Head of Information Security

We're recruiting a Head of Information Security to support the Chief Information Security Officer in leading, coordinating and developing AJ Bell's Information Security capability as the business continues to grow. This is a key senior leadership role within the Information Security team, helping to ensure AJ Bell continues to protect its customers, systems, services and data while enabling secure business growth.

Working closely with the CISO, you'll help translate the information security vision and strategy into clear delivery plans, coordinated priorities and measurable outcomes across the Information Security function. You'll play a central role in the day-to-day operational management of the Information Security leadership team, helping to ensure work is well prioritised, delivery is joined up, risks and issues are visible and the function continues to mature in line with business needs.

You will:

• Support the CISO in leading and developing AJ Bell's Information Security function, ensuring the team continues to protect the business and customers while enabling secure growth.
• Translate the CISO's strategic direction into clear priorities, delivery plans, governance routines and measurable outcomes across the Information Security leadership team.
• Provide day-to-day operational leadership across the Information Security function, helping to ensure activity is prioritised, coordinated and delivered effectively.
• Help ensure security activity across change, product security, engineering, GRC, IAM and security operations is joined up and aligned to business risk.
• Deputise for the CISO when required, including representing Information Security in senior meetings, governance forums, risk committees and business discussions.
• Act as a senior escalation point for cross-functional security issues, delivery risks, prioritisation challenges and operational matters requiring leadership attention.
• Support the development, tracking and delivery of the Information Security strategy, roadmap and annual operating plan.
• Help maintain clear visibility of Information Security deliverables, risks, issues, decisions and dependencies across the function.
• Support the development of security MI, reporting, dashboards that clearly communicate progress, performance, security posture and areas requiring attention.
• Work with Information Security leadership to ensure risks, control gaps and delivery priorities are understood, owned and managed effectively.
• Help ensure the Information Security function operates with clear roles, accountabilities, governance and decision-making processes.
• Support effective planning, budgeting, resource management and prioritisation across the Information Security team.
• Help coordinate responses to internal audit, external audit, regulatory engagement and senior management requests where they require input from multiple areas of Information Security.
• Work with the Head of Security GRC to ensure security risks, policy requirements, awareness activity and IAM priorities are appropriately governed and embedded.
• Work with the Head of Security Strategy and Architecture to ensure business and technology change is supported by clear security direction, pragmatic advice and appropriate design assurance.
• Work with the Head of Security Engineering to ensure security tooling and control improvements are prioritised, delivered and embedded effectively.
• Work with the Head of Security Operations to ensure operational security priorities, incident themes, vulnerability trends and supplier performance are visible and acted upon, without taking away the accountability of the Security Operations function.
• Support the development of a high-performing Information Security leadership team, helping leaders manage priorities, develop their teams and deliver consistently.
• Promote a culture of ownership, accountability and continuous improvement across Information Security.
• Help improve the way the Information Security team works, including opportunities to use automation, AI, repeatable workflows and clearer governance to improve efficiency and consistency.
• Support the CISO in identifying future capability needs for the Information Security function and shaping plans to meet those needs.

You will have:

• Strong experience working in a senior Information Security, Cyber Security, Technology Risk or related leadership role.
• Experience leading or coordinating multiple security disciplines, such as security architecture, product security, security engineering, GRC, IAM, security operations, incident response or vulnerability management.
• A strong understanding of information security risk management, security governance, control frameworks and operational security processes.
• Experience translating security strategy into practical delivery plans, priorities and measurable outcomes.
• The ability to lead through others, supporting senior managers and heads of function to deliver effectively.
• Strong organisational skills, with the ability to manage complex priorities, dependencies, risks and issues across multiple teams.
• Experience developing security MI, reporting, dashboards or governance packs for senior stakeholders.
• Strong stakeholder management skills, with the confidence to challenge constructively and influence decisions where security risk needs to be better understood or addressed.
• Excellent written and verbal communication skills, with the ability to explain complex security issues in clear business terms.
• Experience working with senior technology, risk, compliance, business and executive stakeholders.
• Good knowledge of recognised information security frameworks and standards such as ISO 27001, NIST, CIS or similar.
• Awareness of relevant regulatory and data protection requirements, such as GDPR, FCA and PRA expectations.
• Experience supporting audit, regulatory engagement, risk committees or senior management governance forums.
• Good understanding of modern technology environments, including cloud, digital platforms, DevOps, third-party services and enterprise infrastructure.
• The ability to bring structure, pace and clarity to ambiguous or complex security challenges.
• A practical, delivery-focused mindset, combined with the ability to contribute to longer-term strategic planning.
• A collaborative and professional approach, with the credibility to build trusted relationships across Technology Services and the wider business.
• The ability to remain calm under pressure, make balanced decisions and help others focus on the right priorities.
• A strong commitment to developing people, improving ways of working and building a mature security culture.

Experience in financial services, investment platforms, regulated environments or e-commerce would be advantageous. Experience operating as a deputy to a CISO, Head of Information Security, Head of Cyber Security, Head of Technology Risk or similar senior leadership role would also be beneficial.

This role would suit someone who is already operating as a senior security leader, head of information security, head of cyber security, technology risk leader, deputy CISO or security programme leader, and is ready to take on broader leadership responsibility across a growing Information Security function. You'll be comfortable working with technical teams, business leaders and executive stakeholders, able to manage competing priorities and capable of stepping in for the CISO when needed. You'll bring structure, ownership and energy to the role, helping the Information Security leadership team turn strategy into delivery while continuing to mature and improve.

This is not a role focused on owning a single security discipline. It is a broad leadership role designed to help the Information Security function operate effectively as one team. You'll need to be able to understand the work of each security area, ask the right questions, manage dependencies and ensure delivery remains aligned to business risk and strategic priorities. You'll be a trusted partner to the CISO, providing the operational leadership, follow-through and coordination needed to allow the CISO to focus on strategic planning, executive engagement and the longer-term development of AJ Bell's security capability.

About AJ Bell

At AJ Bell, we believe investing should feel good. Whether you're looking for an ISA, pension or dealing account, whether you want to invest with the help of a financial adviser or do it yourself, we have easy-to-use solutions to suit people from all walks of life. We're one of the UK's fastest-growing investment platform businesses, trusted by everyone from professional financial advisers to first-time investors. Today, over 723,000 customers trust us to manage more than £108.7 billion of assets. By continually striving to make investing simpler and more accessible, we're helping more people take control of their financial futures. We're proud to be recognised as one of the UK's Best 100 Companies to Work For for six consecutive years, and a Great Place to Work® in 2025 and 2026, a reflection of our supportive and collaborative culture.

What we offer:

• 28 days holiday, increasing with service + buy/sell scheme + bank holidays
• 8% Pension with matched contributions
• Discretionary bonus scheme
• Share schemes (including free shares and BAYE)
• Private healthcare and Dental plan
• Enhanced family leave (subject to qualifying criteria)
• Travel and bike loan schemes
• Employee Assistance Programme

Life at AJ Bell

Regular social events including summer and Christmas parties. Learning and development opportunities tailored to you. Casual dress code. Friendly, supportive team environment.

Our ways of working

At AJ Bell, our people are the heart of our culture. We believe in building strong connections by working together. That's why we offer a hybrid working model, where you'll spend a minimum of 50% of your working time from the office in either our Head office in Manchester or London Office. For new team members, the first 3 months will be spent full-time in the office to help you immerse yourself in our business and build valuable relationships with your colleagues.

Inclusion & diversity

We’re committed to creating an inclusive environment where everyone feels respected, supported and able to be themselves at work. We welcome applications from all backgrounds and make hiring decisions based on skills, experience and potential.