Find a job 
Featured Companies 
Featured Universities 
For Companies At a Glance
- Tasks: Lead our security strategy and ensure compliance while supporting growth and innovation.
- Company: Join ApprovalMax, a fast-growing fintech trusted by over 18,000 businesses worldwide.
- Benefits: Enjoy competitive pay, 26 days off, and remote work perks.
- Why this job: Make a real impact in a dynamic environment focused on security and technology.
- Qualifications: 8+ years in information security with experience in B2B SaaS and cloud environments.
- Other info: Be part of a growing international team with excellent career development opportunities.
The predicted salary is between 72000 - 108000 £ per year.
ApprovalMax is redefining how finance teams manage the Money Out cycle—from purchase orders and supplier bills to employee expense management. Trusted by 18,000+ businesses worldwide, our platform empowers companies to automate financial controls, ensure compliance, and scale efficiently. At the end of 2024, ApprovalMax secured a £10 million growth investment from Yttrium, a leading European technology investor. This funding marks the beginning of a new chapter in our journey—scaling our category leadership in Money Out automation, expanding enterprise capabilities, and accelerating product innovation.
We are seeking an experienced Fractional CISO to provide hands-on security leadership as we evolve our security function to support continued growth and European expansion. This is a permanent fractional engagement reporting directly to the CTO. You will own our information security strategy, maintain our ISO 27001 certification, build our security roadmap, and prepare the organisation for SOC 2 readiness in 2026-2027. This role requires someone who can operate both strategically and tactically—developing policy one day and reviewing cloud configurations the next.
Responsibilities
- Develop and own the Information Security strategy aligned with ApprovalMax's business objectives and European expansion plans
- Maintain and continuously improve the Information Security Management System (ISMS)
- Create, review, and maintain core security policies, standards, and procedures
- Establish and chair a cross-functional Security Working Group (Engineering, Architecture, IT, HR)
- Build and present a multi-year security roadmap with clear milestones, resource requirements, and priorities
- Serve as the central authority on risk assessment, risk treatment, and risk acceptance decisions
- Assess and provide guidance on secure AI adoption across the organisation, including AI-powered product features and internal AI tooling
Compliance & Certification
- Maintain ISO 27001 certification and prepare for the 2027 recertification audit
- Lead SOC 2 Type II readiness programme (target: 2026-2027), including gap analysis and control mapping
- Ensure compliance with GDPR and data protection requirements across EU/UK/US/AU/NZ/CA/ZA jurisdictions
- Collaborate with external DPO support provider on privacy-related matters and customer security questionnaires as needed
Cloud & Technical Security
- Provide security oversight across Azure, AWS, and Google Workspace environments
- Conduct access reviews and advise on identity and access management best practices
- Evaluate and guide implementation of security tooling (SIEM, vulnerability management, endpoint protection)
- Oversee VMware Workspace ONE MDM deployment and device security policies
- Advise engineering teams on secure SDLC practices, DevSecOps integration, and application security principles
Operational Security
- Develop and maintain incident response plans and procedures
- Lead incident response tabletop exercises and post-incident reviews
- Provide guidance on business continuity and disaster recovery planning
- Advise on vendor security assessments and third-party risk management
Awareness & Culture
- Design and deliver company-wide security awareness training programmes
- Mentor and upskill internal staff on security best practices
- Foster a security-first culture across all departments
- Act as a trusted advisor to leadership on emerging threats and security trends
Stakeholder Engagement
- Report regularly to the CTO on security posture, risks, and programme progress
- Prepare board-level security presentations as required (infrequent)
- Support commercial teams by contributing to customer security discussions when escalated
Qualifications
- 8+ years of progressive experience in information security, with at least 3 years in a CISO, Head of Security, or senior security leadership role
- Demonstrated experience in B2B SaaS environments, ideally in fintech, finance software, or similarly regulated industries
- Proven track record of achieving and maintaining ISO 27001 certification
- Experience preparing organisations for SOC 2 Type II certification
- Hands-on experience securing cloud environments (Azure and/or AWS required; GCP a plus)
- Experience with Google Workspace security configuration and administration
- Background working with distributed, remote-first engineering teams
Technical Knowledge
- Strong understanding of cloud security architecture, identity management, and zero-trust principles
- Familiarity with secure software development lifecycle (SDLC) and DevSecOps practices
- Knowledge of MDM solutions (VMware Workspace ONE experience preferred)
- Understanding of API security and integration risk management
- Practical experience with security tooling: SIEM, vulnerability scanners, endpoint protection, etc.
- Awareness of AI/ML security risks, including secure AI adoption practices and emerging AI governance frameworks (desirable)
Compliance & Regulatory
- Deep knowledge of ISO 27001:2022 requirements and audit processes
- Familiarity with SOC 2 Trust Service Criteria (Security, Availability, Confidentiality, Privacy)
- Understanding of GDPR, UK Data Protection Act, and international data transfer mechanisms
- Awareness of regional requirements across EU, UK, US, Australia, New Zealand, Canada, and South Africa
Additional information
- Growing international business with 10,000+ subscribers
- Regular performance-based compensation reviews
- 26 days paid time off
- 1 additional day off for your Birthday
- Remote office assistance
- Service years recognition financial reward
Fractional Chief Information Security Officer employer: ApprovalMax
Contact Detail:
ApprovalMax Recruiting Team
StudySmarter Expert Advice 🤫
We think this is how you could land Fractional Chief Information Security Officer
✨Tip Number 1
Network like a pro! Reach out to your connections in the industry, attend relevant events, and engage with professionals on platforms like LinkedIn. We can’t stress enough how important it is to make those personal connections that could lead to job opportunities.
✨Tip Number 2
Prepare for interviews by researching the company inside out. Understand their products, culture, and recent news. When you apply through our website, you’ll have access to resources that can help you tailor your approach and stand out during the interview process.
✨Tip Number 3
Showcase your expertise! Bring examples of your past work, especially those that align with the role you're applying for. We recommend creating a portfolio or a presentation that highlights your achievements and how they relate to the job at ApprovalMax.
✨Tip Number 4
Follow up after interviews! A simple thank-you email can go a long way in keeping you top of mind. It shows your enthusiasm for the role and gives you another chance to reiterate why you’re the perfect fit. Remember, we’re here to support you through this journey!
We think you need these skills to ace Fractional Chief Information Security Officer
Some tips for your application 🫡
Tailor Your Application: Make sure to customise your CV and cover letter to highlight your experience in information security, especially in B2B SaaS environments. We want to see how your skills align with our needs at ApprovalMax!
Showcase Your Achievements: Don’t just list your responsibilities; share specific achievements that demonstrate your impact in previous roles. Whether it’s maintaining ISO 27001 certification or leading a SOC 2 readiness programme, we love to see results!
Be Clear and Concise: Keep your application straightforward and to the point. Use bullet points for easy reading and make sure to clearly outline your relevant experience and skills. We appreciate clarity as much as you do!
Apply Through Our Website: We encourage you to submit your application directly through our website. It’s the best way for us to receive your details and ensures you’re considered for this exciting opportunity at ApprovalMax!
How to prepare for a job interview at ApprovalMax
✨Know Your Stuff
Make sure you’re well-versed in information security principles, especially those relevant to ISO 27001 and SOC 2. Brush up on your knowledge of cloud security, risk management, and compliance regulations like GDPR. This will not only help you answer questions confidently but also show that you're genuinely interested in the role.
✨Showcase Your Experience
Prepare specific examples from your past roles that demonstrate your ability to develop security strategies and lead teams. Highlight any hands-on experience you have with cloud environments like Azure or AWS, and be ready to discuss how you've successfully maintained certifications in previous positions.
✨Engage with the Team
Since this role involves collaboration across various departments, be prepared to discuss how you’ve worked with cross-functional teams in the past. Share examples of how you’ve fostered a security-first culture and mentored others in security best practices. This will show that you can effectively communicate and build relationships within the company.
✨Ask Smart Questions
At the end of the interview, don’t shy away from asking insightful questions about ApprovalMax’s current security posture, future plans for expansion, or their approach to emerging threats. This demonstrates your strategic thinking and genuine interest in contributing to their growth.
