About Lendable
Lendable is on a mission to build the world's best technology to help people get credit and save money.We're building one of the world’s leading fintech companies and are off to a strong start:
One of the UK’s newest unicorns with a team of just over 600 people
Among thefastest-growing tech companies in the UK
Profitable since 2017
Backed by top investors including Balderton CapitalandGoldman Sachs
Loved by customers with the best reviews in the market (4.9 across 10,000s of reviews on Trustpilot)
So far, we’ve rebuilt the Big Three consumer finance products from scratch:loans, credit cards and car finance. We get money into our customers’ hands in minutes instead of days.
We’re growing fast, and there’s a lot more to do: we’re going after the two biggest Western markets (UK and US) where trillions worth of financial products are held by big banks with dated systems and painful processes.
Join us if you want to
Take ownershipacross a broad remit. You are trusted to make decisions that drive a material impact on the direction and success of Lendable from day 1
Work in small teams of exceptional people, who are relentlessly resourceful to solve problems and find smarter solutions than the status quo
Build the best technology in-house, using new data sources, machine learning and AI to make machines do the heavy lifting
About the role
We are looking for a Governance, Risk, and Compliance Specialist to join our InfoSec team and help secure our growing platform and products.
This role requires an analyst who has experience working on certifications such as ISO 27001 and SOC 2. You’ll work closely with colleagues in the InfoSec team, along with IT, DevOps, Product and Engineering teams.
Additionally, someone who can bridge the gap between development teams and security governance, ensuring we maintain a high standard of security, operational resilience, and regulatory compliance as we scale.
You will be instrumental in the execution of our security strategy, directly contributing to our GRC, audit, and policy functions.
What you’ll be doing
This role primarily covers GRC functions, including certifications, internal and external audit, and helping to improve the security posture of the organisation.
Governance, Risk, & Compliance (GRC)
Vendor Security Reviews: Execute vendor security assessments and due diligence reviews for new and existing third-party suppliers, maintaining required documentation for the Vendor Governance Forum.
Certification Support: Assist the team in achieving and maintaining compliance with key regulatory and industry frameworks, including GDPR, ISO 27001, SOC2, and PCI DSS, by gathering evidence and documenting controls.
External Audit Management: Liaise with external auditors and project manage our annual audits, being a primary point of contact for auditors and internal stakeholders.
Policy & Standards: Help translate high-level security policies into practical, actionable security standards and control requirements for engineering teams.
Risk Reporting: Document and track identified risks from AppSec, vendor reviews, and operations, ensuring they are accurately captured and reported.
Security Training: Support the delivery of security awareness and training programs tailored for technical and non-technical staff.
What we're looking for
Experience & Skills
Proven experience as a GRC Specialist, Security Analyst, or similar role
Practical experience in conducting vendor security assessments and performing technical due diligence on third parties
Excellent knowledge of common security frameworks and regulations (e.g., ISO 27001, SOC 2, PCI DSS), with experience supporting audit processes
Experience working with external auditors
Awareness or practical experience with AI-powered security tooling (e.g., AI-driven monitoring, generative AI for code review, or AI defense mechanisms)
Excellent communication skills, capable of explaining complex security concepts to both technical and non-technical audiences
Desirable
Experience leading certification processes
Experience automating compliance and audit tasks
Relevant certifications (e.g., CISSP, CGRC, ISO 27001 Lead Implementer, etc)
Experience working in FinTech or a regulated environment
Experience working in organisations that utilise modern cloud environments (AWS, GCP, or Azure) and container orchestration technologies (e.g., Kubernetes)
Interview process
Intro Call with People Team: A brief conversation to get to know you and your background
Call with VP of Technology: A deeper dive into your experience and how it aligns with our vision
Technical and Cultural Interview: A deeper session where you’ll meet with several team members and stakeholders to discuss your motivations and expertise, and your approach to delivery and collaboration
Life at Lendable
The opportunity to scale up one of the world’s most successful fintech companies.
Best-in-class compensation, including equity.
You can work from home every Monday and Friday if you wish - on the other days, those based in the UK come together IRL at our Shoreditch office in Londonto be together, build and exchange ideas.
Enjoy afully stocked kitchen with everything you need to whip up breakfast, lunch, snacks, and drinks in the office every Tuesday-Thursday.
We care for ourLendies’ well-being both physically and mentally, so we offer coverage when it comes to private health insurance
We're an equal-opportunityemployer and are looking to make Lendable the most inclusive and open workspace in London
Check out our blog!