Then Just Eat Takeaway.We’re a leading global online delivery platform, and our vision is to empower everyday convenience.
Whether it’s a Friday-night feast, a post-gym poke bowl, or grabbing some groceries, our tech platform connects tens of millions of customers with hundreds of thousands of restaurant, grocery and convenience partners across the globe.
The InfoSec team at JET is scaling its security partnership and vendor assurance capability across a complex, cloud-native environment spanning multiple markets. As Security Business Partner, you will own the day-to-day delivery of vendor security reviews and shift-left security practices within engineering and product teams. You will work closely with the Security Business Partner function to embed security thinking early and give JET confidence in its third-party supply chain. Execute vendor security assessments by collecting, analysing, and documenting supplier control evidence, audit reports, and risk findings against defined frameworks including ISO 27001 and NIST CSF.
Identify and document third-party security risks, recommending proportionate risk treatment options aligned to JET's risk appetite.
Support threat modelling, secure design reviews, risk remediation recommendations and early-stage risk assessments alongside engineering teams as part of the secure development lifecycle.
Translate security findings into clear, business-aligned risk language for product and stakeholders, reducing reliance on technical jargon.
Maintain accurate risk registers, vendor assessment records, and reporting inputs that feed into executive-level risk dashboards.
Build working relationships with business and technology teams across multiple markets, acting as a visible and trusted point of contact for security guidance.
Demonstrated ability to execute security risk assessments and vendor reviews end-to-end, including evidence collection, gap analysis, and documented findings.
Working knowledge of security frameworks such as NIST CSF, ISO 27001, or CIS Controls applied in a product or engineering context.
Ability to communicate security risk clearly to both technical and non-technical audiences, without defaulting to jargon or compliance-speak.
Familiarity with GRC concepts including risk management, controls design, and third-party assurance, gained through hands-on practice rather than solely policy work.
Our teams forge connections internally and work with some of the best-known brands on the planet, giving us truly international impact in a dynamic environment.
They guide every interaction, every decision, every innovation. Fun, fast-paced and supportive, the JET culture is about movement, growth, helping one another to succeed and celebrating wins. By truly living our values and embodying our behaviours, we’re building a customer-first culture which enables us to stay one step ahead of the competition.
Inclusion, Diversity & Belonging
We’re committed to creating an inclusive culture, encouraging diversity of people and thinking, in which all employees feel they truly belong and can bring their most colourful selves to work every day.