Security Lead

We're not your average benefits platform; we're the unordinary force that uplifts people's lives. Our technology is the link that connects the entire benefits ecosystem, creating better outcomes for employers, employees, brokers, and providers.

Our mission is clear: we're here to create a world where everything operates at its very best, ensuring that every employee receives the support they need to live life to the fullest, both at work and beyond.

You'll be Ben's Security Lead - owning security end-to-end across product, cloud infrastructure, internal systems, and trust/compliance. In the same week you might review a pull request, harden AWS IAM controls, and sit opposite a prospect's CISO explaining how Ben handles their data. You'll work closely with the CTO on priorities and direction, but day-to-day you're the one making the calls.

You won’t be starting from scratch. Ben is ISO 27001:2022 certified with established controls across product, AWS, and corporate IT. There's a solid foundation in place - this role is about strengthening it, making it scale, and making sure security’s part of the reason enterprise customers choose Ben.

If you like combining hands-on engineering with practical risk judgement and cross-functional influence - and you're comfortable being the person who owns the answer, this is the role for you

• Act as Ben’s security lead in enterprise customer and prospect conversations, questionnaires, due diligence calls, and trust centre content. Security is a reason customers choose Ben - you'll help keep it that way

• Own and improve Ben’s security controls across identity, endpoint, cloud infrastructure, product security, and corporate IT

• Lead monitoring, detection, incident response, and continuous improvement across the environment

• Maintain and mature our ISO 27001-certified ISMS, conducting risk assessments, vendor reviews, and policy/control maintenance to keep our control environment effective and audit-ready

• Embed secure-by-design into the development lifecycle - threat modelling, architecture reviews, secure code review, and CI/CD hardening

• Over time, lead a pragmatic SOC 2 implementation alongside the existing ISMS, and provide input on GenAI governance as Ben ships AI features in production

• Hands-on security experience in a SaaS, cloud-first, or product-led environment - you've probably been doing this for 4-6 years and are looking to own a security function for the first time

• Strong working knowledge of identity and access management in both corporate and product contexts. We work with Microsoft's security ecosystem a lot (Entra, Intune, Defender) - you'll need to be comfortable there or confident you can get up to speed quickly

• Experience securing AWS environments and embedding security into product development, through threat modelling, code review, and CI/CD controls

• Experience with endpoint and corporate security - you've worked with EDR, MDM, ZTNA, or similar tooling, even if not the specific stack we use

• Familiarity with compliance frameworks (ISO 27001 or SOC 2), and the ability to translate technical controls into audit-ready evidence

• Confidence in enterprise customer conversations - you can explain security clearly to technical and non-technical audiences

• Comfort with ambiguity and context-switching - you're happy owning the answer across a wide remit rather than specialising in one domain

We are organically growing a brilliantly diverse, inclusive and respectful bunch of people we are extremely proud of. This should go without saying but all applications are very much welcome. If you need any adjustments to support you with your application, just let us know by emailing jobs@thanksben.com. You can learn more about DEI at Ben here.