Head of Information Security & Controls

About WSD

WSD is a leading provider of document and workflow automation software for the global structured products industry. With a strong presence in the financial services sector, WSD supports tier-one banks and asset managers by delivering scalable, secure, and cloud-agnostic solutions that streamline operations from inception to maturity. Backed by private equity and headquartered in London, WSD combines deep domain expertise with cutting-edge technology to drive operational excellence and regulatory compliance.

Role Overview

As Head of Information Security & Controls, you will be responsible for defining, implementing, and maintaining WSD’s security strategy, governance framework, and operational security controls. This is a senior leadership role requiring strategic vision, hands-on technical oversight, and cross-functional collaboration across engineering, compliance, and client-facing teams.

Key Responsibilities

Strategic Leadership

• Own and deliver WSD’s security strategy and roadmap.
• Lead the development and maintenance of security and governance policies, standards, procedures, and configurations.

Security Operations

• Oversee all technical security controls across infrastructure, endpoints, and mobile devices.
• Manage the Managed Detection & Response (MDR) service including SIEM/SOC/alerting.
• Lead Threat & Vulnerability Management using Qualys VMDR.
• Oversee Web Application Scanning (Qualys WAS) and Static Code Analysis (SonarQube).
• Direct the Security Incident Management process and ensure timely resolution.

Compliance & Risk Management

• Maintain ISO/IEC 27001:2022 certification and ensure ongoing compliance.
• Lead risk management activities including risk assessments and mitigation planning.
• Manage external security assessments and ensure timely remediation.
• Serve as the principal authorizer for policy exceptions, privileged access, and critical security decisions.

Governance & Vendor Oversight

• Manage vendor relationships and ensure third-party compliance with WSD’s security standards.
• Oversee escrow arrangements and change management processes.

Business Continuity & Disaster Recovery

• Ensure BC & DR plans are current, tested, and effective.
• Lead BC & DR testing and remediation activities.

Client & Regulatory Engagement

• Respond to client security questionnaires and audits with accuracy and professionalism.
• Liaise with client-side security, risk, vendor, compliance, and audit teams.

Team Leadership

• Manage and mentor a small, high-performing Security team.
• Foster a culture of security awareness and continuous improvement across the organisation.

PreSales / Contract Reviews

• Support pre-sales and onboarding processes by defining security requirements and participating in due diligence discussions.
• Act as the security authority for reviewing data processing agreements, SLAs, and regulatory obligations tied to client engagements.

Qualifications & Experience

• Proven experience in a senior information security role, ideally within fintech or SaaS.
• Strong understanding of ISO/IEC 27001, SOC, SIEM, vulnerability management, and secure SDLC.
• Experience managing external audits, pen tests, and client compliance engagements.
• Excellent stakeholder management and communication skills.
• Relevant certifications (e.g., CISSP, CISM, ISO Lead Auditor) are highly desirable.

Why Join WSD?

• Be part of a mission-critical team powering the structured products industry.
• Work with cutting-edge technologies in a cloud-agnostic environment.
• Collaborate with experienced professionals in a fast-paced, innovative culture.
• Enjoy a flexible, hybrid working model and strong career development opportunities.
  
  

If you have the skills, experience and drive to excel in this challenging and rewarding role, we would love to hear from you. Apply today and take the next step in your career with us!

WSD is an employer that values diversity.We highly encourage applications from appropriately qualified and eligible candidates irrespective of age, race, religion, national origin, gender, sexual orientation, gender identity and/or expression,veteranstatus, disability, or any other status protected by applicable law.