Chief Information Security Officer...

Job Description Chief Information Security Officer
(CISO) 📍 Location: London (Hybrid Working Model) 💼 Salary:
Competitive + Bonus + Equity Options 🕒 Type: Full-time, Permanent
About the Role Chief Information Security Officer (CISO) to join a
fast-scaling, high-impact organisation in the heart of London. This
is a strategic, foundational hire—you will be responsible for
designing and building out a brand-new Governance, Risk, and
Compliance (GRC) function from the ground up. As the company
continues to grow, the need for a comprehensive and mature
cybersecurity posture has never been greater. You will own the
security vision and strategy while rolling up your sleeves to
implement, scale, and continually improve our approach to GRC, risk
management, threat mitigation, and compliance frameworks. Key
Responsibilities - GRC Leadership: - Design and implement a
scalable GRC framework tailored to the business, addressing risk
management, compliance standards (ISO 27001, NIST, SOC 2, etc.),
and internal governance controls. - Security Strategy: - Develop
and execute a long-term cybersecurity strategy aligned with
business goals, balancing innovation and risk. - Security
Operations: - Oversee day-to-day cybersecurity operations,
including threat detection, incident response, vulnerability
management, and network security. - Risk Management: - Identify and
manage risks to information assets and IT systems. Lead enterprise
risk assessments and mitigation planning. - Compliance &
Regulatory: - Ensure adherence to global data protection
regulations (GDPR, PCI-DSS, etc.), working closely with legal and
data protection teams. - Leadership & Stakeholder Engagement: -
Act as the subject matter expert on cybersecurity at the board and
executive level. Communicate risk posture, security investments,
and incident updates clearly and confidently. - Team Building: -
Build and lead a high-performing security and GRC team. Provide
leadership, mentoring, and continuous development. - Security
Architecture & Technology: - Guide the evaluation, adoption,
and deployment of security tools and technologies that support the
company’s security strategy. - Security Culture: - Promote a strong
security culture across the organisation through awareness,
training, and policy implementation. Requirements & Experience

• 10+ years of experience in information security, with at least 5
  years in a senior leadership or CISO role. - Demonstrable
  experience building and scaling a GRC function in a complex
  environment. - Deep knowledge of information security standards
  (ISO 27001, NIST, CIS), risk frameworks (COSO, FAIR), and
  regulatory obligations (GDPR, PCI-DSS, SOX). - Proven track record
  of managing enterprise-level security programs, including incident
  response and business continuity. - Excellent stakeholder
  management skills, with experience reporting at board level. -
  Strong grasp of both technical cybersecurity and governance
  frameworks, with the ability to balance business priorities and
  risk. - Hands-on leadership style, with experience in scaling
  teams, setting KPIs, and building out internal processes from the
  ground up. Certifications (Highly Preferred) - CISSP – Certified
  Information Systems Security Professional - CISM – Certified
  Information Security Manager - CRISC – Certified in Risk and
  Information Systems Control - CISA – Certified Information Systems
  Auditor - ISO 27001 Lead Implementer or Auditor - Cloud security
  certifications (e.g., CCSP, AWS Security Specialty) are a bonus Why
  Join? - Be the architect of a brand-new GRC function with real
  ownership from day one - Influence and shape security strategy at
  the executive level - Join a forward-thinking, agile business at a
  pivotal stage of growth - Competitive salary, bonus, and equity -
  Work in a hybrid model, with flexibility and autonomy Ready to
  build something from the ground up? Apply now or reach out for a
  confidential discussion.