Head of Information Security
United Kingdom
Full Time
2 weeks ago
Visa Sponsorship
Key skills
CloudCyber SecurityAILeadershipRisk ManagementCommunicationCollaboration
About this role
Role Overview
- Define, maintain and evolve Aurora’s Information Security strategy, roadmap and target operating model to support business growth, product development and international expansion
- Lead and develop the Information Security function, building organisational capability through a combination of central leadership, cross-functional influence and clear ownership across the business
- Lead Information Security governance, risk and assurance activities, ensuring clear reporting, effective escalation and risk-informed decision-making at executive level
- Maintain Aurora’s Information Security risk management framework and risk register, ensuring key risks are identified, prioritised, communicated and addressed appropriately
- Provide assurance to internal and external stakeholders that Aurora’s security controls are effective, proportionate and aligned to business, customer and regulatory requirements
- Lead security assurance and certification activities, including ISO 27001, SOC 2, and related audit readiness, while contributing to the continued evolution of Aurora’s wider security and compliance operating model
- Partner with Legal and other relevant stakeholders on data protection, customer and supplier due diligence, contractual security commitments and third-party risk management
- Help define how security responsibilities and capabilities are allocated across Aurora’s technology, legal/compliance and business functions, ensuring clear accountability, effective challenge and strong delivery
- Drive security by design across Aurora’s products, platforms, systems and infrastructure, working closely with engineering and technology leaders to embed secure architecture, secure development lifecycle practices and appropriate technical controls
- Strengthen capabilities across core security domains including identity and access management, privileged access, vulnerability management, incident response, disaster recovery, data protection, security awareness and supplier security
- Work closely with stakeholders at all levels of the organisation, including operational teams such as People & Culture, Business Infrastructure & Operations and Finance, to support audits, evidence gathering, control improvement and the effective adoption of security requirements across the organisation
- Lead response to significant information security incidents, acting as a senior decision-maker during crisis situations and driving post-incident learning and improvement
- Build a strong, pragmatic security culture across the organisation through effective awareness, engagement, coaching and leadership
- Manage the Information Security budget, financial forecasts and investment cases, ensuring that spend is aligned to Aurora’s risk profile and strategic priorities
- Provide trusted advice and challenge to senior stakeholders on emerging risks and opportunities, including those related to AI adoption, shadow IT, cloud services and evolving regulatory expectations
Requirements
- Significant leadership experience in Information Security, Cyber Security, or a closely related role within a technology-led, software-oriented and internationally operating business
- Strong technical credibility and sound judgement across key security domains, with sufficient depth to guide strategy, challenge decisions and work effectively with specialist software engineering and IT teams
- Broad experience across areas such as product/application security, cloud/infrastructure security, identity and access management, incident response, vulnerability management and security governance
- Proven experience developing and delivering an Information Security strategy in a way that balances risk reduction, business enablement and operational pragmatism
- Strong experience leading security risk assessments, threat modelling, incident management and remediation of security weaknesses in a structured, risk-based way.
- Significant experience managing external audits, customer assurance and recognised security standards/certifications such as ISO 27001 and SOC 2
- Experience influencing senior stakeholders and communicating clearly at executive level, including the ability to translate technical risk into clear business decisions and trade-offs
- Able to lead effectively through subject-matter experts, building strong partnerships with engineering, IT and business leaders to drive security outcomes across a shared-responsibility model
- A pragmatic, delivery-oriented mindset, with the judgement to know when to stay strategic and when to be hands-on
- Excellent communication, collaboration and relationship-building skills, with the ability to work effectively across technical, operational and non-technical functions, and to engage confidently with stakeholders at different levels of seniority
- Strong problem-solving skills, sound judgement and a bias for action
Tech Stack
- Cloud
- Cyber Security
Benefits
- Private Medical Insurance
- Dental Insurance
- Parental Support
- Salary-Exchange Pension
- Employee Assistance Programme (EAP)
- Local Oxford Discounts
- Cycle-to-work Scheme
- Flu Jabs