 2, GDPR).Experience with external audits and leading certification processes.Opinions on what good security standards and processes look like as we define ours at Duffel.Big-picture thinking – you can make trade-offs on technical work streams against business impact.Fantastic communication skills. You're able to articulate what you're working on and why to the team in a clear and structured way.You thrive in a collaborative environment. You believe in your own methods but keep an open mind, taking suggestions and feedback onboard as well.Bonus points if you have:Experience guiding an organisation through PCI-DSS certification.Experience in travel, flights, hotels, or cars.What you can expect from us:We're dedicated to your personal growth. Our environment is comfortable both physically and in that our ears are always open to any ideas, concerns, and questions. We believe that everyone should have pride in their work, taking full ownership of it and its impact. That's why everyone who joins Duffel owns a share of the company.We are an equal opportunities employer. We believe that the key to our success is employing a diverse team; that's why recruitment decisions are only based on your experience and skills. We value your ability to problem solve and build amazing things, so we welcome applications from everyone – regardless of age, sex, disability, sexual orientation, race, religion, or belief.

Related Jobs

View all jobs

Senior Security Engineer

Principal Security Engineer

OT Security Engineer - Offshore Wind

Principal Security Engineer (Risk Specialist)

Principal Security Engineer (Risk Specialist)

Principal Security Engineer (Risk Specialist)

National AI Awards 2025

Subscribe to Future Tech Insights for the latest jobs & insights, direct to your inbox.

By subscribing, you agree to our privacy policy and terms of service.

Industry Insights

Discover insightful articles, industry insights, expert tips, and curated resources.

10 Cyber Security Recruitment Agencies in the UK You Should Know (2025 Job‑Seeker Guide)

UK cyber security hiring remains resilient in 2025, driven by nation-state threats, cloud security investments, and NCSC regulatory pressures. Lightcast reports +42 % YoY growth in UK roles mentioning “SOC”, “cyber risk”, “offensive security” or “GRC”. Yet despite 30,000 active cyber professionals, monthly live vacancies remain in the 2,500–2,900 range. The result: strong demand across public and private sector. We reviewed 50 + consultancies and included only those that: Are registered in the UK (Companies House) Operate a dedicated Cyber Security / InfoSec / Risk & Compliance desk Posted at least 5 UK cyber security roles between March and June 2025 This guide includes 2025 salary ranges, key skills, interview prep tips, and a verified recruiter directory.

Cyber Security Jobs Skills Radar 2026: Emerging Frameworks, Tools & Certifications to Learn Now

Cyber threats are evolving—and so must the people defending against them. As ransomware, AI-enhanced phishing, and supply chain attacks grow more advanced, UK employers are urgently hiring cyber security professionals with the right mix of strategic and hands-on skills. Welcome to the Cyber Security Jobs Skills Radar 2026, your go-to guide for the most in-demand tools, frameworks, certifications, and technologies shaping the UK's cyber workforce. Whether you're a SOC analyst, penetration tester, or cloud security architect, this annual radar is designed to help you stay ahead of the market.

How to Find Hidden Cyber Security Jobs in the UK Using Professional Bodies like BCS, CIISec & More

The demand for skilled cyber security professionals in the UK has never been higher. With threats increasing in sophistication and frequency, organisations are urgently hiring ethical hackers, threat analysts, GRC specialists, and security architects. But many of the most valuable roles—particularly in government, defence, and critical infrastructure—are never publicly advertised. Instead, these jobs are shared behind the scenes through trusted networks, private communities, and professional bodies. In this article, we explore how to uncover hidden cyber security jobs in the UK using organisations like the BCS (The Chartered Institute for IT), CIISec (The Chartered Institute of Information Security), ISACA, and ISC² UK Chapter. We’ll show you how to use membership directories, special interest groups, CPD events and informal networks to gain early access to roles most people never see.