Head of Information Secuirty

Roletitle: Head of Information Security

Reportsto: CTOO

Location: Hub Location

Hoursofwork: Full time, with 3 days per week in the office

SMCR Function: Certified

Purpose of role

As Head of Information Security you will define and drive the information security strategy across our financial services business. You will lead a team of security professionals to safeguard customer data, ensure compliance with regulatory frameworks, and build a culture of security awareness throughout the organisation. Your strategic vision and hands-on expertise will protect critical systems and support business growth.

Key Responsibilities

• Develop and maintain the enterprise information security strategy aligned with business goals

• Oversee security architecture, vulnerability management, incident response, and threat intelligence

• Lead security risk assessments and manage remediation plans for identified gaps

• Ensure compliance with financial regulations (e.g. GDPR, PCI DSS, SOX, FCA requirements)

• Establish and enforce security policies, standards, and procedures

• Report security posture, incidents, and key metrics to senior leadership and the board

• Drive security awareness and training programmes for all employees

• Manage relationships with external auditors, regulators, and security vendors

• Mentor, hire, and retain high-performing information security talent

• Managing security for cloud-first environments (AWS, Azure, Google Cloud)

• Implementing Security Operations Centres (SOC) and automated security monitoring

• Leading third-party risk management and vendor security programmes

• Experience with DevSecOps practices and secure software development lifecycle (SDLC)

• Proven leadership experience in information security within financial services

• Deep understanding of regulatory and compliance requirements for banking and finance

• Strong track record of designing and implementing security frameworks (ISO 27001, NIST)

• Hands-on experience with SIEM, DLP, IAM, and endpoint security technologies

• Excellent risk assessment and incident management skills

• Outstanding communication skills with the ability to influence stakeholders at all levels

• Strategic mindset with the capability to balance security controls and business agility

SM&CR Responsibilities

As an FCA regulated Company, Ascot Lloyd are required to adhere to the Senior Managers and Certification Regime (SM&CR), to develop a culture where employees take personal responsibility for their own actions.

Individual Conduct Rules

1. You must act with integrity
2. You must act with due care, skill and diligence
3. You must be open and co-operative with the FCA, PRA and other regulators
4. You must pay due regard to the interests of customers and treat them fairly
5. You must observe proper standards of market conduct
6. You must act to deliver good outcomes for clients