Who are we?
Hi! 👋 We are Ravelin! We're a fraud detection company using advanced machine learning and network analysis technology to solve big problems. Our goal is to make online transactions safer and help our clients feel confident serving their customers.
And we have fun in the meantime! We are a friendly bunch and pride ourselves in having a strong culture and adhering to our values of empathy, ambition, unity and integrity. We really value work/life balance and we embrace a flat hierarchy structure company-wide. Join us and you’ll learn fast about cutting-edge tech and work with some of the brightest and nicest people around - check out our Glassdoor reviews.
If this sounds like your cup of tea, we would love to hear from you! For more information check out our blog
to see if you would like to help us prevent crime and protect the world's biggest online businesses.
Our data is a crucial part to our success and of great importance to our clients, our partners and to our team. This is why we are currently looking for someone to help evolve the security function as Ravelin grows. As part of the security team, you will be highly technical, fully hands-on, be interested in all areas of information security and be willing to switch communication between technical and non-technical audiences.
To be successful in this role, you have to be a practical and pragmatic person with security sensibility who knows the difference between implementing an ineffective policy, and something difficult that is worth the additional friction.
- Be a core member of the InfoSec team
- Providing expertise in compliance programmes for regulatory and compliance frameworks such as PCI DSS/PSD2/27001
- Creating, reviewing and maintaining security policy, standards and procedures
- Coordinating internal and external reviews for security frameworks e.g PCI DSS
- Conducting annual reviews on currently on-boarded vendors
- Automate and improve security across the business
- Coordination of all ISMS and all associated documentation and materials to manage the Information Security audit and certification process (e.g. ISO-27001).
- Providing governance within our ISMS to ensure compliance, including:
- driving progress against our Information Security objectives
- managing various Information Security projects and initiatives
- ownership of our Information Security risk management processes
- providing relevant MI to senior management and report regularly about ongoing security efforts and initiatives
- Management and timely execution of all day to day security procedures (security incident management, information transfer etc) allowing the business to operate efficiently in a secure manner
- Providing assurance to the security architecture and design patterns for all IT and Cloud systems deployed and used
- Providing subject matter expertise and a point of escalation for any requests for information from parties who have an interest in our ISMS
- Manage our supplier assurance process, including pre and post-contract assessment of suppliers
- Co-ordinating security awareness and training activities across the organisation
- At least 4 years of experience in the Information Security field
- Very good understanding of PCI-DSS, PSD2, GDPR and other compliance and regulatory frameworks
- Hands on experience with mobile device management and endpoint protection technologies
- Understanding of information security and related principles
- Experience protecting organisations from known and emerging security threats (ransomware, DDOS, application vulnerabilities)
- Strong understanding of the zero-trust/BeyondCorp security model and techniques/technologies used to secure remote-first, cloud-native organisations
Nice to haves
- Hands on Pen Testing Experience