Head of Information Security

Company: Zinc
Apply for the Head of Information Security
Location: London
Job Description:

Job Overview

Zinc has grown to 150+ people and needs an InfoSec function to keep pace with our growth. The Head of Information Security will own the function, set standards for our scale, and build credibility internally and externally. Report to the General Counsel and work closely with the AI & Automation lead in an environment where security is a business enabler.

Responsibilities

  • Establish security maturity and create a 90‑day roadmap for improvement.
  • Lead AI security governance, advising the COO and AI lead on adoption decisions.
  • Own incident management for material incidents, setting up playbooks and leading response.
  • Build the InfoSec function, defining its structure and future vision; oversee the InfoSec Manager.
  • Define and own a multi‑year security strategy roadmap.
  • Review and advise on technical designs, embedding security by design across products and platforms.
  • Maintain the risk register and track key risks.
  • Manage compliance programmes (ISO 27001, SOC 2, and other sector standards) in partnership with Compliance.
  • Partner with the AI & Automation lead on safe AI adoption.
  • Handle customer and supplier security questionnaires, due diligence, and contractual requirements.
  • Assess vendor security and conduct ongoing third‑party monitoring.
  • Lead security awareness training, culture, and engagement.
  • Manage the InfoSec budget and investment cases aligned with risk profile.

Required Skills & Experience

  • 5+ years in information security, with at least 2 years in a leadership or senior practitioner role (SOC, architecture, penetration testing, or engineering).
  • Ready to own the function after years as a senior practitioner.
  • AI‑literate with understanding of security implications of LLMs, AI tooling, agentic workflows, shadow AI, and SaaS risk.
  • High emotional intelligence to manage and grow a small team.
  • Strong communicator, able to explain risk to auditors, customers, and non‑technical leaders.
  • Compliance‑aware, leading with risk rather than box‑checking.
  • Comfortable with ambiguity and able to write incomplete playbooks.

Desirable

  • Experience in a fast‑growing global SaaS business.
  • Familiarity with DevSecOps and secure development lifecycle practices.
  • Relevant certifications such as CISSP, CISM, or similar.
  • Experience with cloud security on AWS, Azure, or GCP.

Benefits

  • 24 days holiday plus bank holidays and personal birthday off.
  • £1,200 annual benefits allowance from month two.
  • Early finish Fridays (16:00).
  • Yearly company retreat abroad.
  • 30 days to work from anywhere.
  • Enhanced maternity, paternity, and adoption leave (2 months full pay, then statutory).
  • Statutory pension with NEST (3% employer, 5% employee).
  • Company shares issued through the EMI scheme.
  • Unlimited access to MoreHappi coaching.
  • Company socials, quarterly team socials, and free Monday lunches.
  • Nursery workplace benefit scheme.
  • Option to lease an electric car through the Electric Car scheme.
  • Celebrated company anniversaries.

Department & Location

Legal & Compliance • London (Zinc office)

Compensation

£95,000 per year

#J-18808-Ljbffr…

Posted: July 9th, 2026