Director of Information Security in Newmarket

Reports to: Chief Executive Officer

Location: Hybrid - Newmarket - 2 days on site, 2 days WFH

Hours: 32 hours across a 4-day week (no salary sacrifice)

Salary: £80,000 - £90,000

Product: Group Level, Wonde, Evouchers & Secure Schools

Who we are and what is important to us:

Beyond unifies three technology-driven brands, Wonde, Evouchers and Secure Schools. Each brand shares a vision to reduce the friction of adapting technology, to help customers navigate an often overwhelming area and provide powerful solutions that make their everyday life easier. The three brands run independently with the autonomy to continue to prosper although as part of the Beyond team, you’ll join a wider, supportive environment where you’ll be able to pull on the expertise and capabilities of the group. We do not limit ourselves to standing still. We look ahead and strive to disrupt the sector we operate in. We believe technology should not be complicated or overwhelming. It should do what it says - quickly, safely and efficiently.

Job snapshot:

As our Director of Information Security, you will be responsible for all aspects of security, governance, and risk management across Beyond. This is a hands-on leadership role for a seasoned security expert with deep expertise in modern technology environments and cloud infrastructure. You will bring experience in enabling the secure use of AI, managing financial fraud and regulatory compliance, ensuring data protection, and supporting rapidly scaling businesses. Working closely with cross-functional teams, you will establish and maintain a robust security posture while enabling growth and innovation.

What you’ll be doing:

• Define, develop, and implement a comprehensive information security strategy that supports Beyond’s growth while safeguarding assets, data, and systems.
• Actively oversee and participate in the design, implementation, and management of security & privacy controls, systems, and tools, across the global markets we operate in.
• Oversee and influence all aspects of our governance, risk, and compliance (GRC) frameworks.
• Identify, assess, and manage risks associated with our IT business's operations, ensuring appropriate measures are in place to mitigate potential threats.
• Establish and manage a robust incident response plan, including the ability to handle and remediate security & privacy breaches and vulnerabilities in real time.
• Work closely with engineering and DevOps teams to integrate security & privacy best practices into the development lifecycle, infrastructure, and architecture.
• Work closely with the Data Protection Officer to ensure that data protection, security and compliance are part of a culture throughout the Beyond group.
• Continuously evaluate and enhance vulnerability management programs, performing risk assessments, security testing, and recommending mitigation strategies.
• Build, mentor, and lead a security and data privacy team to support our security ambitions.
• Act as a key point of contact for internal stakeholders and external auditors, vendors, and clients regarding security-related matters.
• Promote a culture of security and data protection compliance throughout the group through training, awareness programs, and regular updates on best practices and emerging threats.
• Plan and manage departmental budgets and closely monitor spend.

Requirements

What we’re hoping you’ll bring:

• Proven experience in information security, including leadership roles in fast-paced, scale-up, or tech-driven environments.
• Strong technical background with deep knowledge of security technologies, tools, and best practices.
• CISSP, CISM, CEH, CIPP/E or equivalent certifications.
• Extensive knowledge of security and data privacy regulations.
• Understanding of FCA regulatory requirements and compliance expectations.
• Demonstrated experience in leading security initiatives and teams.
• Proven experience in managing complex security incidents and implementing remediation strategies.
• Familiarity with cloud-native security, container security, DevSecOps practices, and modern SaaS environments.
• Experience in high-growth or scale-up companies.
• Knowledge of software development lifecycle (SDLC) security best practices.
• Experience working with third-party security vendors and service providers.
• Strategic thinker with the ability to make informed decisions quickly.
• Excellent communication and interpersonal skills.
• Passion for learning and keeping up with evolving security trends and threats.
• Strong analytical and problem-solving skills.

Benefits

What you’ll get:

• 4-day working week
• Flexible working schedule/work-from-home opportunities
• On-site gym facilities at HQ
• Buying and selling holiday scheme
• Additional holiday for length of service
• Employee-assisted programme
• Group life assurance (Death in service)
• Will-writing assistance scheme
• Company pool cars at HQ
• Payroll giving scheme
• Health cash plan, covering everyday health treatments
• On-site trained mental health and well-being champions
• Monthly lunch club
• Discounted retail vouchers via employee savings platform
• Comprehensive wellness programmes
• Enhanced maternity, paternity and adoption benefits
• Electric car scheme & on-site EV charging
• Cycle to Work Scheme
• Eye examination scheme
• Financial contribution to the setup of work-from-home environments
• Use of new and leading technology in the form of Apple products
• Frequent company-funded social events
• Office closure between Christmas & New Year
• Access to continuous learning and development opportunities
• Comprehensive employee referral scheme
• Casual Dress Code
• Free healthy snacks & barista coffee

In addition to the above, you’ll have access to our ‘take your pick’ benefits scheme, which is tailored specifically to you.

If you're selected, we'll guide you through the following checks as part of our offer process:

• DBS Check: Verification of criminal records.
• Right to Work: Confirmation of legal work eligibility.
• References: Automated verification based on HMRC records.

We're excited about finding the right person for this position! With the dynamic market conditions, we're not setting a fixed application deadline. We encourage you to apply as soon as possible.

At Beyond, we celebrate diversity and are committed to being an equal-opportunity employer. We welcome candidates from all walks of life. If you need any accommodations during the application process, please don't hesitate to call or email us.