Chief Information Security Officer

Chief Information Security Officer (CISO)
Location: London (Hybrid Working Model)
Salary: Competitive + Bonus + Equity Options
Type: Full-time, Permanent

About the Role
Chief Information Security Officer (CISO) to join a fast-scaling, high-impact organisation in the heart of London. This is a strategic, foundational hire —you will be responsible for designing and building out a brand-new Governance, Risk, and Compliance (GRC) function from the ground up.
As the company continues to grow, the need for a comprehensive and mature cybersecurity posture has never been greater. You will own the security vision and strategy while rolling up your sleeves to implement, scale, and continually improve our approach to GRC, risk management, threat mitigation, and compliance frameworks.

Key Responsibilities
GRC Leadership:
Design and implement a scalable GRC framework tailored to the business, addressing risk management, compliance standards (ISO 27001, NIST, SOC 2, etc.), and internal governance controls.
Security Strategy:
Develop and execute a long-term cybersecurity strategy aligned with business goals, balancing innovation and risk.
Security Operations:
Oversee day-to-day cybersecurity operations, including threat detection, incident response, vulnerability management, and network security.
Risk Management:
Identify and manage risks to information assets and IT systems. Lead enterprise risk assessments and mitigation planning.
Compliance & Regulatory:
Ensure adherence to global data protection regulations (GDPR, PCI-DSS, etc.), working closely with legal and data protection teams.
Leadership & Stakeholder Engagement:
Act as the subject matter expert on cybersecurity at the board and executive level. Communicate risk posture, security investments, and incident updates clearly and confidently.
Team Building:
Build and lead a high-performing security and GRC team. Provide leadership, mentoring, and continuous development.
Security Architecture & Technology:
Guide the evaluation, adoption, and deployment of security tools and technologies that support the company’s security strategy.
Security Culture:
Promote a strong security culture across the organisation through awareness, training, and policy implementation.

Requirements & Experience
10+ years of experience in information security, with at least 5 years in a senior leadership or CISO role .
Demonstrable experience building and scaling a GRC function in a complex environment.
Deep knowledge of information security standards (ISO 27001, NIST, CIS), risk frameworks (COSO, FAIR), and regulatory obligations (GDPR, PCI-DSS, SOX).
Proven track record of managing enterprise-level security programs, including incident response and business continuity.
Excellent stakeholder management skills, with experience reporting at board level.
Strong grasp of both technical cybersecurity and governance frameworks, with the ability to balance business priorities and risk.
Hands-on leadership style, with experience in scaling teams, setting KPIs , and building out internal processes from the ground up.

Certifications (Highly Preferred)
CISSP – Certified Information Systems Security Professional
CISM – Certified Information Security Manager
CRISC – Certified in Risk and Information Systems Control
CISA – Certified Information Systems Auditor
ISO 27001 Lead Implementer or Auditor
Cloud security certifications (e.g., CCSP , AWS Security Specialty ) are a bonus

Why Join?
Be the architect of a brand-new GRC function with real ownership from day one
Influence and shape security strategy at the executive level
Join a forward-thinking, agile business at a pivotal stage of growth
Competitive salary, bonus, and equity
Work in a hybrid model, with flexibility and autonomy

Ready to build something from the ground up? Apply now or reach out for a confidential discussion.