Head of Information Security
Remote - Edinburgh, Edinburgh, United Kingdom
Applications have closed
FreeAgent
FreeAgent's powerful and easy-to-use accounting software for UK businesses brings everything together – from invoices and expenses to Self Assessment tax returns, payroll and MTD-compliant VAT filing. Take a free trial today!FreeAgent 🚀
FreeAgent aims to remove the stress and pain of dealing with business finances. From the very beginning in 2007, our aim was to create a product that would make an impact and improve the lives of micro-businesses in the UK. Now FreeAgent is one of the UK's most popular online accounting software providers, with over 125,000 customers.
Not to blow our own horn … but Accounting WEB even named FreeAgent the top bookkeeping product of 2020 and 2021. And in 2021 our mobile app was also voted ‘Client App of the Year’ by ICB LUCA. The list could go on!
It’s not just our customers who love us, our employees do too ⭐
Find out more on Glassdoor.
We believe in the power of a collaborative, high-performing, and diverse team. We’d love you to join us on our journey.
The Role 🔐
We're looking for an experienced Head of Information Security to be responsible for evolving, communicating and leading the security and data governance programme for our business. This is an engineering leadership role that requires you to have a deep, hands-on understanding of security, while operating at a senior management level, to deliver varied, high-impact and long term strategic projects of an exceptional level of quality.
FreeAgent believes security is everyone’s responsibility and we’re in a great place. There’s high engagement with security training, our code is well engineered and our AWS infrastructure is comprehensively monitored and maintained. We’ve achieved Cyber Essentials Plus certification, run regular penetration tests and are quick to adopt the latest security trends like runtime application self-protection and dependency scanning to meet the evolving threat landscape.
Taking a pragmatic approach, you will effectively assess and lead how we manage security risks and data privacy issues across the business. In this role you will ensure our Information Security frameworks, policies and procedures continue to align with industry best practices and meet regulatory requirements.
Day to day responsibilities include:
- Be an empathetic leader and evangelist of security across the company, ensuring we're following industry best practices and ensuring we're compliant where required (PCI DSS SAQ, GDPR & PECR, CyberEssentials Plus)
- Lead our Security Governance programme, taking ownership of our Data Policy Framework and Information Security Policy to ensure it's representative of the current threat landscape
- Working across the whole business to advocate data privacy needs and requirements in line with current and existing legislation
- Take ownership of our technical security measures – e.g. penetration testing, vulnerability scanning, 3rd party software dependencies and auditing, AWS Trusted Advisor and SecurityHub – to ensure our technical teams are correctly prioritising issues, remediating and staying compliant
- Work closely with our Product & Engineering and Corporate IT teams to ensure security is a primary consideration and industry best practices are incorporated at all phases of our software engineering process
- Be the owner of the due diligence requirements for external suppliers and partners, covering both inbound and outbound requests
- Thorough research and in-depth analysis, build an understanding of FreeAgent’s business, identifying security threats and provide mitigations to effectively manage the risk
- Annual FCA Operational & Security Risk submission
- Liaising with NatWest Group Security peers and associated working groups and Risk Forum
- HMRC point-of-contact for any fraud investigations / data requests under the UK 2016 IPA act
- Acting as Incident Commander on-call as part of our Incident Response process, along with other members of the Senior Engineering Management team
You 🙌
Ideally, you’ll have:
- Proven track record in driving organisation-wide security programmes, Data Protection and InfoSec governance, ideally for a SaaS/cloud-based product company
- Experience of implementing Information Security frameworks that align with ISO27001
- Solid understanding of, and hands-on experience with, web application security, AWS cloud security and OWASP best practices
- Experience of managing programmes for secure software development lifecycle, application security testing (both static and dynamic), responsible disclosure, intrusion detection, dependency management, vulnerability scanning, DDoS mitigation, SIEM
- Outstanding communication and people skills
- A pragmatic, commercially focussed approach
- Exceptional organisational / project management skills
Benefits 🎁
The annual salary for this role is £92,000 - £107,000 depending on experience.
We pride ourselves on creating a fantastic place to work, including (but not limited to!) the following:
- 33 days holiday (and an extra day for each year you're with us)
- Flexible/hybrid working
- Private health care
- Life assurance
- 5% matched pension contributions
- Summer 4 day weeks (giving you 7 additional days off!)
- Buy-as-you-earn share schemes
- Sabbatical leave (unpaid)
- Cycle to work scheme
- Wellness webinars
- Focused learning time and learning budgets
- Volunteering day
Our work life 👩🏽💻
We believe in a strong work-life balance, we don’t work long hours (35 hour working week), and we have a fabulous Edinburgh HQ expertly designed for collaboration including high-quality A/V equipment to provide a great experience for distributed teams.
At FreeAgent, we support each other and operate a no-blame culture. Our mindset is: work hard, be nice to people, and the rest will sort itself out!
This is a permanent, full-time role (Monday to Friday, 9am to 5pm). This role can be based remotely within the UK, and if you are in the Edinburgh area, there will be an opportunity to adopt hybrid working for this role and work under an agreed pattern from both the office and at home. Working from home is second nature to us as we have been championing remote working for 14 years.
How to apply ✍
We hire smart, talented people (like you!) to make FreeAgent even better.
Our application process is simple: upload your CV and answer a few questions about why you want to work with us. Our selection process includes:
- A phone call with a member of our Talent Team
- One or two video interviews
- Final interview in Edinburgh
We work hard to make the process straightforward, transparent, and enjoyable.
FreeAgent is an equal opportunity employer. We strongly encourage applications from people with varied backgrounds and perspectives. All applicants are considered for employment without attention to ethnicity, religion, sexual orientation, gender identity, age, family or parental status.
Want to find out more? Email any queries to talent@freeagent.com
Tags: Application security Audits AWS Cloud DDoS GDPR Governance Incident response Intrusion detection ISO 27001 OWASP PCI DSS Pentesting Privacy SaaS SIEM
Perks/benefits: Career development Flex hours Flex vacation Health care Parental leave
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Security Operations Engineer jobs
- Open Information Security Specialist jobs
- Open Senior Cyber Security Engineer jobs
- Open Manager Pentest H/F jobs
- Open Cyber Security Architect jobs
- Open Staff Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Principal Security Engineer jobs
- Open Product Security Engineer jobs
- Open Senior Information Security Analyst jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Chief Information Security Officer jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open Consultant SOC / CERT H/F jobs
- Open Cybersecurity Consultant jobs
- Open Senior Information Security Engineer jobs
- Open Security Specialist jobs
- Open Cybersecurity Specialist jobs
- Open Senior Penetration Tester jobs
- Open Security Researcher jobs
- Open Sr. Security Engineer jobs
- Open Senior Security Architect jobs
- Open Security Operations Analyst jobs
- Open Clearance-related jobs
- Open Windows-related jobs
- Open ISO 27001-related jobs
- Open Application security-related jobs
- Open Network security-related jobs
- Open Agile-related jobs
- Open Pentesting-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open Analytics-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open Security assessment-related jobs
- Open IDS-related jobs
- Open DevOps-related jobs
- Open Security Clearance-related jobs
- Open Malware-related jobs
- Open Kubernetes-related jobs
- Open EDR-related jobs
- Open IPS-related jobs
- Open CEH-related jobs