Senior Business Information Security Specialist

The InfoSec team at JET is scaling its security partnership and vendor assurance capability across a complex, cloud-native environment spanning multiple markets. As Security Business Partner, you will own the day-to-day delivery of vendor security reviews and shift-left security practices within engineering and product teams. You will work closely with the Security Business Partner function to embed security thinking early and give JET confidence in its third party supply chain. Based in the UK, this is a hands on, high impact individual role.

• Execute vendor security assessments by collecting, analysing, and documenting supplier control evidence, audit reports, and risk findings against defined frameworks including ISO 27001 and NIST CSF.
• Identify and document third party security risks, recommending proportionate risk treatment options aligned to JET's risk appetite.
• Support threat modelling, secure design reviews, risk remediation recommendations and early stage risk assessments alongside engineering teams as part of the secure development lifecycle.
• Translate security findings into clear, business aligned risk language for product and stakeholders, reducing reliance on technical jargon.
• Maintain accurate risk registers, vendor assessment records, and reporting inputs that feed into executive level risk dashboards.
• Build working relationships with business and technology teams across multiple markets, acting as a visible and trusted point of contact for security guidance.

• Demonstrated ability to execute security risk assessments and vendor reviews end to end, including evidence collection, gap analysis, and documented findings.
• Working knowledge of security frameworks such as NIST CSF, ISO 27001, or CIS Controls applied in a product or engineering context.
• Ability to communicate security risk clearly to both technical and non technical audiences, without defaulting to jargon or compliance speak.
• Familiarity with GRC concepts including risk management, controls design, and third party assurance, gained through hands on practice rather than solely policy work.
• Comfort working across multiple teams and geographies in a fast moving environment, managing competing priorities without losing accuracy or rigour.
• Relevant certifications (such as CISA, CRISC, or equivalent) are a plus, but not a barrier to applying if you can demonstrate the capability.