38 jobs found

We are seeking an experienced Fractional CISO to provide hands-on security leadership as we evolve our security function to support continued growth and European expansion. This is a permanent fractional engagement reporting directly to the CTO. You will own our information security strategy, maintain our ISO 27001 certification, build our security roadmap, and prepare the organisation for SOC 2 readiness in . This role requires someone who can operate both strategically and tactically - developing policy one day and reviewing cloud configurations the next. Key Responsibilities Strategy & Governance Develop and own the Information Security strategy aligned with ApprovalMax's business objectives and European expansion plans Maintain and continuously improve the Information Security Management System (ISMS) Create, review, and maintain core security policies, standards, and procedures Establish and chair a cross-functional Security Working Group (Engineering, Architecture, IT, HR) Build and present a multi-year security roadmap with clear milestones, resource requirements, and priorities Serve as the central authority on risk assessment, risk treatment, and risk acceptance decisions Assess and provide guidance on secure AI adoption across the organisation, including AI-powered product features and internal AI tooling Compliance & Certification Maintain ISO 27001 certification and prepare for the 2027 recertification audit Lead SOC 2 Type II readiness programme (target: ), including gap analysis and control mapping Ensure compliance with GDPR and data protection requirements across EU/UK/US/AU/NZ/CA/ZA jurisdictions Collaborate with external DPO support provider on privacy-related matters and customer security questionnaires as needed Cloud & Technical Security Provide security oversight across Azure, AWS, and Google Workspace environments Conduct access reviews and advise on identity and access management best practices Evaluate and guide implementation of security tooling (SIEM, vulnerability management, endpoint protection) Oversee VMware Workspace ONE MDM deployment and device security policies Advise engineering teams on secure SDLC practices, DevSecOps integration, and application security principles Operational Security Develop and maintain incident response plans and procedures Lead incident response tabletop exercises and post-incident reviews Provide guidance on business continuity and disaster recovery planning Advise on vendor security assessments and third-party risk management Awareness & Culture Design and deliver company-wide security awareness training programmes Mentor and upskill internal staff on security best practices Foster a security-first culture across all departments Act as a trusted advisor to leadership on emerging threats and security trends Stakeholder Engagement Report regularly to the CTO on security posture, risks, and programme progress Prepare board-level security presentations as required (infrequent) Support commercial teams by contributing to customer security discussions when escalated Qualifications 8+ years of progressive experience in information security, with at least 3 years in a CISO, Head of Security, or senior security leadership role Demonstrated experience in B2B SaaS environments, ideally in fintech, finance software, or similarly regulated industries Proven track record of achieving and maintaining ISO 27001 certification Experience preparing organisations for SOC 2 Type II certification Hands-on experience securing cloud environments (Azure and/or AWS required; GCP a plus) Experience with Google Workspace security configuration and administration Background working with distributed, remote-first engineering teams Technical Knowledge Strong understanding of cloud security architecture, identity management, and zero-trust principles Familiarity with secure software development lifecycle (SDLC) and DevSecOps practices Knowledge of MDM solutions (VMware Workspace ONE experience preferred) Understanding of API security and integration risk management Practical experience with security tooling: SIEM, vulnerability scanners, endpoint protection, etc. Awareness of AI/ML security risks, including secure AI adoption practices and emerging AI governance frameworks (desirable) Compliance & Regulatory Deep knowledge of ISO 27001:2022 requirements and audit processes Familiarity with SOC 2 Trust Service Criteria (Security, Availability, Confidentiality, Privacy) Understanding of GDPR, UK Data Protection Act, and international data transfer mechanisms Awareness of regional requirements across EU, UK, US, Australia, New Zealand, Canada, and South Africa Additional Information Growing international business with 10,000+ subscribers Regular performance-based compensation reviews 26 days paid time off 1 additional day off for your Birthday Remote office assistance Service years recognition financial reward

Careers# Head of Cyber Security (FCA Experience essential) Team:Technology - UK Location:Leeds Work Model:hybrid Work Type:Permanent Hi, we're PEXA! We know you'll Google us before applying, so let's keep this brief. PEXA revolutionised the way that property is settled in Australia, turning a paper-based process into a digital one. Our solution is a world-first, with over 500 people across Australia and an expanding international team, we're helping 20,000+ families into their homes each week.We're passionate about solving problems for our customers - always striving to set the standard for how property is bought and sold. Being awarded as one of the best places to work in Australia is a recognition of our culture and commitment to innovation, customers and our community.We're growing fast, that is where you come in.We believe our success in Australia is worth sharing and that our proven technology will advance how the UK buys and sells homes.Establishing ourselves within the UK in late 2020, we are committed to collaborating with lawyers, conveyancers, lenders, government and the property industry, to set the new standard for both remortgages and buying and selling property.Great question! Being a PEXArian is so much more than just a job. We're a passionate, motivated and unashamedly enthusiastic bunch at PEXA - we love what we do and we're proud to admit it! Creating brilliant experiences for our members and their clients wouldn't be possible without ensuring we deliver an exceptional employee experience. Here's a snapshot of what your life at PEXA could look like: Your growth: We encourage you to hit your personal and professional learning and development goals with our tailored programs and tools. Your wellness: We care about your holistic wellbeing Your work/life blend: We know that work is just one aspect of your life - we want to help you create your ideal work/life blend, rather than squeezing in life around work.As the Head of Cyber Security at PEXA UK, you'll play a key role in protecting the digital backbone of our business. Working closely with the UK CTO, Group CISO in Australia, and the PEXA UK leadership team, you'll define and drive the security strategy, standards, and posture across our three UK brands: PEXA UK, Smoove, and Optima Legal.You'll lead our Security Operations (SOC), Security Engineering, and Information Security and Governance functions, covering everything from incident response and secure architecture to audits, lender assurance, and compliance with ISO 27001 and FCA requirements.This is a senior leadership role offering the opportunity to define security strategy, strengthen governance, and protect critical systems, data, and operations. You'll shape how we manage threats, embed secure-by-design principles, and foster a culture of security awareness across the organisation.You'll also collaborate closely with technology, legal, risk, and operations teams, as well as external partners, to ensure alignment and resilience, making cyber security a trusted enabler for our customers and colleagues Our Ethos We believe cyber security should be understood, embraced, and loved, not feared. Our job is to make it simple and part of how everyone works.We at PEXA are ready so if this role sounds like you apply today. To be conducted as part of post offer employment checks: The personal information we have collected from you will be shared with Cifas who will use it to prevent fraud, other unlawful or dishonest conduct, malpractice, and other seriously improper conduct. If any of these are detected, you could be refused certain services or employment. Your personal information will also be used to verify your identity. Further details of how your information will be used by us and Cifas, and your data protection rights, can be found at . GDPR Compliance Digital Completion UK Limited (trading name "PEXA"), Optima Legal Services Limited (trading name "Optima Legal") and Smoove Limited (a holding company which comprises of the following wholly owned trading Subsidiary companies: United Legal Services Limited, United Home Services Limited, Legal-Eye Limited, and Amity Law Limited) are all owned directly by DigCom UK Holdings Limited, which is a wholly owned Subsidiary of PEXA Group Limited in Australia (ACN ; ASX: PXA) (referred to collectively as "PEXA Group"). When we process your applicant personal data for recruitment purposes, we do so as a controller. If as part of the recruitment process, we share your personal data with another company within the PEXA Group, that company may process your personal data as either an independent controller or, in certain circumstances, a joint controller. By applying for this role, you consent to us processing your personal data in accordance with the UK General Data Protection Regulation ("UK GDPR") and the Data Protection Act 2018, and further information can be found in our privacy notice . Key Responsibilities Leadership and Strategy Define and deliver the UK cyber security strategy and roadmap aligned with business and group objectives Act as the senior security authority for PEXA UK, Smoove, and Optima Legal Partner with the Group CISO, UK CTO, and Risk functions to align frameworks and initiatives Lead and mentor a multi-disciplinary team across SOC, engineering, and information security Represent UK security priorities in leadership forums, lender assurance discussions, and governance reviews Security Operations and Governance Oversee SOC operations ensuring timely threat detection, response, and resolution Continuously improve detection and response capabilities using Cortex XDR, Abnormal Security, Splunk, and Nucleus Manage vulnerability management end-to-end, from scanning and prioritisation to remediation tracking Coordinate with third-party partners such as Blazeguard and CCX to ensure effective service delivery Oversee secure configuration, endpoint management, and patch compliance across hybrid environments including Azure and AWS Own the UK information security framework and assurance programs including ISO 27001, FCA standards, SOC audits, and lender assurances Maintain and evolve security policies, standards, and control frameworks Lead audit preparation, evidence collection, and control testing for certifications and partner reviews Collaboration and Culture Build strong partnerships across engineering, IT, legal, HR, and operations to embed security in everyday practices Provide input on vendor assessments and third-party risk management Promote a culture of security awareness through training, phishing simulations, and education programs Report on cyber risk, maturity, and incidents to senior leadership with transparency and continuous improvement Key Skills Key Skills Proven experience leading cyber security operations in a regulated or financial services environment (FCA exposure preferred). Strong understanding of security governance, assurance frameworks, and audit processes (ISO 27001, NIST, GDPR, Cyber Essentials Plus). Experience with modern security tooling such as:o Cortex XDR / Palo Alto Networkso Splunk (SIEM and dashboarding)o Abnormal Security (email security)o Prisma Cloud (cloud security posture management)o Airlock (application and API security)o Nucleus (vulnerability management and reporting) Deep knowledge of incident response, threat hunting, and vulnerability management. Excellent stakeholder management and communication skills - able to explain complex risks in simple terms. Experience building and mentoring high-performing teams across technical and governance functions. Confident working in partnership with global teams and external partners to deliver consistent, secure outcomes.

At Arctic Wolf, we're not just navigating the cybersecurity landscape - we're redefining it. Our global team of dedicated Pack members is driving innovation and setting new industry standards every day. Our impact speaks for itself: we've earned recognition on the Forbes Cloud 100, CNBC Disruptor 50, Fortune Future 50, and Fortune Cyber 60 lists, and we recently took home the 2024 CRN Products of the Year award. We're proud to be named a Leader in the IDC MarketScape for Worldwide Managed Detection and Response Services and earning a Customers' Choice distinction from Gartner Peer Insights . Our Aurora Platform also received CRN's Products of the Year award in the inaugural Security Operations Platform category. We proudly are a UK Great Place To Work multiple times - 2023, 2024, 2025. Join a company that's not only leading - but also shaping - the future of security operations.The Sales Engineer is the technical backbone of the new business sales organisation and works alongside territory sales executives to evangelise, architect, propose, and demonstrate business value to acquisition customers and partners throughout the sales process. In this position you will be responsible for a newly defined London-area territory paired together with a new business Account Executive. Primary Responsibilities and Duties Provide technical expertise in the form of presentations, demos, POVs and dialog that educates and drives the Arctic Wolf value proposition for prospective customers. Have a passion for new-business acquisition sales and obtaining the technical win throughout the buyer's journey. Be an active participant in discovery conversations with prospective customers to understand their needs and validate alignment with Arctic Wolf solutions. Thoroughly understand and document customer environments including security tooling, network design, authentication, and cloud services. Effectively demonstrate key differentiators by understanding the competitive landscape across endpoint protection, security operations, vulnerability management and cloud security. Be present and have strong contacts in the reseller and MSP channel communities. Participate in activities that drive growth within the territory including webinars, channel enablement, and field marketing events. Mentor new hires in a variety of domains including technical knowledge transfer, demo and presentation best practices, and sales processes. Help foster a culture of knowledge sharing by taking lead and being a highly active participant in communication channels such as Slack, team meetings, and broader enablement efforts. Volunteer for and execute upon company or team-wide initiatives such as process improvement, training, content creation, etc. Key Skills In depth knowledge of infrastructure components including Networking, Identity Management, Cloud Services, Private Cloud and OS Windows/Linux/Mac. Technical understanding of security tools and strategies. E.g., security frameworks, security operations, incident response, SIEM, XDR, EDR/EPP, IPS/IDS/NDR, etc. Ability to articulate and demonstrate the business application and value of the Arctic Wolf technology to all audiences, ranging from technical to executive-level decision makers. Hands-on solution demo & POV capability for endpoint and XDR solutions. Excellent written, verbal, presentation, time management, and attention to detail. Understanding of the entire sales process from qualification to closure through the channel partner experience, with the ability to manage via SFDC and other tools Knowledge and training in MEDDPICC & Technical Win processes. Business Application Experience (e.g., Slack, Salesforce, M365/Office). Ability to publicly speak on behalf of Arctic Wolf in larger forums like tradeshows, webinars, channel enablement sessions. Knowledge in modern application deployment technologies including container and cloud based models. Key Competencies Drive for Results Communication Problem Solving Minimum Qualifications Minimum of 5 years in a customer-facing security technology or service pre-sales engineering role Minimum of 2 years in a role that has experience working with the channel/partner community or worked for a channel/partner Minimum of 3 years supporting, delivering, or designing enterprise IT systems, security focused systems desired Has built and maintained long term relationships with channel and alliance partner resources. Preferred Qualifications CISSP, GCIH, CISA, CISM or other security focused certification(s) AWS Cloud Practitioner, Microsoft Azure AZ-900, VMware VCP/VCAP or other public/private cloud focused certification(s) Demonstrated consistent quota overachievement in previous pre-sales engineering role(s) Our offer: All wolves receive compelling compensation and benefits packages, including: Equity for all employees 28 days annual leave, 8 bank holidays and paid volunteering days off Pension plan employer match Training and career development programs Robust Employee Assistance Program (EAP) with mental health service Comprehensive private benefits plan including medical insurance, virtual GP, optical and dental cashback, life insurance (4x basic salary) and group income protection. Fertility support and paid parental leaveWe celebrate unique perspectives by creating a platform for all voices to be heard through our Pack Unity program. We encourage all employees to join or create a new alliance. See more about our Pack Unity . Our Values Arctic Wolf recognises that success comes from delighting our customers, so we work together to ensure that happens every day. We believe in diversity and inclusion, and truly value the unique qualities and unique perspectives all employees bring to the organization. And we appreciate that-by protecting people's and organizations' sensitive data and seeking to end cyber risk- we get to work in an industry that is fundamental to the greater good.Arctic Wolf is an Equal Opportunity Employer and considers applicants for employment without regard to race, color, religion, sex, orientation, national origin, age, disability, genetics, or any other basis forbidden under federal, provincial, or local law. Arctic Wolf is committed to fostering a welcoming, accessible, respectful, and inclusive environment ensuring equal access and participation for people with disabilities. As such, we strive to make our entire employee experience as accessible as possible and provide accommodations as required for candidates and employees with disabilities and/or other specific needs where possible. On-Camera Policy To support a fair, transparent, and engaging interview experience, candidates interviewing remotely are expected to be on camera during all video interviews. Being on camera fosters authentic connection, improves communication, and allows for full engagement from both candidates and interviewers. We understand that technical, bandwidth, or location-related challenges may occasionally prevent video use. If this applies, candidates are required to notify us in advance so we can explore appropriate accommodations.We celebrate unique perspectives by creating a platform for all voices to be heard through our Pack Unity program. We encourage all employees to join or create a new alliance. See more about our Pack Unity . Security Requirements Conducts duties and responsibilities in accordance with AWN's Information Security policies, standards, processes, and controls to protect the confidentiality, integrity, and availability of AWN business information (in accordance with our employee handbook and corporate policies). Background checks are required for this position. This position may require access to information protected under U.S. export control laws and regulations, including the Export Administration