Director of Information Security
Reports to: Chief Executive Officer
Location: Hybrid - Newmarket - 2 days on site, 2 days WFH
Hours: 32 hours across a 4-day week (no salary sacrifice)
Salary: £80,000 - £90,000
Product: Group Level, Wonde, Evouchers & Secure Schools
Who we are and what is important to us:
Beyond unifies three technology-driven brands, Wonde, Evouchers and Secure Schools.
Each brand shares a vision to reduce the friction of adapting technology, to help customers navigate an often overwhelming area and provide powerful solutions that make their everyday life easier.
The three brands run independently with the autonomy to continue to prosper although as part of the Beyond team, you’ll join a wider, supportive environment where you’ll be able to pull on the expertise and capabilities of the group.
We do not limit ourselves to standing still. We look ahead and strive to disrupt the sector we operate in. We believe technology should not be complicated or overwhelming. It should do what it says - quickly, safely and efficiently.
Job snapshot:
As our Director of Information Security, you will be responsible for all aspects of security, governance, and risk management across Beyond. This is a hands-on leadership role for a seasoned security expert with deep expertise in modern technology environments and cloud infrastructure.
You will bring experience in enabling the secure use of AI, managing financial fraud and regulatory compliance, ensuring data protection, and supporting rapidly scaling businesses. Working closely with cross-functional teams, you will establish and maintain a robust security posture while enabling growth and innovation.
What you’ll be doing:
* Define, develop, and implement a comprehensive information security strategy that supports Beyond’s growth while safeguarding assets, data, and systems. (Infrastructure, Physical and personnel)
* Actively oversee and participate in the design, implementation, and management of security & privacy controls, systems, and tools, across the global markets we operate in.
* Oversee and influence all aspects of our governance, risk, and compliance (GRC) frameworks. Ensuring we meet legislative, regulatory, contractual and industry standards such as ISO 27001, FCA Regulations, SOC 2, GDPR, and other relevant regulations.
* Identify, assess, and manage risks associated with our IT business's operations, ensuring appropriate measures are in place to mitigate potential threats.
* Establish and manage a robust incident response plan, including the ability to handle and remediate security & privacy breaches and vulnerabilities in real time.
* Work closely with engineering and DevOps teams to integrate security & privacy best practices into the development lifecycle, infrastructure, and architecture (cloud, hybrid, on-premises).
* Work closely with the Data Protection Officer to ensure that data protection, security and compliance are part of a culture throughout the Beyond group.
* Continuously evaluate and enhance vulnerability management programs, performing risk assessments, security testing, and recommending mitigation strategies.
* Build, mentor, and lead a security and data privacy team to support our security ambitions, ensuring continuous growth and professional development within the team.
* Act as a key point of contact for internal stakeholders (engineering, product, legal) and external auditors, vendors, and clients regarding security-related matters.
* Promote a culture of security and data protection compliance throughout the group through training, awareness programs, and regular updates on best practices and emerging threats.
* Plan and manage departmental budgets and closely monitor spend.
Requirements
What we’re hoping you’ll bring:
* Proven experience in information security, including leadership roles in fast-paced, scale-up, or tech-driven environments.
* Strong technical background with deep knowledge of security technologies, tools, and best practices across areas such as cloud, network security, data protection, and application security.
* CISSP, CISM, CEH, CIPP/E or equivalent certifications
* Extensive knowledge of security and data privacy regulations, such as ISO 27001, SOC 2, UK GDPR, and NIST frameworks.
* Understanding of FCA regulatory requirements and compliance expectations.
* Demonstrated experience in leading security initiatives and teams with the ability to influence and communicate effectively with C-level executives.
* Proven experience in managing complex security incidents and implementing remediation strategies.
* Familiarity with cloud-native security, container security, DevSecOps practices, and modern SaaS environments.
* Experience in high-growth or scale-up companies, balancing security with agility.
* Knowledge of software development lifecycle (SDLC) security best practices.
* Experience working with third-party security vendors and service providers.
* Strategic thinker with the ability to make informed decisions quickly in a dynamic, fast-moving environment.
* Excellent communication and interpersonal skills, capable of working across departments to advocate for security.
* Passion for learning and keeping up with evolving security trends and threats.
* Strong analytical and problem-solving skills with a solution-oriented approach.
Benefits
What you’ll get:
Beyond is much more than just a place to work. It is a place to grow, innovate, excel and learn. We have tech people, creative people and people people, all focused on providing a superior customer experience.
We value, support and champion those we work with - promoting personal growth and happiness. We get that our success is dependent on the collective energy, intelligence and contributions of all our team members and we are committed to ensuring our work environment is the best it can be.
We value your commitment and have worked hard to create adaptable and comprehensive benefits packages to suit individual needs, although you can expect the below as standard:
* 4-day working week
* Flexible working schedule/work-from-home opportunities
* On-site gym facilities at HQ
* Buying and selling holiday scheme
* Additional holiday for length of service
* Employee-assisted programme
* Group life assurance (Death in service)
* Will-writing assistance scheme
* Company pool cars at HQ
* Payroll giving scheme enabling you to support charities of your choice through tax-efficient salary donations
* Health cash plan, covering everyday health treatments
* On-site trained mental health and well-being champions
* Monthly lunch club (on us)
* Discounted retail vouchers via employee savings platform
* Comprehensive wellness programmes
* Enhanced maternity, paternity and adoption benefits
* Electric car scheme & on-site EV charging
* Cycle to Work Scheme
* Eye examination scheme
* Financial contribution to the setup of work-from-home environments
* Use of new and leading technology in the form of Apple products
* Frequent company-funded social events
* Office closure between Christmas & New Year
* Access to continuous learning and development opportunities
* Comprehensive employee referral scheme
* Casual Dress Code
* Free healthy snacks & barista coffee
In addition to the above, you’ll have access to our ‘take your pick’ benefits scheme, which is tailored specifically to you and includes:
* Enhanced pension payments
* Retail vouchers
* Private medical insurance
* Dental plan
* Enhanced Health Cash Plan
If you're selected, we'll guide you through the following checks as part of our offer process:
1. DBS Check: Verification of criminal records.
2. Right to Work: Confirmation of legal work eligibility.
3. References: Automated verification based on HMRC records.
We're excited about finding the right person for this position! With the dynamic market conditions, we're not setting a fixed application deadline. We encourage you to apply as soon as possible, as we'll be filling the role once we find the perfect match.
At Beyond, we celebrate diversity and are committed to being an equal-opportunity employer. We welcome candidates from all walks of life. If you need any accommodations during the application process, please don't hesitate to call or email us.