Find a job 
Featured Companies 
Featured Universities 
For Companies At a Glance
- Tasks: Lead and enhance our cybersecurity framework while managing a high-performing security team.
- Company: Dynamic tech company focused on innovative security solutions.
- Benefits: Competitive salary, hybrid work model, and opportunities for professional growth.
- Why this job: Make a real impact in shaping our security strategy and protecting vital information.
- Qualifications: Proven experience in information security leadership and strong understanding of regulatory standards.
- Other info: Join a culture of continuous improvement and achieve Cyber Essentials Plus within your first year.
The predicted salary is between 80000 - 100000 £ per year.
As Head of Information Security, you will be accountable for building, maintaining, and continuously improving a proportionate, risk-based cybersecurity framework aligned to NIST CSF 2.0. This is a hybrid leadership and technical delivery role: while governance, assurance, and influencing across the business are critical, you will also roll up your sleeves to implement and oversee technical security controls where necessary. You will lead the security strategy, risk management, and compliance initiatives, working closely with IT, Engineering, Product, and third-party partners, while reporting regularly to the CTO, CEO and executive team on risk posture and security priorities.
What You’ll Do:
- Lead the development and operation of our information security program in line with NIST CSF 2.0.
- Own and manage an active risk management framework, ensuring risks are identified, assessed, treated, and monitored.
- Report security posture and key risks clearly to CTO, CEO and executive leadership.
- Define and oversee technical security controls across identity, endpoint, cloud, and network environments.
- Govern outsourced security services (e.g., MDR/SOC) to ensure effective detection, response, and remediation.
- Define and implement a vulnerability management programme.
- Lead incident response planning, testing, and lessons-learned processes.
- Embed security into the delivery lifecycle and ensure secure practices across teams.
- Develop and maintain security awareness programs and training for staff.
- Manage and mentor a high-performing security team including an ISMS coordinator and security engineer, fostering a culture of continuous improvement.
- Achieve Cyber Essentials Plus within first 12 months.
- Maintain, and oversee information security and data governance policies, standards, and procedures.
- Provide oversight and assurance for third-party and supplier security risk management.
What We’re Looking For:
- Proven experience leading information security programs in a scaling or high-change environment.
- Deep understanding of regulatory standards (ISO 27001, NIS2, NIST CSF 2.0, PCI DSS, GDPR) and security frameworks.
- Strong understanding of modern cyber controls: IAM, endpoint security, vulnerability management, cloud security, logging, monitoring, and secure delivery practices.
- Experience managing outsourced security services (MDR/SOC) and vendors.
- Strong leadership, influence, and stakeholder management skills within a matrix delivery model.
- Ability to operate at both strategic and hands-on levels.
Desirable: CISSP, CISM, CISA, or relevant cloud/security technical certifications.
Head of Information Security employer: CyberNorth
Contact Detail:
CyberNorth Recruiting Team
StudySmarter Expert Advice 🤫
We think this is how you could land Head of Information Security
✨Tip Number 1
Network like a pro! Get out there and connect with folks in the cybersecurity field. Attend industry events, webinars, or even local meetups. You never know who might have the inside scoop on job openings or can put in a good word for you.
✨Tip Number 2
Show off your skills! Create a portfolio or a personal website where you can showcase your projects, achievements, and any relevant certifications. This is a great way to demonstrate your expertise in information security and make a lasting impression.
✨Tip Number 3
Prepare for interviews by brushing up on your knowledge of NIST CSF 2.0 and other regulatory standards. Be ready to discuss how you've implemented security frameworks in past roles. We want to see your hands-on experience shine through!
✨Tip Number 4
Don’t forget to apply through our website! It’s the best way to ensure your application gets seen by the right people. Plus, it shows you’re genuinely interested in joining our team and contributing to our mission in information security.
We think you need these skills to ace Head of Information Security
Some tips for your application 🫡
Tailor Your CV: Make sure your CV speaks directly to the job description. Highlight your experience with NIST CSF 2.0 and any relevant security frameworks. We want to see how your skills align with what we're looking for!
Craft a Compelling Cover Letter: Your cover letter is your chance to shine! Use it to explain why you're passionate about information security and how you can lead our security strategy. Keep it engaging and personal, so we get a sense of who you are.
Showcase Your Leadership Skills: Since this role involves leading a team, make sure to highlight your leadership experience. Share examples of how you've managed teams or projects in the past, especially in high-change environments. We love seeing that hands-on approach!
Apply Through Our Website: We encourage you to apply through our website for a smoother process. It helps us keep track of applications and ensures you don’t miss out on any important updates. Plus, it’s super easy!
How to prepare for a job interview at CyberNorth
✨Know Your Frameworks
Make sure you’re well-versed in NIST CSF 2.0 and other relevant standards like ISO 27001 and GDPR. Brush up on how these frameworks apply to risk management and security controls, as you’ll need to demonstrate your understanding during the interview.
✨Showcase Your Leadership Skills
Prepare examples of how you've led information security initiatives in previous roles. Highlight your experience in managing teams and influencing stakeholders, especially in a hybrid environment where both governance and technical skills are crucial.
✨Be Ready for Technical Questions
Expect to dive into specifics about modern cyber controls such as IAM, endpoint security, and vulnerability management. Be prepared to discuss how you’ve implemented these controls and the outcomes of those initiatives.
✨Demonstrate Continuous Improvement Mindset
Talk about how you foster a culture of continuous improvement within your team. Share any experiences where you’ve developed security awareness programs or led incident response planning, showing that you’re proactive about enhancing security practices.