Chief Information Security Officer (CISO) Location: London (Hybrid Working Model) Salary: Competitive Bonus Equity Options Type: Full-time, Permanent About the Role Chief Information Security Officer (CISO) to join a fast-scaling, high-impact organisation in the heart of London. This is a strategic, foundational hire —you will be responsible for designing and building out a brand-new Governance, Risk, and Compliance (GRC) function from the ground up. As the company continues to grow, the need for a comprehensive and mature cybersecurity posture has never been greater. You will own the security vision and strategy while rolling up your sleeves to implement, scale, and continually improve our approach to GRC, risk management, threat mitigation, and compliance frameworks. Key Responsibilities GRC Leadership: Design and implement a scalable GRC framework tailored to the business, addressing risk management, compliance standards (ISO 27001, NIST, SOC 2, etc.), and internal governance controls. Security Strategy: Develop and execute a long-term cybersecurity strategy aligned with business goals, balancing innovation and risk. Security Operations: Oversee day-to-day cybersecurity operations, including threat detection, incident response, vulnerability management, and network security. Risk Management: Identify and manage risks to information assets and IT systems. Lead enterprise risk assessments and mitigation planning. Compliance & Regulatory: Ensure adherence to global data protection regulations (GDPR, PCI-DSS, etc.), working closely with legal and data protection teams. Leadership & Stakeholder Engagement: Act as the subject matter expert on cybersecurity at the board and executive level. Communicate risk posture, security investments, and incident updates clearly and confidently. Team Building: Build and lead a high-performing security and GRC team. Provide leadership, mentoring, and continuous development. Security Architecture & Technology: Guide the evaluation, adoption, and deployment of security tools and technologies that support the company’s security strategy. Security Culture: Promote a strong security culture across the organisation through awareness, training, and policy implementation. Requirements & Experience 10 years of experience in information security, with at least 5 years in a senior leadership or CISO role. Demonstrable experience building and scaling a GRC function in a complex environment. Deep knowledge of information security standards (ISO 27001, NIST, CIS), risk frameworks (COSO, FAIR), and regulatory obligations (GDPR, PCI-DSS, SOX). Proven track record of managing enterprise-level security programs, including incident response and business continuity. Excellent stakeholder management skills, with experience reporting at board level. Strong grasp of both technical cybersecurity and governance frameworks, with the ability to balance business priorities and risk. Hands-on leadership style, with experience in scaling teams, setting KPIs, and building out internal processes from the ground up. Certifications (Highly Preferred) CISSP – Certified Information Systems Security Professional CISM – Certified Information Security Manager CRISC – Certified in Risk and Information Systems Control CISA – Certified Information Systems Auditor ISO 27001 Lead Implementer or Auditor Cloud security certifications (e.g., CCSP, AWS Security Specialty ) are a bonus Why Join? Be the architect of a brand-new GRC function with real ownership from day one Influence and shape security strategy at the executive level Join a forward-thinking, agile business at a pivotal stage of growth Competitive salary, bonus, and equity Work in a hybrid model, with flexibility and autonomy Ready to build something from the ground up? Apply now or reach out for a confidential discussion.