Job Description:

Our future Head of Information Security is expected to lead our security architecture and operations ensuring that systems, data, and processes are secure and resilient to both internal and external threats, and our people and clients are protected from any risks. 

This role will also focus on educating our teams on best security practices and building a culture of security awareness throughout the organisation.
The ideal candidate will have previous experience as a CSO, CIO, CISO, Head of Security particularly in the GovTech, FinTech, RegTech industries.

Additional information: The Head of Information Security reports directly to the Chief Executive Officer.

Job Responsibilities: 

• Security Strategy Development:

  • Design and implement a comprehensive security strategy that aligns with business objectives and addresses both digital and physical security risks.

  • Collaborate with senior leadership to assess and prioritise security initiatives in line with business goals and operational needs.

  • Create a proactive and sustainable security framework that is adaptable to the fast-paced nature of a rapidly growing scale-up organisation.

• Cybersecurity Oversight:

  • Lead the development and maintenance of cybersecurity policies, procedures, and standards to protect the company's data and systems.

  • Oversee the implementation of advanced security technologies, tools, and protocols to mitigate cyber risks, including firewalls, intrusion detection systems, and endpoint protection.

  • Work closely with the CTO organisation, NOC teams to ensure network and system security, implement access control measures, and safeguard company assets.

• Risk Management:

  • Identify, assess, and prioritise potential security threats, vulnerabilities, and risks to the organisation’s information, personnel, and physical assets.

  • Develop and implement risk mitigation strategies to minimise the impact of security incidents, breaches, or other crises.

  • Conduct regular security audits, vulnerability assessments, and penetration testing to ensure security integrity across the company’s infrastructure.

• Incident Response & Crisis Management:

  • Develop and manage the company’s incident response plan, ensuring quick and effective responses to security breaches or crises.

  • Lead and coordinate the investigation of security incidents and breaches, providing detailed reports and recommendations for remediation.

  • Act as the primary contact for any security-related crisis, coordinating with law enforcement, external agencies, or third-party providers when necessary.

• Physical Security:

  • Oversee the physical security of company facilities, ensuring proper measures are in place to protect employees, equipment, and intellectual property.

  • Implement access control systems, surveillance, and other physical security protocols to safeguard company offices or data centers.

  • Work with facilities management to ensure that all physical security measures meet industry standards and legal regulations.

• Compliance & Regulatory Oversight:

  • Ensure compliance with relevant security-related regulations and standards (e.g., GDPR, CCPA, SOC 2, ISO/IEC 27001).

  • Liaise with Finance & Operations and Legal, Risk & Compliance Divisions to ensure that security policies meet all necessary regulatory requirements.

  • Prepare the organisation for security audits, providing documentation and evidence of compliance where needed.

• Cross-Functional Collaboration:

  • Collaborate closely with the CTO within the Technology Division to align security protocols with the company's technological infrastructure.

  • Ensure security considerations are integrated into Product Vision & Strategy, Delivery, Technology Management, and overall IT strategies.

  • Regularly review security architecture and recommend improvements based on emerging technologies or evolving threat landscapes.

  • Collaborate with People Ops to implement onboarding and ongoing training programs focused on cybersecurity and data privacy for each team member of the company.

Required Qualifications: 

• Master’s degree in Cybersecurity, Information Technology, or a related field.

• 10+ years of experience in security management, with at least 5 years in a senior leadership role overseeing both cybersecurity and physical security.

• Deep knowledge of cybersecurity frameworks, tools, and technologies, including network security, encryption, threat modelling/detection, and incident response.

• Proven knowledge of software development lifecycle and familiar with SAST/DAST.

• Proven experience managing physical security protocols, including access controls, surveillance systems, and security for physical assets.

• Excellent understanding of risk management principles, regulatory compliance, and security auditing processes, including international frameworks (e.g., GDPR, SOC 2, ISO/IEC 27001).

• Establish cooperation with National AM CERT/CSRT and similar international teams and organisations.

• Strong leadership skills with experience in building and managing security teams, as well as working cross-functionally with other departments.

• Demonstrated ability to lead incident response and crisis management efforts, with strong problem-solving skills under pressure.

• Excellent communication skills, with the ability to convey complex security concepts to both technical and non-technical stakeholders.

• Relevant certifications in the field (CISSP, CISM, or CISA) are nice to have.

Recruitment Process:

• HR Introductory Interview – 30 mins, online.

• Tech Interview with the CTO – up to 1 hour, offline.