InfoSec Lead

About Malted

Malted builds specialised intelligence for financial institutions. Our products combine advanced language technology with deep domain understanding to help firms make faster, more accurate and more accountable decisions.

We focus entirely on financial services, working with leading banks, insurers and regulators to turn complex reasoning into clear, dependable intelligence.

Our flagship product, Malted Pulse, provides AI that reasons transparently and can be inspected, governed and tuned to organisational policy.

We’re a small, highly technical team based in Edinburgh, combining deep machine learning experience with a rigorous approach to product design and engineering. We believe that making AI systems understandable isn’t just an ethical necessity, it’s a competitive advantage.

About the team

You’ll join the Pulse product team, responsible for building and evolving the systems that power Malted Pulse. The team designs and operates the distributed infrastructure that enables our customers to deploy reasoning agents at scale, with reliability, traceability and performance at the core.

You’ll work closely with our machine learning and frontend engineers to turn advanced capability into robust, maintainable systems.

What you’ll do

You will define and execute the security roadmap for Malted. You’ll work closely with the engineering team to ensure our infrastructure is "secure by design" and with the leadership team to ensure we meet the rigorous security standards expected by our enterprise financial clients.

Responsibilities

• Own the ISMS: Lead the maintenance of our ISO 27001 certification and spearhead the upcoming SOC 2 Type 1 and Type 2 audit processes.

• Technical Implementation: Be the "boots on the ground" for security. Implement and manage security controls across our cloud environments (AWS/Azure) and internal IT systems.

• Endpoint & IT Security: Manage our fleet security via MDM (e.g., JumpCloud), ensuring robust encryption, patching, and access control across all company devices.

• Cloud & Infrastructure Security: Work with engineers to harden our Kubernetes/container environments, manage IAM policies, and oversee vulnerability scanning and remediation.

• Identity & Access Management: Own the lifecycle of user access, from onboarding and MFA enforcement to regular access reviews.

• Vendor & Risk Management: Evaluate the security posture of our supply chain and conduct internal risk assessments.

• Incident Response: Develop and maintain our incident response plan, leading the charge if a security event occurs.

• Security Culture: Conduct security awareness training and act as the internal expert for all things privacy and security.

Who you are

We’re looking for a security leader who thrives in the "zero-to-one" phase of a startup. You are pragmatic and understand that security should enable the business, not block it. You are equally comfortable talking to an external auditor as you are debugging a CloudTrail log.

Minimum requirements

• Eligible to work in the UK

• At least 4 years of experience in information security, with a strong background in both compliance and technical security engineering.

• Solid understanding of networking, encryption, and web security fundamentals.

• Ability to thrive in a fast-paced startup where you need to be self-directed and highly indexed on execution.

Preferred requirements

• Proven track record of managing ISO 27001 and successfully delivering SOC 2 audits (ideally in a startup environment).

• Hands-on experience with cloud security (AWS, GCP, or Azure) and infrastructure-as-code (Terraform).

• Deep understanding of endpoint management and modern IT security tools (MDM, EDR, SSO).

• Experience in the Financial Services or FinTech sector, understanding the specific regulatory hurdles (e.g., DORA).

• Professional certifications such as CISSP, CISM, or AWS/GCP Security Specialist.

• Scripting proficiency (Python or Bash) to automate security checks and reporting.

• Experience securing AI/ML pipelines or handling large-scale sensitive datasets.

Working at Malted

We’re based in Edinburgh and work from the office three days a week (Monday, Wednesday and Friday). The rest of the week is work from home. We keep a high bar for technical quality but a low tolerance for ego. You’ll join a team that values precision, humour and intellectual honesty.

Benefits

• Competitive salary

• Pension and stock options

• Medical and life insurance

• Hybrid working and ad-hoc flexibility

• The chance to work on one-of-a-kind products at the forefront of the AI industry

• Professional development and growth opportunities

• A collaborative, inclusive workplace that promotes innovation and teamwork

• Free snacks and drinks

• Social events and company outings

• Relocation assistance for candidates moving to Edinburgh

Malted is an equal opportunities employer and we welcome applications from people of all backgrounds.

We are not working with recruitment agencies on this role – we are keen to hear directly from candidates who are excited about what we’re building at Malted.