Head of Security

This job is brought to you by Jobs/Redefined, the UK's leading over-50s age inclusive jobs board.

Sonata One is a rapidly scaling, regulated fund services and technology (fintech) business. We're The Private Funds Clearinghouse, connecting more than 53,000 investors with 6,500 funds and 180 fund managers around the globe. Our vision is to change the paradigm of private markets investing through harmonising the end-to-end investment process within one platform. Investors benefit from a seamless, one & done experience across the fund lifecycle (from fund selection and subscription through to settlement and reporting) underpinned by a globally compliant KYC passport and 24/7 support. Fund managers can raise capital faster at a lower cost from a wider pool of pre-approved investors. Founded in 2015, Sonata One has a presence in eight locations worldwide including the US, UK, Luxembourg, Guernsey, South Africa, and Mauritius.

We operate as #OneGlobalThread in line with our values: We challenge the norm, we change the way we think and work, by connecting systems and people, while committing to our vision and each other. We are now looking to recruit an experienced Head of Security to join our global team.

We are seeking a highly skilled Head of Security to lead and enhance the security posture of Sonata One. This role is critical in protecting the confidentiality, integrity, and availability of our information systems and data. The ideal candidate will have a deep understanding of cybersecurity threats, risk management frameworks, regulatory compliance, and modern security technologies. This role also includes responsibilities typical of a Data Protection Officer, ensuring that data privacy and governance meet the high regulatory standards of the financial sector.

1. Strategic Management and Security Operations

• Develop, implement, and maintain information security policies, standards, and procedures.

• Lead the organization's cybersecurity strategy, risk assessments, and security roadmap.

• Manage information security projects and initiatives across IT and business units.

• Collaborate with senior leadership to align security goals with business objectives.

• Lead risk assessments and threat modelling exercises for internal systems and third-party services.

• Manage the deployment and maintenance of security solutions (SIEM, firewalls, endpoint protection, DLP, etc.).

• Oversee the organization's incident response and business continuity plans, including simulations and real-time responses.

• Conduct regular security audits and work with internal/external auditors to support compliance.

• Collaborate with IT and business units to ensure secure systems development and operations.

• Ensure compliance with regulatory and legal security requirements (e.g., ISO 27001, NIST, HIPAA, GDPR, SOX, etc.).

• Ensure compliance with applicable data protection laws (e.g., GDPR, CCPA, GLBA).

• Guide Data Protection Impact Assessments (DPIAs) for high-risk financial data processing activities.

• Work closely with Legal, Risk, and Compliance to monitor data handling practices across business units.

• Perform regular risk assessments and implement appropriate risk mitigation controls.

• Work with internal and external auditors on information security reviews.

• Promote a culture of security awareness across the organization.

• Deliver security training and education programs for employees.

• Serve as a subject matter expert on information security practices and controls.

• Bachelor's degree in information security, Computer Science, or a related field

• 5-7+ years of experience in information security, preferably in financial services.

• In-depth understanding of security frameworks (e.g., ISO/IEC 27001, NIST CSF, CIS Controls) and cybersecurity principles, practices, and regulatory requirements in the finance sector.

• Experience in security technologies such as firewalls, IDS/IPS, SIEM, encryption, and identity management.

• Experience with secure cloud computing platforms (e.g., Azure) in a regulated environment.

• Familiarity with data analytics platforms and financial data governance tooling.

• Strong working knowledge of financial compliance frameworks (e.g., GLBA, SOX, FFIEC CAT, NYDFS).

• Familiarity with privacy regulations (GDPR, CCPA) and best practices in data governance.

• Certifications such as CISSP, CISM, CISA, CRISC, or Certified Data Protection Officer (CDPO) are highly desirable.

We offer a collaborative and inclusive work culture that values innovation and diversity. Everyone has an important role to fulfill, and your contribution will be an integral part of our success story.

• Competitive compensation package

• Flexibility in work arrangements, including remote work options.

• Opportunities for professional growth and career advancement.