Find a job 
Featured Companies 
Featured Universities 
For Companies At a Glance
- Tasks: Lead security strategy and ensure compliance while supporting company growth.
- Company: Join ApprovalMax, a fast-growing fintech transforming finance management.
- Benefits: Competitive pay, remote work, 26 days off, and birthday leave.
- Other info: Opportunity for career growth and regular performance reviews.
- Why this job: Make a real impact on security in a dynamic, international environment.
- Qualifications: 8+ years in information security with leadership experience required.
The predicted salary is between 72000 - 108000 £ per year.
London, UK – Employees can work remotely. Contract position as a permanent fractional engagement reporting to the CTO.
Company ApprovalMax is redefining how finance teams manage the Money Out cycle — from purchase orders and supplier bills to employee expense management. Trusted by 18,000+ businesses worldwide, our platform automates financial controls, enables compliance, and supports scalable growth. At the end of 2024, ApprovalMax secured a £10 million growth investment from Yttrium, a leading European technology investor.
We are seeking an experienced Fractional CISO to provide hands-on security leadership as we evolve our security function to support continued growth and European expansion. This role is a permanent fractional engagement reporting to the CTO. You will own our information security strategy, maintain ISO 27001 certification, build our security roadmap, and prepare the organization for SOC 2 readiness in 2026-2027. The role requires strategic and tactical operating ability—from policy development to reviewing cloud configurations.
Key Responsibilities- Strategy & Governance
- Develop and own the Information Security strategy aligned with ApprovalMax's business objectives and European expansion plans.
- Maintain and continuously improve the Information Security Management System (ISMS).
- Create, review, and maintain core security policies, standards, and procedures.
- Establish and chair a cross-functional Security Working Group (Engineering, Architecture, IT, HR).
- Build and present a multi-year security roadmap with milestones, resource requirements, and priorities.
- Serve as the central authority on risk assessment, risk treatment, and risk acceptance decisions.
- Assess and provide guidance on secure AI adoption across the organization, including AI-powered product features and internal AI tooling.
- Compliance & Certification
- Maintain ISO 27001 certification and prepare for the 2027 recertification audit.
- Lead SOC 2 Type II readiness programme (target: 2026-2027), including gap analysis and control mapping.
- Ensure GDPR and data protection compliance across EU/UK/US/AU/NZ/CA/ZA.
- Collaborate with external DPO support provider on privacy matters and customer security questionnaires as needed.
- Cloud & Technical Security
- Provide security oversight across Azure, AWS, and Google Workspace.
- Conduct access reviews and advise on identity and access management best practices.
- Evaluate and guide security tooling (SIEM, vulnerability management, endpoint protection).
- Oversee VMware Workspace ONE MDM deployment and device security policies.
- Advise engineering teams on secure SDLC, DevSecOps, and application security.
- Operational Security
- Develop and maintain incident response plans and procedures.
- Lead incident response tabletop exercises and post-incident reviews.
- Provide guidance on business continuity and disaster recovery planning.
- Advise on vendor security assessments and third-party risk management.
- Awareness & Culture
- Design and deliver company-wide security awareness training.
- Mentor and upskill internal staff on security best practices.
- Foster a security-first culture across departments.
- Act as a trusted advisor to leadership on emerging threats and security trends.
- Stakeholder Engagement
- Report to the CTO on security posture, risks, and programme progress.
- Prepare board-level security presentations as required (infrequent).
- Support commercial teams by contributing to customer security discussions when escalated.
- 8+ years in information security, including at least 3 years in a CISO, Head of Security, or senior leadership role.
- Experience in B2B SaaS, fintech, finance software, or similarly regulated industries.
- Proven track record of achieving and maintaining ISO 27001 certification.
- Experience preparing organizations for SOC 2 Type II.
- Hands-on cloud security experience (Azure and/or AWS required; GCP a plus).
- Experience with Google Workspace security configuration and administration.
- Background working with distributed, remote-first engineering teams.
- Cloud security architecture, identity management, and zero-trust principles.
- Secure SDLC and DevSecOps practices.
- MDM solutions (VMware Workspace ONE preferred).
- API security and integration risk management.
- Security tooling: SIEM, vulnerability scanners, endpoint protection.
- Awareness of AI/ML security risks and governance frameworks (desirable).
- ISO 27001:2022 requirements and audit processes.
- SOC 2 Trust Service Criteria (Security, Availability, Confidentiality, Privacy).
- GDPR, UK Data Protection Act, and international data transfers.
- Regional requirements across EU, UK, US, Australia, New Zealand, Canada, and South Africa.
- Growing international business with 10,000+ subscribers.
- Regular performance-based compensation reviews.
- 26 days paid time off.
- 1 additional day off for your Birthday.
- Remote office assistance.
- Service years recognition financial reward.
Fractional Chief Information Security Officer (CISO) in London employer: ApprovalMax
Contact Detail:
ApprovalMax Recruiting Team
StudySmarter Expert Advice 🤫
We think this is how you could land Fractional Chief Information Security Officer (CISO) in London
✨Tip Number 1
Network like a pro! Reach out to your connections in the industry, attend relevant events, and engage with professionals on platforms like LinkedIn. We all know that sometimes it’s not just what you know, but who you know that can land you that dream role.
✨Tip Number 2
Prepare for interviews by researching the company inside out. Understand their products, culture, and recent news. When we show genuine interest and knowledge about ApprovalMax, it’ll definitely set us apart from the competition!
✨Tip Number 3
Practice makes perfect! Conduct mock interviews with friends or use online resources to refine your answers. We want to be confident and articulate when discussing our experience and how it aligns with the Fractional CISO role.
✨Tip Number 4
Don’t forget to follow up after interviews! A simple thank-you email can go a long way in keeping us top of mind. Plus, it shows our enthusiasm for the position. And remember, apply through our website for the best chance at landing that job!
We think you need these skills to ace Fractional Chief Information Security Officer (CISO) in London
Some tips for your application 🫡
Tailor Your CV: Make sure your CV is tailored to the Fractional CISO role. Highlight your experience in information security, especially in B2B SaaS and fintech. We want to see how your skills align with our needs!
Craft a Compelling Cover Letter: Your cover letter is your chance to shine! Use it to explain why you're the perfect fit for ApprovalMax. Share specific examples of your achievements in maintaining ISO 27001 certification and preparing for SOC 2.
Showcase Your Technical Skills: Don’t forget to highlight your hands-on cloud security experience, especially with Azure and AWS. We’re keen on seeing your knowledge of secure SDLC and DevSecOps practices, so make sure to include that!
Apply Through Our Website: We encourage you to apply directly through our website. It’s the best way for us to receive your application and ensures you don’t miss any important updates from our team!
How to prepare for a job interview at ApprovalMax
✨Know Your Stuff
Make sure you brush up on your knowledge of ISO 27001 and SOC 2 requirements. Be ready to discuss how you've maintained these certifications in previous roles, as well as any hands-on experience you have with cloud security, especially in Azure and AWS.
✨Show Your Strategic Side
Prepare to talk about how you would align the information security strategy with ApprovalMax's business objectives. Think about examples from your past where you've successfully developed and implemented security roadmaps or policies that supported growth.
✨Engage with the Team
Since this role involves chairing a cross-functional Security Working Group, be ready to discuss how you would foster collaboration across departments. Share examples of how you've worked with engineering, IT, and HR teams to enhance security culture and practices.
✨Be Ready for Scenario Questions
Expect questions that assess your incident response capabilities. Prepare to outline your approach to developing incident response plans and leading tabletop exercises. Having a few real-life examples of how you've handled security incidents will definitely impress!