Overview

We help companies get compensation right. What we get paid at work has a massive impact on our lives, and it is one of the biggest factors in hiring and retaining talent. Ravio provides a real-time data platform that brings compensation into the modern age with clarity and transparency. We are the European leader in this space, serving more than 1,200 clients, and we aim to become the global go-to place for compensation data and tools for managing compensation. Joining a startup and scaling it into a global product is challenging and rewarding. If that sounds exciting to you, you’re in the right place.

About the Role: We are seeking a proactive and commercially-minded Information Security & Compliance Manager to join our team. This is a mid-level individual contributor role suited for someone who thrives in a fast-paced environment, is comfortable wearing multiple hats, and is excited by both InfoSec and hands-on compliance operations.

This role will focus primarily on security, data privacy, compliance, and regulatory matters. You will play a key role in helping the business stay compliant with relevant laws and standards, including oversight of our SOC 2 compliance processes, while also helping to drive practical compliance solutions across the business. A background in Security Engineering is a big plus as it would enable you to own the end-to-end architecture and technical execution of our security controls and systems.

Key Responsibilities

• Operational Security & Security Architecture
• Drive strategic planning, execution, and operations of scalable, automated, and resilient security controls
• Contribute towards defining Ravio's security engineering strategy that addresses identity, endpoint, and data protection across all environments
• Design a global security architecture and support the security engineering roadmap (with a special focus on data security)
• Oversee security monitoring, vulnerability management, and incident response
• Coordinate tabletop exercises and incident response testing
• Own the relationship with security vendors

• Governance, Risk & Compliance (GRC)
• Lead or support internal compliance programs, with a focus on data privacy, corporate governance, and regulatory frameworks
• Manage the organization's compliance with frameworks and regulations (oversee SOC 2 Type II maintenance and readiness efforts)
• Conduct risk assessments and maintain the enterprise risk register
• Ensure third-party vendor risk management processes are in place

• Awareness & Training
• Develop and deliver security awareness programs
• Promote a culture of security and compliance across the organisation

• Audit & Reporting
• Prepare for and support internal and external audits
• Track compliance KPIs and report status to executive leadership
• Ensure timely remediation of audit findings

About You

Experience & Qualifications

• Strong working knowledge of global data privacy laws and compliance standards (e.g. GDPR, CCPA, SOC 2)
• Strong knowledge of security standards, controls, and best practices (NIST, CIS, OWASP)
• Familiarity with cloud security (AWS, Azure, GCP)
• Experience with audit management, GRC tools, and security monitoring solutions
• Excellent problem-solving, communication, and stakeholder management skills

• Skills & Traits
• You enjoy data privacy, compliance, and security operations and are happy to "roll up your sleeves" when needed
• Pragmatic, solutions-oriented, and business-savvy
• Excellent communication skills with the ability to influence across departments
• Highly organised and able to manage multiple projects simultaneously
• Comfortable working in a fast-moving, ambiguous, and collaborative environment
• Strong plus: a background in Security Engineering

Compensation & Benefits

• £75,000 - £95,000
• Company ownership (everyone gets a meaningful equity stake in Ravio)
• 37 days paid time off (25 days holiday + 4 wellness day + 8 public holidays)
• Up to 6% pension matching scheme
• £60 a month wellness allowance (Invest in your physical wellbeing, on us)
• £500 per year Learning and Development budget
• Private healthcare cover with AXA
• Personal travel insurance - just in case
• Income protection insurance (for full peace of mind in case you cannot work because of sickness or disability)
• 16 weeks fully paid birthing parent leave, followed by 4 weeks at 50% pay & 8 weeks for non-birthing parent

For more information about what we collect and how we use it when you apply for a role with us, please refer to our Candidate Privacy Notice.