Chief Information Security Officer

CISO | Global SaaS | PE-Backed | Build & Lead Security Function

A high-growth global SaaS business with 600 people worldwide (130 in Engineering) is entering a critical phase: consolidating multiple products and scaling from ~$100m ARR to ~$200m over the next three years. Backed by a leading private equity firm, this is a rare opportunity to own and build the security function from scratch , shaping strategy, operations, and security culture across the company.

We’re looking for a hands-on, technically credible CISO who thrives at the intersection of strategy and execution. You’ll define the security agenda, build the team, implement robust practices across engineering and product teams, and create a culture where security is embedded into every aspect of the business. You’ll need experience scaling security in SaaS, ideally in PE-backed environments, and a track record of delivering measurable improvements across people, processes, and technology.

Reporting to the CTO, you’ll take full ownership of the security function, partnering closely with Engineering, Product, and leadership to protect growth, enable innovation, and strengthen enterprise resilience.

Strategic initiatives include:

• Conduct a full security assessment and define a phased roadmap for remediation and long-term controls
• Implement and enforce policies, processes, and standards, ensuring compliance with ISO27001, SOC2, and contractual obligations
• Build monitoring and incident-response capabilities (SOC/MDR) for proactive detection and rapid response
• Establish operational security practices, including safe handling of production data and consistent risk management
• Drive a security-first culture across engineering and product teams, embedding accountability and awareness
• Lead resilience initiatives such as ransomware drills and compliance checks for global data residency requirements
• Serve as the main security contact for customers, providing confidence and addressing critical security questions

Who we’re looking for:

• Proven experience leading security in SaaS, ideally PE-backed, across multiple regions including North America
• Hands-on technical expertise in cloud and infrastructure security, incident management, penetration testing, and remediation
• Deep knowledge of ISO27001, SOC2, and data residency requirements, with experience embedding and maintaining compliance
• Skilled at modernising security culture, implementing scalable processes, and embedding accountability across distributed teams
• Comfortable in technical discussions, able to engage in architecture reviews and tooling decisions
• Proactive, curious, and outcomes-focused - able to anticipate risks, solve complex problems, and drive continuous improvement

Location & Package:

London HQ, hybrid (3 days in-office). Strong package with an attractive equity opportunity.