Chief Information Security Officer (CISO) Location: London (Hybrid Working Model)
Salary: Competitive + Bonus + Equity Options
Type: Full-time, Permanent
Chief Information Security Officer (CISO) to join a fast-scaling, high-impact organisation in the heart of London. This is a strategic, foundational hire —you will be responsible for designing and building out a brand-new Governance, Risk, and Compliance (GRC) function from the ground up.
As the company continues to grow, the need for a comprehensive and mature cybersecurity posture has never been greater. You will own the security vision and strategy while rolling up your sleeves to implement, scale, and continually improve our approach to GRC, risk management, threat mitigation, and compliance frameworks.
Design and implement a scalable GRC framework tailored to the business, addressing risk management, compliance standards (ISO 27001, NIST, SOC 2, etc.), Develop and execute a long-term cybersecurity strategy aligned with business goals, balancing innovation and risk.
Oversee day-to-day cybersecurity operations, including threat detection, incident response, vulnerability management, and network security.
Risk Management:
Identify and manage risks to information assets and IT systems. Lead enterprise risk assessments and mitigation planning.
Compliance & Regulatory:
Ensure adherence to global data protection regulations (GDPR, PCI-DSS, etc.), working closely with legal and data protection teams.
Act as the subject matter expert on cybersecurity at the board and executive level. Communicate risk posture, security investments, and incident updates clearly and confidently.
Team Building:
Provide leadership, mentoring, and continuous development.
Guide the evaluation, adoption, and deployment of security tools and technologies that support the company’s security strategy.
Promote a strong security culture across the organisation through awareness, training, and policy implementation.
10+ years of experience in information security, with at least 5 years in a senior leadership or CISO role.
~ Demonstrable experience building and scaling a GRC function in a complex environment.
~ Deep knowledge of information security standards (ISO 27001, NIST, CIS), risk frameworks (COSO, FAIR), and regulatory obligations (GDPR, PCI-DSS, SOX).
~ Strong grasp of both technical cybersecurity and governance frameworks, with the ability to balance business priorities and risk.
~ Hands-on leadership style, with experience in scaling teams, setting KPIs, and building out internal processes from the ground up.
CISSP – Certified Information Systems Security Professional
CISM – Certified Information Security Manager
CRISC – Certified in Risk and Information Systems Control
CCSP, AWS Security Specialty ) are a bonus
Be the architect of a brand-new GRC function with real ownership from day one
Influence and shape security strategy at the executive level
Join a forward-thinking, agile business at a pivotal stage of growth
Competitive salary, bonus, and equity
Work in a hybrid model, with flexibility and autonomy