Head of Information Security

As the Head of Information Security, you’ll build and lead a modern security‑led function. This is a hands‑on role by design: you’ll shape and deliver security through code, automation, and pragmatic technical controls. You’ll work closely with the CTO and engineering team to embed security into how we build, ship, and operate our product ecosystem. You’re excited by AI‑driven security and continuous improvement. The responsibility Define, implement, and evolve information security strategy in line with business objectives, regulatory obligations, and risk appetite Lead the development and maintenance of Information Security policies, standards, and controls, ensuring alignment with frameworks such as ISO 27001, SOC2 and NIST CSF Lead compliance efforts across GDPR, PCI DSS, and other applicable regulations. Embed secure‑by‑design principles and DevSecOps practices across engineering and delivery teams. Use AI and automation to improve detection, prevention, and response Lead incident response and threat modelling with a practical, engineering‑first mindset Own and manage the Information Security Risk Register; ensure risks are assessed, documented, and mitigated effectively Oversee third‑party risk management, including supplier due diligence, onboarding, and continuous monitoring Oversee operational security activities, including threat detection, vulnerability management, and incident response Develop and maintain incident response playbooks and lead investigations where required Collaborate with our SOC and Systems teams to strengthen detection, response, and automation capabilities Define and maintain the information classification and handling standard. Ensure security controls for customer data, employee data and payment data are implemented and monitored Support client assurance and audit activities, providing evidence of our security posture. Mentor and develop members of the Information Security team You’ll bring Security certifications such as CISSP, CISM, or equivalent A strong working knowledge of cyber and information security standards such as ISO 27001, NIST, CIS, PCI DSS, and GDPR Experience leading cyber assurance or risk programmes at a strategic level Strong technical grounding across key security domains: network, cloud, endpoint, application, and data security Experience managing or working with vulnerability management tools, SIEM/SOC environments, and incident response processes Excellent communication and stakeholder management skills, with the ability to influence at all levels of the organisation Sound judgement, strong written skills, and confidence operating in ambiguity Our offices are primed to engender a team atmosphere, with breakout spaces provided for you to enjoy time with your colleagues. In addition to a fantastic work environment, you can look forward to a vibrant social scene outside the workplace with events and activities held year round for everyone to enjoy! #J-18808-Ljbffr