Head of Information Security
Head of Information Security - CISSP, CISM, ISO27001, NIST, PCI DSS, GDPR, DevSecOps, Cloud Security, SIEM, SOC, AI Security. Permanent, West London, Hybrid Working. c.£100k +Benefits
Head of Information Security / CISO / Senior InfoSec Consultant required to lead and develop a modern, security-first function within a growing technology business. Reporting to the CTO, you'll combine strategic leadership with a hands-on technical approach, working closely with Engineering, Infrastructure and Operations teams to embed security across the organisation.
The role will adopt Information Security strategy, governance, risk and compliance while implementing practical security controls, automation and DevSecOps best practice. This is an excellent opportunity to influence technology strategy, lead security initiatives and help shape a mature, AI-enabled security capability whilst remaining hands-on in the early stages. In time, you will build a small team of InfoSec and Cyber Security Analysts around you.
Key Responsibilities:
- Define and deliver the Information Security strategy, policies and governance framework.
- Define and develop robust security controls inline with both business practices and compliance requirements inc ISO27001, CE+, SOC2, NIST CSF, GDPR and PCI DSS.
- Embed Secure by Design and DevSecOps principles across engineering teams.
- Lead cyber risk management, incident response, threat modelling and vulnerability management using a range of contemporary tools.
- Drive AI and automation to enhance security operations and threat detection.
- Oversee third-party security, supplier assurance and client audits.
- Recruit, mentor, lead and develop the Information Security team.
As such,, we're looking for candidates with experience leading Information Security or Cyber Security functions within technology-led organisations. You will possess:
- CISSP, CISM or equivalent security certification.
- Strong knowledge of ISO27001, NIST, PCI DSS, GDPR and Information Security Governance.
- Experience developing security strategy, GRC and cyber risk programmes including definition of security controls
- Strong technical knowledge across cloud, network, endpoint, application and data security.
- Experience with SIEM, SOC, vulnerability management and incident response.
- Knowledge of DevSecOps, security automation and modern cloud environments.
- Excellent communication, stakeholder management and leadership skills.
You may have been working as a CISO, Information Security Manager, Cyber Security Consultant or within another senior InfoSec/CyberSec capacity which has granted you experience in both security control definition and hands-on practical management of security threats and incidents including vulnerability scanning and penetration testing.
This is an outstanding opportunity to join a forward-thinking organisation where you'll shape the security strategy, influence technology direction and build a modern Information Security function using the latest cloud, automation and AI technologies.