Information Security Lead London ·

Our mission is to make meaningful learning a part of your everyday life. The shelf life of our skills is now less than 5 years. So, if you stopped learning today, your skills would soon become irrelevant. Think that’s a big problem? You’d be right.

Enter HowNow. Founded in 2019, our Learning and Skills Platform is disrupting the way people learn and upskill through technology. Whether it's finding a quick answer, learning new skills, or tapping into shared knowledge, we make it easy for people to learn what they need, when they need it.

Already used by fast-growing scale-ups and global enterprises such as the UK Government, Investec, and Trainline, we’re pushing the boundaries of how people learn. Plus, we’ve just raised £9M in funding to fuel the next phase of our journey.

Hi, I’m Kuvera, the COO at HowNow. I’m looking for an Information Security Lead to join us. As our first InfoSec hire, you will be our subject matter expert, guiding our fast-growing Learning Tech SaaS platform with your practical knowledge on everything security-related. You’ll be responsible for identifying, assessing, and mitigating risks for the business, as well as developing processes and controls to support our commercial, engineering, and product teams.

Alongside opportunities to develop and grow your career, we're a fun and friendly bunch. Have a look at the video below to understand what it's like to work here.

Day-to-day tasks will include:

Security Ownership & Leadership:

• Own and lead HowNow’s information security function, working cross-functionally to align with business needs.
• Maintain and evolve our ISO 27001 certification and manage the ISMS lifecycle.

Governance, Risk & Compliance:

• Perform regular risk assessments, manage remediation plans, and conduct internal audits.
• Ensure compliance with data protection laws (e.g., GDPR) and customer security requirements.

Policies, Processes & Training:

• Create and manage information security policies, standards, and procedures.
• Deliver internal training, onboarding, and awareness programs to promote secure behaviors.

Security Operations:

• Work with engineering and DevOps to implement security controls across infrastructure (e.g., access control, encryption, logging).
• Lead the incident response process and manage third-party pen testing and vulnerability management.

Customer & Vendor Security:

• Support security questionnaires, RFPs, and due diligence for customer deals.
• Review third-party vendors and tools for security posture and risks.

The key qualities we’re looking for in applicants:

• 3–5 years of hands-on experience in an information security or IT risk/compliance role.
• Experience working at a SaaS company or fast-paced startup/scale-up.
• Good working knowledge of ISO 27001 and experience maintaining or achieving certification.
• Understanding of cloud environments (AWS preferred) and common SaaS security risks.
• Hands-on knowledge of endpoint protection, SIEMs, DLP, IAM, and SSO.
• Clear understanding of data privacy laws (especially GDPR).
• Familiarity with security tools (e.g., endpoint protection, SSO/IAM, monitoring/logging, vulnerability scanning).
• Experience with risk assessments, incident response planning, and writing security policies.
• Strong communication skills, with the ability to explain security concepts to both technical and non-technical teams.

What you’ll get:

Our salaries are calculated using a SaaS benchmarking tool called (Figures). The salary band for this role is £60,000-75,000 per annum. You’ll also receive a 10% performance-based bonus.

Hybrid working (2x a week in our London office, Tuesdays and Thursdays) and flexible working hours.

Work From Anywhere, for up to two weeks per quarter, which you can read about here.

Wind-down Fridays. No meetings from 2 pm onwards on Fridays, for you to wind down for the weekend. Our HowNow’ers use this time to exercise, study, or spend time with family and friends, which you can read about here.

Enhanced maternity and paternity policies, which you can read about here.

25 days holiday, plus bank holidays and your birthday off.

An enhanced employee pension scheme.

Private health insurance through Bupa.

An annual £500 learning and development budget.

Dog-friendly offices — we love our pets!

Monthly socials, including mini-golf, Hijingo, shuffleboarding, 5-a-side football, and badminton.

Access to the top learning platform out there (HowNow+) to keep you at the top of your game.

Cycle to Work scheme.

Financial wellbeing support via Mintago, including access to Yellownest with up to 47% off childcare.

What’s next?

Once you've applied, we’ll contact you within 3 working days. Sometimes it may take longer, but we will respond regardless of the outcome.

1. A 30-minute video call with Lizzie, our Senior People Partner.

2. A 45-minute interview with Kuvera (COO & Co-Founder) covering your technical skills and experience.

3. A short task demonstrating how you'd approach a risk assessment, compliance, governance, and penetration testing, presented to Kuvera, Ashish (CTO), and Anil (Senior Project Manager).