Engineer the Quantum RevolutionYour expertise can help us shape the future of quantum computing at Oxford Ionics.

View Open Roles

Security Engineer, Governance, Risk and Compliance

Duffel
Greater London
1 month ago
Applications closed

Related Jobs

View all jobs

Security Consultant

Security Consultant

Principal Security Engineer

Principal Security Engineer

Senior Cyber Security Analyst

Senior Cloud Security Engineer

Security Engineer, Governance, Risk and ComplianceCreate the future of travel with usWhether it’s to visit the people closest to us, starting an exciting adventure, or a career-defining business trip, travel is an essential part of our lives. Yet we've all experienced the aches and pains of getting to our destination. Today, more than 4 billion airline passengers rely on technology that hasn't kept up with the expectations of the modern connected traveller.That’s why we’ve started to rebuild the infrastructure that underpins the travel industry. We’re on a mission to unravel travel — simplifying systems and building the tools that will make the future of travel effortless. Central to this mission is ensuring seamless, secure, and reliable payment experiences, which are crucial for every transaction and a cornerstone of trust in our platform.We were part of Y Combinator S18's cohort and we are backed by Benchmark, Blossom, Index Ventures, and Kima Ventures. A fantastic set of investors that has helped build some of the world's largest companies.Our team in London is growing, and we’re looking for talented people to join us on our journey.Foundations at DuffelThe Foundations team is responsible for the reliability, performance, resilience and security of our infrastructure and applications. The team is working closely with our various engineering teams to understand their needs and help meet the demands of our platform as we scale globally.What you’ll doAs a Security Engineer on our Foundations team, you will play a crucial role in establishing and maintaining a robust security governance framework. Your work will be instrumental in ensuring the organisation's compliance with industry standards and regulations, safeguarding our data and systems and building trust with key partners. You will contribute to fostering a culture of security awareness and operational excellence, directly impacting the company's ability to achieve its ambitious goals.Spearhead the development of Duffel's Information Security Management System (ISMS) and guide the organisation through SOC 2 certifications.Implement and continuously improve security policies and technical controls, ensuring alignment with industry best practices and operational excellence.Monitor and maintain compliance with regulations, third-party requirements, and internal security policies, identifying and proactively addressing potential gaps.Partner with Engineering, Product, and Legal to implement robust data governance solutions, encompassing data labelling, access control, audit trails, de-identification, and data lifecycle management.Develop and execute internal audit programs, and effectively respond to external audits and due diligence requests.Leverage your technical knowledge to define risk management plans, secure vendor solutions and meet third party requirements.Actively contribute to Duffel’s security awareness program, fostering a strong security culture throughout the organisation.Manage Vendor Security Assessment operations and drive continuous improvement of these processes.Support the implementation and enhancement of Incident Management and Vulnerability Management policies.Partner with our Legal team to ensure security practices align with legal and regulatory requirements, particularly concerning data privacy and protection.What we're looking for in you:Strong software and cybersecurity technical background, including experiences with major cloud platforms.Demonstrated experience developing and implementing security policies, standards, and procedures.Solid understanding of risk management frameworks, and industry-specific compliance requirements (, PCI, SOC 2, GDPR).Experience with external audits and leading certification processes.Opinions on what good security standards and processes look like as we define ours at Duffel.Big-picture thinking – you can make trade-offs on technical work streams against business impact.Fantastic communication skills. You're able to articulate what you're working on and why to the team in a clear and structured way.You thrive in a collaborative environment. You believe in your own methods but keep an open mind, taking suggestions and feedback onboard as well.Bonus points if you have:Experience guiding an organisation through PCI-DSS certification.Experience in travel, flights, hotels, or cars.What you can expect from us:We're dedicated to your personal growth. Our environment is comfortable both physically and in that our ears are always open to any ideas, concerns, and questions. We believe that everyone should have pride in their work, taking full ownership of it and its impact. That's why everyone who joins Duffel owns a share of the company.We are an equal opportunities employer. We believe that the key to our success is employing a diverse team; that's why recruitment decisions are only based on your experience and skills. We value your ability to problem solve and build amazing things, so we welcome applications from everyone – regardless of age, sex, disability, sexual orientation, race, religion, or belief.

Subscribe to Future Tech Insights for the latest jobs & insights, direct to your inbox.

By subscribing, you agree to our privacy policy and terms of service.

Industry Insights

Discover insightful articles, industry insights, expert tips, and curated resources.

Seasonal Hiring Peaks for Cybersecurity Jobs: The Best Months to Apply & Why

The UK's cybersecurity sector has emerged as one of the most critical and lucrative technology markets, with roles spanning from security analysts to penetration testers and chief information security officers. With cybersecurity positions commanding salaries from £28,000 for junior security analysts to £140,000+ for senior security architects, understanding when organisations actively recruit can dramatically impact your career trajectory in this essential field. Unlike traditional IT sectors, cybersecurity hiring follows distinct patterns influenced by threat landscapes, regulatory compliance cycles, and incident response requirements. The sector's unique combination of perpetual threat evolution, regulatory pressures, and skills shortages creates predictable hiring windows that strategic professionals can leverage to advance their careers in protecting Britain's digital infrastructure. This comprehensive guide explores the optimal timing for cybersecurity job applications in the UK, examining how cyber threat cycles, compliance deadlines, and government initiatives influence recruitment patterns, and why strategic timing can determine whether you join a cutting-edge security consultancy or miss the opportunity to defend against tomorrow's cyber threats.

Pre-Employment Checks for Cyber Security Jobs: DBS, References & Right-to-Work and more Explained

The cyber security sector in the UK stands at the forefront of protecting national infrastructure, business operations, and personal data from increasingly sophisticated cyber threats. As organisations across all sectors recognise cyber security as a critical business function, employers are implementing the most rigorous pre-employment screening processes in the technology industry to ensure they recruit professionals capable of defending against advanced persistent threats and maintaining the highest standards of security and trustworthiness. Whether you're a penetration tester, security analyst, incident response specialist, or chief information security officer, understanding the comprehensive vetting requirements is essential for successfully advancing your career in this security-critical field. This detailed guide explores the extensive background checks and screening processes you'll encounter when applying for cyber security positions in the UK, from fundamental eligibility verification to the most stringent security clearance requirements and specialised threat intelligence assessments.

Why Now Is the Perfect Time to Launch Your Career in Cyber Security: The UK's Digital Defence Revolution

The United Kingdom faces an unprecedented cyber security challenge that presents an extraordinary career opportunity. With cyber attacks increasing by 300% year-on-year and the average cost of a data breach reaching £4.24 million, Britain urgently needs skilled cyber security professionals to defend its digital infrastructure, protect citizens' data, and maintain national security in an increasingly connected world. If you've been considering a career change or seeking to future-proof your professional trajectory, cyber security represents one of the most secure, well-compensated, and socially impactful career choices available. The convergence of escalating threats, skills shortage, government investment, and regulatory requirements has created a perfect storm of opportunity that shows no signs of abating.