About the role
We're looking for a Head of InfoSec to champion security across Lendable, ensuring our products, platforms, and processes remain secure as we scale. This is a high-impact leadership role with broad responsibility across application security, operations, and governance.
As Head of InfoSec, you'll be the champion of security across the organisation, balancing business growth with operational resilience. You'll shape how we embed security into every part of our product and operations, and play a critical role in building trust with customers, partners, and regulators. You will lead a team of exceptional security engineers, delivering a technical roadmap that you will shape.
What you’ll be doing
Application Security (AppSec): Driving secure development practices, code analysis, and threat modelling.
Security Operations (SOC): Overseeing monitoring, incident response, vulnerability management, and operational resilience.
Governance, Risk & Compliance (GRC): Leading our efforts to achieve and maintain compliance with PCI, GDPR, SOC2, and ISO27001.
Vendor Security: Spearheading due diligence and monitoring of third parties, integrated with our Vendor Governance Forum.
Policies & Assurance: Defining and enforcing security standards, collaborating with IT Ops and Platform Engineering on execution, and providing assurance to stakeholders, customers, and regulators.
Risk Management: Escalating material risks directly to the CTO and other risk functions.
Culture & Training: Promoting a secure-by-design culture through training, awareness, and best practices across the company.
What we're looking for
We're seeking an experienced security leader who is comfortable with:
Building a team: You have prior management experience and a proven track record of growing a collaborative and cross-functional Security team.
Scaling AppSec: You've owned and scaled a robust Application Security program, including secure development, code analysis, and threat modelling.
Running Security Operations: You have deep experience overseeing a Security Operations function, managing monitoring, incident response, and vulnerability management.
Driving GRC: You're an expert in managing compliance frameworks such as PCI, GDPR, SOC2, and ISO 27001, and you're skilled at preparing for audits.
Vendor Security: You have led vendor security analysis, including due diligence and ongoing monitoring.
Collaboration & Execution: You can define and enforce security policies while working effectively with cross-functional teams like IT Ops and Platform Engineering.
Stakeholder Management: You're adept at providing assurance to stakeholders, customers, and regulators.
Risk Leadership: You are comfortable escalating material risks directly to VPs, the CTO, and other risk functions.
Cultural Influence: You have a passion for promoting a security-first culture through training, awareness, and secure-by-design practices.
Adaptability: You thrive in a modern Cloud (AWS, GCP, Azure, Kubernetes, CI/CD) and AI environment, staying current with industry trends.
Interview process
Intro Call with People Team: A brief conversation to get to know you and your background.
Call with VP of Technology: A deeper dive into your experience and how it aligns with our technical vision.
Onsite Interview: A deeper session where you’ll meet with several team members and stakeholders to discuss your technical expertise, management philosophy, and approach to delivery and collaboration. Don’t worry, we won’t ask you to code.
Call with CTO: A final conversation to discuss the strategic impact of the role
