Enable job alerts via email!
Head of Information Security
CFC
London
On-site
GBP 80,000 - 120,000
Full time
30+ days ago
Boost your interview chances
Create a job specific, tailored resume for higher success rate.
Job summary
A leading company in London is seeking a Head of Information Security to lead their security program. This role involves managing key areas such as Third-Party Security Risk Management and Data Loss Prevention, ensuring compliance with various regulatory frameworks. The ideal candidate will have proven leadership experience and a strong background in security governance, vendor management, and risk assessment.
Qualifications
- Proven leadership in information security governance within regulated environments.
- Strong familiarity with UK, US, European, and Australian regulatory frameworks.
- Ability to translate complex regulatory requirements into practical controls.
Responsibilities
- Manage cyber incidents and support global coordination.
- Collaborate with legal and procurement for Third Party Risk Management.
- Oversee DLP strategy and incident response activities.
Skills
Leadership in information security governance
Regulatory frameworks knowledge
Risk-based approach
Vendor management
Incident response
Project management
Job description
Head of Information Security
Department: IT Operations
Employment Type: Permanent - Full Time
Location: London
Reporting To: Kirsty Kelly
Description
As Head of Information Security, you will report directly into the Group CISO, and be responsible for leading and managing key pillars of our security programme, with a primary focus on Third-Party Security Risk Management, Data Loss Prevention (DLP), Policy Governance, Security Training & Awareness, and Identity & Access Management (IAM).
You will work closely with the Group CISO to ensure high standards in your areas of responsibility and global adherence to security practices. The ideal candidate will have deep knowledge of regulatory frameworks such as NYDFS Cybersecurity Regulation, GDPR, and other European and Australian data protection laws, bringing a proactive, risk-based approach to security governance and controls operationalization.
About the role
This role involves acting as a member of the CISO’s leadership team, contributing to security strategy, budgeting, and cross-functional planning. Key responsibilities include:
- Managing cyber incidents and supporting the CISO team in global coordination.
- Managing vendor relationships, including renewals, negotiations, and contract updates.
- Collaborating with legal, procurement, and operational resilience teams for end-to-end Third Party Risk Management and supply chain monitoring.
- Leading third-party vendor assessment, onboarding, and ongoing monitoring.
- Implementing risk-based frameworks for evaluating vendor security posture and supply chain evaluation.
- Maintaining and updating security policies, standards, and procedures to reflect evolving threats and regulations.
- Overseeing DLP strategy, tuning tooling and policies, and coordinating incident response activities.
- Developing and measuring the effectiveness of security awareness and training programs.
- Directing IAM strategy, including provisioning, access reviews, and privileged access management.
- Partnering with IT to integrate IAM best practices into enterprise systems.
- Ensuring security controls meet compliance obligations under NYDFS, GDPR, and other relevant regulations.
About you
The ideal candidate will have proven leadership in information security governance within regulated environments, with strong familiarity with UK, US, European, and Australian regulatory frameworks. You will:
- Translate complex regulatory and technical requirements into practical controls, policies, and processes.
- Work effectively with audit and compliance stakeholders during assessments and investigations.
- Possess a strong background in security frameworks, standards, and regulatory requirements, including enterprise IT, cloud security, data protection, threat management, and incident response.
- Be proficient in program and project management reporting.
- Manage third-party vendors, MSSPs, and contract negotiations.
Core Values
Love what you do: We bring passion and intensity to our work, making a positive impact on colleagues and clients.
Challenge everything: We question the status quo and strive to improve continuously.
Have fun, be good: We enjoy our work, welcome diverse viewpoints, and treat everyone with respect.
Challenge everything: We question the status quo and strive to improve continuously.
Have fun, be good: We enjoy our work, welcome diverse viewpoints, and treat everyone with respect.
Get your free, confidential resume review.
or drag and drop a PDF, DOC, DOCX, ODT, or PAGES file up to 5MB.
'/%3e%3cpath%20d='M101.744%2012.4726L102.894%2016.1947L99.0021%2013.2201L101.744%2012.4726ZM105.3%208.40937H100.488L99.0026%203.59473L97.5116%208.41047L92.7%208.40385L96.5965%2011.3834L95.1055%2016.1942L99.0021%2013.2196L101.408%2011.3834L105.3%208.40992V8.40937Z'%20fill='white'/%3e%3cdefs%3e%3clinearGradient%20id='paint0_linear_5593_1381'%20x1='90'%20y1='9.44471'%20x2='99'%20y2='9.44471'%20gradientUnits='userSpaceOnUse'%3e%3cstop%20stop-color='%2300AD70'/%3e%3cstop%20offset='0.998594'%20stop-color='%2300B67A'/%3e%3cstop%20offset='1'%20stop-color='%23DCDCE6'/%3e%3c/linearGradient%3e%3c/defs%3e%3c/svg%3e){kind=small}
Similar jobs
Head of Information Security
Harvey Nash Group
London null
Hybrid
Hybrid
GBP 90,000 - 115,000
Full time
2 days ago
Be an early applicant
Head of Information Security London
Risk Ledger Ltd
London null
Hybrid
Hybrid
GBP 80,000 - 120,000
Full time
13 days ago
Head of Information Security | London, UK
CFC
London null
On-site
On-site
GBP 90,000 - 130,000
Full time
28 days ago
Manager – Investor Services (AML)
JTC Group
London null
On-site
On-site
GBP 55,000 - 90,000
Full time
6 days ago
Be an early applicant
Head of IT & Information Security
Valstro
London null
Hybrid
Hybrid
GBP 80,000 - 120,000
Full time
8 days ago
Land a better
job faster
job faster
