You don’t often get the chance to come in and own this properly.

This isn’t a “maintain what’s there” role — they’ve got solid foundations, but now need someone who’s been through it before to take it over the line and make it credible with both major clients and senior stakeholders internally.

They operate in a regulated environment, handle large volumes of customer data, and are pushing towards ISO27001 & 2771 certification — the framework is there, now it needs ownership, direction and delivery.

What you’ll actually be doing

• Owning and shaping the Information Security & Privacy function
• Taking an existing ISMS/PIMS and driving it through certification
• Working closely with the COO, CTO and senior leadership
• Acting as the credible voice of security & privacy to major clients
• Reviewing what’s in place and deciding:
  • What’s good
  • What needs tightening
  • What needs rebuilding
• Managing risk, supplier assurance, audits and governance
• Leading on GDPR / privacy operations (DSRs, DPIAs, breaches)
• Working with external partners to get audit‑ready and over the line

What makes this interesting

• You’re not starting from scratch — but you’re also not boxed in
• Real opportunity to define how this function should operate
• Direct exposure to senior stakeholders and commercial decision‑making
• The chance to build credibility with major clients and partners
• Scope to grow the function over time

What they need

This is key — they don’t need a theorist.

• You’ve owned or heavily driven ISO27001 (ideally through certification)
• You understand privacy / GDPR in practice, not just policy
• Comfortable operating at Head of level with senior stakeholders
• Able to get hands‑on when needed and see things through
• Experience across governance, risk, supplier assurance and audit readiness
• Experience in a regulated SaaS / tech‑led environment
• Used to fast‑paced software delivery
• But within the constraints of compliance and regulation

That blend is key — not overly corporate, but not greenfield chaos either