Head of Information Security

FreeAgent 🚀

FreeAgent aims to remove the stress and pain of dealing with business finances. From the very beginning in 2007, our aim was to create a product that would make an impact and improve the lives of micro-businesses in the UK. Now FreeAgent is one of the UK's most popular online accounting software providers, with over 125,000 customers.

Not to blow our own horn … but Accounting WEB even named FreeAgent the top bookkeeping product of 2020 and 2021. And in 2021 our mobile app was also voted ‘Client App of the Year’ by ICB LUCA. The list could go on!

It’s not just our customers who love us, our employees do too ⭐

Find out more on Glassdoor.

We believe in the power of a collaborative, high-performing, and diverse team. We’d love you to join us on our journey.

The Role 🔐

We're looking for an experienced Head of Information Security to be responsible for evolving, communicating and leading the security and data governance programme for our business. This is an engineering leadership role that requires you to have a deep, hands-on understanding of security, while operating at a senior management level, to deliver varied, high-impact and long term strategic projects of an exceptional level of quality.

FreeAgent believes security is everyone’s responsibility and we’re in a great place. There’s high engagement with security training, our code is well engineered and our AWS infrastructure is comprehensively monitored and maintained. We’ve achieved Cyber Essentials Plus certification, run regular penetration tests and are quick to adopt the latest security trends like runtime application self-protection and dependency scanning to meet the evolving threat landscape.

Taking a pragmatic approach, you will effectively assess and lead how we manage security risks and data privacy issues across the business. In this role you will ensure our Information Security frameworks, policies and procedures continue to align with industry best practices and meet regulatory requirements.

Day to day responsibilities include:

• Be an empathetic leader and evangelist of security across the company, ensuring we're following industry best practices and ensuring we're compliant where required (PCI DSS SAQ, GDPR & PECR, CyberEssentials Plus)
• Lead our Security Governance programme, taking ownership of our Data Policy Framework and Information Security Policy to ensure it's representative of the current threat landscape
• Working across the whole business to advocate data privacy needs and requirements in line with current and existing legislation
• Take ownership of our technical security measures – e.g. penetration testing, vulnerability scanning, 3rd party software dependencies and auditing, AWS Trusted Advisor and SecurityHub – to ensure our technical teams are correctly prioritising issues, remediating and staying compliant
• Work closely with our Product & Engineering and Corporate IT teams to ensure security is a primary consideration and industry best practices are incorporated at all phases of our software engineering process
• Be the owner of the due diligence requirements for external suppliers and partners, covering both inbound and outbound requests
• Thorough research and in-depth analysis, build an understanding of FreeAgent’s business, identifying security threats and provide mitigations to effectively manage the risk
• Annual FCA Operational & Security Risk submission
• Liaising with NatWest Group Security peers and associated working groups and Risk Forum
• HMRC point-of-contact for any fraud investigations / data requests under the UK 2016 IPA act
• Acting as Incident Commander on-call as part of our Incident Response process, along with other members of the Senior Engineering Management team

You 🙌

Ideally, you’ll have:

• Proven track record in driving organisation-wide security programmes, Data Protection and InfoSec governance, ideally for a SaaS/cloud-based product company
• Experience of implementing Information Security frameworks that align with ISO27001
• Solid understanding of, and hands-on experience with, web application security, AWS cloud security and OWASP best practices
• Experience of managing programmes for secure software development lifecycle, application security testing (both static and dynamic), responsible disclosure, intrusion detection, dependency management, vulnerability scanning, DDoS mitigation, SIEM
• Outstanding communication and people skills
• A pragmatic, commercially focussed approach
• Exceptional organisational / project management skills

Benefits 🎁

The annual salary for this role is £92,000 - £107,000 depending on experience.

We pride ourselves on creating a fantastic place to work, including (but not limited to!) the following:

• 33 days holiday (and an extra day for each year you're with us)
• Flexible/hybrid working
• Private health care
• Life assurance
• 5% matched pension contributions
• Summer 4 day weeks (giving you 7 additional days off!)
• Buy-as-you-earn share schemes
• Sabbatical leave (unpaid)
• Cycle to work scheme
• Wellness webinars
• Focused learning time and learning budgets
• Volunteering day

Our work life 👩🏽‍💻

We believe in a strong work-life balance, we don’t work long hours (35 hour working week), and we have a fabulous Edinburgh HQ expertly designed for collaboration including high-quality A/V equipment to provide a great experience for distributed teams.

At FreeAgent, we support each other and operate a no-blame culture. Our mindset is: work hard, be nice to people, and the rest will sort itself out!

This is a permanent, full-time role (Monday to Friday, 9am to 5pm). This role can be based remotely within the UK, and if you are in the Edinburgh area, there will be an opportunity to adopt hybrid working for this role and work under an agreed pattern from both the office and at home. Working from home is second nature to us as we have been championing remote working for 14 years.

How to apply ✍

We hire smart, talented people (like you!) to make FreeAgent even better.

Our application process is simple: upload your CV and answer a few questions about why you want to work with us. Our selection process includes:

• A phone call with a member of our Talent Team
• One or two video interviews
• Final interview in Edinburgh

We work hard to make the process straightforward, transparent, and enjoyable.

FreeAgent is an equal opportunity employer. We strongly encourage applications from people with varied backgrounds and perspectives. All applicants are considered for employment without attention to ethnicity, religion, sexual orientation, gender identity, age, family or parental status.

Want to find out more? Email any queries to talent@freeagent.com