Head of Information Security

Key Responsibilities 🗝️

• Information security strategy - defining and owning the multi-year roadmap
• Security architecture - reviewing and advising on technical design decisions, embedding security by design across products and platforms
• Risk management - maintaining the risk register, identifying, prioritising, and tracking the things that actually matter
• Compliance programmes - ISO 27001, SOC 2, and relevant sector standards; in close partnership with our Compliance team
• Incident management - owning major incident response; first port of call in a crisis
• AI security governance - partnering with our AI & Automation lead on safe AI adoption at Zinc
• Customer and supplier security - security questionnaires, diligence requests, contractual requirements
• Third-party risk - vendor security assessment and ongoing monitoring
• Security awareness - training, culture, getting the business to care
• Budget - managing the InfoSec budget and investment cases, aligned to Zinc's risk profile

Skills, Knowledge and Expertise 🚀

• 5+ years in information security, with at least 2 years in a leadership or senior practitioner role - SOC management, security architecture, penetration testing, or engineering. You've built things and broken things, not just written about them.
• Ready to step up - you've been a senior practitioner and you're ready to own the function.
• AI literate - you understand the security implications of LLMs, AI tooling, agentic workflows, shadow AI, and third-party SaaS risk. This is not optional at Zinc.
• High EQ - you'll inherit an existing team member who is professional, capable, and ambitious. How you lead that relationship matters more than your CV.
• Strong communicator - you'll be speaking to auditors, customers, and a non-technical leadership team. You need to translate risk into language that drives decisions.
• Compliance-aware, not compliance-driven - you understand the standards but you lead with risk, not box-ticking.
• Comfortable with ambiguity - the playbook is incomplete. You'll write it.

• Experience in a fast-growing global SaaS business
• Familiarity with DevSecOps and secure development lifecycle practices
• Relevant certifications (CISSP, CISM, or similar)
• Experience with cloud security (AWS, Azure, or GCP)

What we offer 🍉

• 24 days holiday + Bank Holidays + your birthday off 🎉
• £1200 annual benefits allowance (ThanksBen, from month 2)
• Early finish Fridays (16:00)
• Yearly company retreat abroad ✈️
• 30 days to Work from anywhere 🌍
• Enhanced Maternity, Paternity, and Adoption Leave (2 months full pay, then statutory)
• Statutory pension with NEST (3% employer, 5% employee)
• Zinc shares, issued through the EMI Scheme
• Unlimited access to MoreHappi coaching
• Company socials, quarterly team socials Free Monday lunches
• Nursery workplace benefit scheme (Yellownest) 
• Option to lease an electric car through Electric Car Scheme 
• Celebrated Zinc anniversaries 🥳