Security Strategy Lead Hybrid in London, United Kingdom The company Small businesses move fast. Opportunities often don’t wait, and cash flow pressures can appear overnight. To keep going, and growing, SMEs need finance that’s as flexible and responsive as they are. That's why we built iwoca. Our smart technology, data science and five-star customer service ensures business owners can act with the speed, confidence and control they need, exactly when it's needed. We’ve already cleared the way for 100,000 businesses with more than £4 billion in funding. Our passionate team is driven to help even more SMEs succeed, through access to better finance and other services that make running a business easier. Our ultimate mission is to support one million SMEs in their defining moments, creating lasting impact for the communities and economies they drive. The team iwoca builds and operates credit products that handle sensitive financial and customer data, where securing such data is important. Until now, security has been managed across engineering and IT. This role establishes security as a dedicated discipline, embedded in how products are designed, built, and operated, with a focus on proportionate controls aligned to real risk rather than abstract compliance goals. The role As Security Strategy Lead, you’ll define how security works at iwoca and own the decisions that shape it. You’ll assess security risks, influence priorities across teams, and embed security into how products are built and operated. This is iwoca’s first dedicated security role, reporting to the Engineering Director, with visibility at company level and scope to shape standards, ways of working, and long-term security strategy. You’ll be accountable for the following areas, deciding priorities and how work is delivered in iwoca’s context. We expect this to involve judgement, trade-offs, and discussion rather than following a fixed playbook. Security strategy and leadership: Own iwoca’s security strategy, minimising security risk while avoiding unnecessary friction for customers and developers. Act as the key decision maker for security checks and processes, and decide how the security function evolves over time, including when to use internal capability, third-party expertise, or new tooling. Tooling and process optimisation: Decide how security tooling and processes should be designed and applied across iwoca’s systems. Maintain a consolidated view of our security posture, including identity risks, third-party exposure, and supply-chain vulnerabilities, and oversee the development or adoption of automated detection where it adds value. Monitoring, reporting, and continuous improvement: Establish monitoring and reporting that provides visibility into the effectiveness of security controls. Use this to generate insights, recommend improvements, and guide prioritisation as risks and the business evolve. Collaboration and incident response: Work closely with product, engineering, and infrastructure teams to align on security priorities and trade-offs. Act as the primary point of contact for security matters and lead coordinated incident response and triage of emerging threats. The requirements Essential: Proven ability to analyse security risks across application and infrastructure systems, and implement effective protections and monitoring solutions. Understanding of security techniques such as static analysis, network scanning, and penetration testing, and how to apply them in practice. Experience turning security plans into action, prioritising work, and delivering meaningful improvements with engineering teams. Experience leading or influencing change across teams, making trade-offs explicit and aligning security decisions with business context. Bonus: Experience contributing to security certifications such as ISO 27001. Experience building security practices in a fast-growing company. Exposure to identity-based attacks, supply chain vulnerabilities, or other advanced threat classes. The salary We expect to pay from £100,000 - £150,000 for this role. But, we’re open-minded, so definitely include your salary goals with your application. We routinely benchmark salaries against market rates, and run quarterly performance and salary reviews. The culture At iwoca, we prioritise a culture of learning, growth, and support, and invest in the professional development of our team members. We value thought and skill diversity, and encourage you to explore new areas of interest to help us innovate and improve our products and services. The offices We put a lot of effort into making iwoca a great place to work: Offices in London, Leeds, Berlin, and Frankfurt with plenty of drinks and snacks. Events and clubs, like bingo, comedy nights, football, etc. The benefits Flexible working hours. Medical insurance from Vitality, including discounted gym membership. A private GP service (separate from Vitality) for you, your partner, and your dependents. 25 days’ holiday per year, an extra day off for your birthday, the option to buy or sell an additional five days of annual leave, and unlimited unpaid leave. A one-month, fully paid sabbatical after four years. Instant access to external counselling and therapy sessions for team members that need emotional or mental health support. 3% Pension contributions on total earnings. An employee equity incentive scheme. Generous parental leave and a nursery tax benefit scheme to help you save money. Electric car scheme and cycle to work scheme. Two company retreats a year: we’ve been to France, Italy, Spain, and further afield. And to make sure we all keep learning, we offer: A learning and development budget for everyone. Company-wide talks with internal and external speakers. Access to learning platforms like Treehouse. Useful links: iwoca benefits & policies Interview welcome pack