Get AI-powered advice on this job and more exclusive features.

Direct message the job poster from Areti Group | B Corp

• Head of Information Security
• Finance or SAAS Experience

Areti is partnered exclusively with a well-funded, high-growth fintech that’s disrupting the financial services space through an innovative SaaS platform. The company has experienced significant growth over the past 24 months and is now investing in building out its internal security capabilities.

They are now hiring a Head of Information Security to lead the charge in scaling a modern, cloud-native security strategy. This is a remote-first position, ideal for someone looking to take full ownership of the security function at a rapidly evolving tech-first business.

The Opportunity

This role offers the chance to shape and embed a pragmatic security culture across engineering, product, and commercial teams. You’ll lead strategy, implementation, assurance, and governance – with responsibility for ensuring that security becomes a core part of the product’s value, not just a compliance requirement.

Key Responsibilities

Strategic Leadership

• Define and own the long-term security roadmap
• Be the in-house subject matter expert for internal and external stakeholders (including clients, partners, auditors)
• Support RFPs, InfoSec assessments, and client assurance processes
• Help shape the organisation’s external security positioning (e.g. Trust Centre, whitepapers)

DevSecOps & Product Security

• Embed secure-by-design principles into the SDLC
• Lead CI/CD pipeline hardening, container security, and secrets management
• Run threat modelling, vulnerability scanning, and remediation efforts
• Select and manage key SaaS security tools (SAST/DAST, SIEM, IAM, CSPM, endpoint protection)
• Work closely with teams using AWS, GitHub Actions, and Terraform

Compliance & Assurance

• Drive preparation and maintenance for ISO 27001, SOC 2, and Cyber Essentials Plus
• Oversee ISMS, internal audit, and risk register
• Align with the DPO and Compliance on data protection (DPIAs, vendor risk, breach response)

Operational Security

• Lead the incident response process, including tabletop exercises and post-incident reviews
• Manage logging, alerting, and monitoring for cloud and endpoint security
• Own business continuity and disaster recovery strategy from a security lens

What Success Looks Like

• Recertification of ISO 27001 and Cyber Essentials Plus
• SOC 2 Type I & II passed with confidence
• 95% staff completion of security training on time
• Consistent improvement in vulnerability management SLAs
• Security assurance accelerating enterprise sales cycles
• Measurable growth in DevSecOps and infrastructure maturity

What We’re Looking For

• Proven experience leading information security in a SaaS or fintech environment
• Deep expertise in cloud-native security, preferably with AWS
• Hands-on familiarity with tools like Terraform, GitHub Actions, Snyk, Datadog, CrowdStrike
• Demonstrated success in managing ISO 27001, SOC 2, or similar frameworks
• Strong communication skills with a pragmatic, risk-balanced approach
• Experience scaling InfoSec in growing product and engineering organisations

Salary is paying up to £85,000

Medical insurance

26 days holiday + birthday

+ opportunity to build out a team

Seniority level

• Seniority level

  Mid-Senior level

Employment type

• Employment type

  Full-time

Job function

• Job function

  Information Technology

• Industries

  Financial Services and Information Services

Referrals increase your chances of interviewing at Areti Group | B Corp by 2x

Get notified about new Head of Information Security jobs in England, United Kingdom.

Information Security and Compliance Manager

Greater London, England, United Kingdom 6 days ago

Selby, England, United Kingdom 1 week ago

Dunstable, England, United Kingdom 3 weeks ago

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.