They are a technology first and a mobile-first company that runs a leading Global B2C platform, they have strong tech teams in place and require a very experienced Information Security and Compliance specialist to join them. They have 10+ million paying customers globally and growing exponentially.
The role of the incoming Head of Information Security and Compliance will be to play a key role in the development and growth of the company. You would be expected to actively contribute to the overall company strategy, especially by building an Information and Security Function and Team from the ground up, setting global policies, structures and tools (greenfield implementation). You would also be the day-to-day sparring partner for the top Tech and Product Leadership and be responsible for the development of an information and security strategy matching the business goals.
This is a fundamental role to the continued success of the business and, as such, the incoming candidate will be able to make a significant and tangible impact on the company.
- Build up a team of subject matter experts in the security and compliance domain
- Ensure that security and compliance-related policies are available, up-to-date and followed
- Own the creation of an information security and data compliance strategy
- Run and manage security and compliance-related projects like establishing a SIEM and building Internal Compliance Platform
- Closely collaborate with Security and Data Compliance stakeholders
- Assist transition from DevOps to DevSecOps mindset
- Work with service providers to ensure that our data is managed securely
- Be accountable to provide security and compliance reports to management
- Lead internal and external vulnerability investigations
- Plan and run penetration tests
- Collaborate with the Legal team in compliance and security-related topics
- 5+ years of proven working experience in the field of security and compliance topics and 1+ years of managerial experience
- Strong knowledge of GDPR, CCPA and other legislative requirements
- ISO 27001 certification and experience with implementing it
- Experience with SIEM services
- Experience leading company-wide security and compliance projects
- Able to translate and prioritise legal requirements for technical engineering teams
- The ability to communicate Information Security and Compliance strategies clearly to various stakeholders
- Fluency in English (written and spoken)
- CISSP, CISA, CISM, SOC2 certifications
- Experience with ISO 22301