Head of Information Security

Aurora is a fast-growing, software-focused global business. We are looking for an experienced Head of Information Security to shape and deliver the next phase of our Information Security strategy. This is a high-impact leadership role at the centre of Aurora’s continued growth as a global, data-rich and increasingly software-led business.

You will lead and evolve our Information Security function, ensuring that security strategy, governance, controls and culture remain effective, proportionate, and aligned to business priorities. You will work closely with senior leaders and operational teams across the business to ensure that security is embedded into how Aurora builds products, operates services, protects information, supports clients and scales internationally. This role requires a leader who can combine strategic judgement, strong technical credibility and pragmatic delivery.

You will help Aurora make sound risk-based decisions, strengthen cyber resilience, and support the continued evolution of Aurora’s wider security and compliance operating model. The successful candidate will thrive in a creative and intellectually stimulating environment, enjoy a high degree of autonomy, and have the opportunity to make a significant contribution to our digital strategy and long-term resilience.

• Define, maintain and evolve Aurora’s Information Security strategy, roadmap and target operating model to support business growth, product development and international expansion.
• Lead and develop the Information Security function, building organisational capability through a combination of central leadership, cross-functional influence and clear ownership across the business.
• Lead Information Security governance, risk and assurance activities, ensuring clear reporting, effective escalation and risk-informed decision-making at executive level.
• Maintain Aurora’s Information Security risk management framework and risk register, ensuring key risks are identified, prioritised, communicated and addressed appropriately.
• Provide assurance to internal and external stakeholders that Aurora’s security controls are effective, proportionate and aligned to business, customer and regulatory requirements.
• Lead security assurance and certification activities, including ISO 27001, SOC 2, and related audit readiness, while contributing to the continued evolution of Aurora’s wider security and compliance operating model.
• Partner with Legal and other relevant stakeholders on data protection, customer and supplier due diligence, contractual security commitments and third-party risk management.
• Help define how security responsibilities and capabilities are allocated across Aurora’s technology, legal/compliance and business functions, ensuring clear accountability, effective challenge and strong delivery.
• Drive security by design across Aurora’s products, platforms, systems and infrastructure, working closely with engineering and technology leaders to embed secure architecture, secure development lifecycle practices and appropriate technical controls.
• Strengthen capabilities across core security domains including identity and access management, privileged access, vulnerability management, incident response, disaster recovery, data protection, security awareness and supplier security.
• Work closely with stakeholders at all levels of the organisation, including operational teams such as People & Culture, Business Infrastructure & Operations and Finance, to support audits, evidence gathering, control improvement and the effective adoption of security requirements across the organisation.
• Lead response to significant information security incidents, acting as a senior decision-maker during crisis situations and driving post-incident learning and improvement.
• Build a strong, pragmatic security culture across the organisation through effective awareness, engagement, coaching and leadership.
• Manage the Information Security budget, financial forecasts and investment cases, ensuring that spend is aligned to Aurora’s risk profile and strategic priorities.
• Provide trusted advice and challenge to senior stakeholders on emerging risks and opportunities, including those related to AI adoption, shadow IT, cloud services and evolving regulatory expectations.

• Significant leadership experience in Information Security, Cyber Security, or a closely related role within a technology-led, software-oriented and internationally operating business.
• Strong technical credibility and sound judgement across key security domains, with sufficient depth to guide strategy, challenge decisions and work effectively with specialist software engineering and IT teams.
• Broad experience across areas such as product/application security, cloud/infrastructure security, identity and access management, incident response, vulnerability management and security governance.
• Proven experience developing and delivering an Information Security strategy in a way that balances risk reduction, business enablement and operational pragmatism.
• Strong experience leading security risk assessments, threat modelling, incident management and remediation of security weaknesses in a structured, risk-based way.
• Significant experience managing external audits, customer assurance and recognised security standards/certifications such as ISO 27001 and SOC 2.
• Experience influencing senior stakeholders and communicating clearly at executive level, including the ability to translate technical risk into clear business decisions and trade-offs.
• Able to lead effectively through subject-matter experts, building strong partnerships with engineering, IT and business leaders to drive security outcomes across a shared-responsibility model.
• A pragmatic, delivery-oriented mindset, with the judgement to know when to stay strategic and when to be hands-on.
• Excellent communication, collaboration and relationship-building skills, with the ability to work effectively across technical, operational and non-technical functions, and to engage confidently with stakeholders at different levels of seniority.
• Strong problem-solving skills, sound judgement and a bias for action.

• Experience in a fast-growing global software or SaaS business.
• Experience embedding security by design / DevSecOps practices into software engineering and platform teams.
• Experience supporting security requirements for enterprise customers, regulated sectors or complex supplier ecosystems.
• Familiarity with emerging security challenges around AI adoption, shadow AI, API security and third-party SaaS risk.
• Experience operating in an environment with multiple international offices and evolving regulatory requirements.

• Private Medical Insurance
• Dental Insurance
• Parental Support
• Salary-Exchange Pension
• Employee Assistance Programme (EAP)
• Local Oxford Discounts
• Cycle-to-work Scheme
• Flu Jabs

The Company is committed to the principle that no employee or job applicant shall receive unfavourable treatment on grounds of age, disability, gender reassignment, race, religion or belief, sex, sexual orientation, marriage or civil partnership, pregnancy, and maternity.