At a Glance
- Tasks: Lead and enhance our information security, risk management, and IT operations across a global team.
- Company: Join Duco, a pioneering tech firm transforming financial services with innovative solutions.
- Benefits: Competitive salary, flexible working options, and opportunities for professional growth.
- Other info: Be part of a dynamic team dedicated to redefining operational excellence in fintech.
- Why this job: Make a significant impact in a fast-paced environment while shaping the future of security.
- Qualifications: 8+ years in information security, with strong leadership and cloud security experience.
The predicted salary is between 70000 - 90000 £ per year.
Duco is empowering financial services to transform the work undertaken in Operations by automating manual work and elevating humans from task workers to decision makers. We do this with a combination of proprietary technique, innovative cloud computing, artificial intelligence technology, and deep subject matter expertise. Our agentic Operations platform gives firms the ability to unlock full end-to-end reconciliation, data trust and automation of their data, regardless of source, format or structure. By partnering with the industry's leading firms, we are helping to rethink operating models, increase efficiency, strengthen governance and regulatory compliance, reduce risk, streamline processes and build the workforce of the future. More than 10,000 users across 30+ countries process billions of data records every week using the platform. Duco is headquartered in London, with offices in New York, Wroclaw, Antwerp and Singapore. Customers include global banks, investment managers, exchanges and insurance firms, such as CIBC Mellon, ING and Man Group.
The role involves owning our end-to-end security posture, governing our risk and compliance programme, and leading our IT Operations function. This is a VP Level role with company-wide scope. With approximately 200 employees across London, New York, Wroclaw, Antwerp, and Singapore, we move fast, build with purpose, and hold ourselves to a high bar. As we scale, information security, governance, and IT operations sit at the heart of that ambition.
What you will be doing:
- Security architecture and engineering: Define security architecture standards and lead threat modelling across the organisation; establish and maintain long-term security architecture aligned to business strategy and regulatory requirements; guide technology decisions at an enterprise level, including cloud strategy and zero trust adoption; oversee penetration testing, DLP, and advanced threat detection programmes; own the vulnerability management programme; implement enterprise frameworks including IAM, SIEM, and data classification; anticipate emerging threats, leverage AI/ML for predictive security, and set the technology vision; lead the Security Incident Response Programme.
- Governance, risk, and compliance (GRC): Define and own the GRC programme, including the ISMS, policy framework, risk registers, and audit readiness; implement and maintain compliance with ISO 27001, SOC 1, SOC 2, NIST CSF, GDPR, and relevant financial services regulations; understand the GRC landscape, implement appropriate controls, and adapt as the threat and regulatory environment shifts; own execution of GRC strategy across the organisation; ensure frameworks are scalable and adaptable; own the Third Party Risk Management (TRPM) programme, including vendor assessments and ongoing oversight.
- IT operations: Define and own the IT Operations programme, setting strategy and standards for the function; own execution of IT Operations strategy; ensure operational excellence across infrastructure, tooling, and end-user support.
- Leadership and stakeholder management: Lead, mentor, and develop a high-performing team across InfoSec, GRC, and IT Ops; build strategic relationships with clients, regulators, and internal stakeholders; engage effectively with large, complex, and multi-national enterprise clients that have mission-critical operations requirements; recognise, influence, and resolve critical issues that may affect company direction; create strategies that cross organisational boundaries to achieve broad business goals; work with industry peers and working groups to develop solutions that benefit the wider market; act as a key partner to Duco's Client Success and Pre-Sales teams.
Core Competencies:
- Technical leadership: Proven track record of strategic impact at company-wide and industry-wide levels; recognised internally and externally as an InfoSec expert, with evidence of exceptional technical and people leadership.
- End-to-end ownership: Develop proven solutions and replicate them across teams; design systems and frameworks built to last; own execution of security, GRC, and IT Ops strategy; ensure frameworks are scalable, adaptable, and aligned to business strategy and executive-level risk expectations.
- Market knowledge: Deep understanding of the security and risk landscape across fintech and beyond; evaluate and integrate advanced security technologies and GRC best practices; act as a recognised industry leader through regulatory advisory groups and industry events.
- Scope and influence: Operate across all departments; build sponsorship for strategic initiatives and drive them through; influence executive peers, board decisions, and global regulatory compliance strategy.
What We Are Looking For:
- 8+ years of progressive experience in information security, with at least 3 years in a senior or leadership role.
- Hands-on experience owning ISO 27001 and SOC 1 and SOC 2 programmes.
- Demonstrated experience managing security incidents end-to-end, including client and regulatory communications.
- Strong understanding of cloud security, particularly AWS, including IAM, logging, and observability infrastructure.
- Experience operating in a B2B SaaS or fintech environment, with exposure to enterprise client security requirements.
- Track record of building and managing TPRM programmes at scale.
- Excellent stakeholder management skills; comfortable presenting to the board and to client security teams.
- Ability to make pragmatic decisions based on company culture and risk appetite.
- Strong written communication skills: able to translate complex security topics into clear, plain-language communications for non-technical audiences.
- Experience leading and developing a small, high-performing team.
- Familiarity with AI governance and the security implications of agentic AI systems.
Beneficial Experience:
- Experience with DLP, SIEM, or SOC build-outs.
- Relevant certifications such as CISSP, CISM, or ISO 27001 Lead Implementer.
- Experience in capital markets, asset management, or securities services.
Head of Information Security in London employer: Duco Technology Ltd
Duco is an exceptional employer that fosters a dynamic and innovative work culture, empowering employees to take ownership of their roles while driving meaningful change in the financial services sector. With a commitment to professional growth, Duco offers extensive opportunities for development and collaboration across its global offices, including London, where the Head of Information Security will play a pivotal role in shaping the company's security landscape. Employees benefit from a supportive environment that values creativity and strategic thinking, making it an ideal place for those looking to make a significant impact in a fast-paced, technology-driven industry.
StudySmarter Expert Advice🤫
We think this is how you could land Head of Information Security in London
✨Get Involved in the Cybersecurity Community
Diving into the cybersecurity community is key for landing that full-time gig. Join forums like Reddit's r/cybersecurity or attend local meetups to connect with industry veterans and other job seekers. Networking is everything in this field—don’t just be a passive lurker!
✨Show Off Your Skills with Capture the Flag Competitions
Participate in Capture the Flag (CTF) competitions; these are not just a fun way to boost your skills but also a chance to showcase your talent to potential employers. Many companies, including Duco Technology Ltd, love seeing candidates who actively engage in these challenges.
✨Tailor Your Online Presence
Make sure your LinkedIn and any professional profiles reflect your cybersecurity expertise. Share your projects, whether they’re personal or from a previous role, to catch the eye of hiring managers. This is how they’ll find your passion and commitment to the field!
✨Apply Directly Through Duco Technology Ltd
Don’t forget to head straight to our website and check out any openings for cybersecurity roles at Duco Technology Ltd. Applying directly can sometimes give you an edge, especially if you can mention that you've been following our work or engaging in the community.
We think you need these skills to ace Head of Information Security in London
Some tips for your application 🫡
Show off your technical skills:In cybersecurity, it's crucial to highlight your technical prowess. Make sure your CV showcases specific skills like network security, penetration testing, or threat analysis. If you have relevant certifications (like CEH or CISSP), pop those on the front page to grab attention!
Tailor your portfolio for the role:Even for a full-time role, a portfolio can set you apart. If you've worked on any cybersecurity projects—be it CTF challenges, security assessments, or research papers—include these in your application. This demonstrates not just your skills, but also your hands-on experience!
Use real-world examples:When writing your cover letter, don’t just stick to your qualifications. Share real-world examples of how you’ve tackled security issues or vulnerabilities. This gives the hiring team at Duco Technology Ltd insight into your practical problem-solving abilities and makes your application memorable.
Demonstrate your passion for cybersecurity:Cybersecurity is an ever-evolving field, so show us that you’re always learning! Mention any recent courses, webinars, or industry events you’ve attended. This not only exhibits your enthusiasm but also signals to Duco Technology Ltd that you’re committed to staying ahead in the game.
How to prepare for a job interview at Duco Technology Ltd
✨Sharpen Your Technical Skills
For a role in cybersecurity, it’s essential to be up-to-date with the latest tools and techniques. Brush up on your knowledge of firewalls, intrusion detection systems, and vulnerability assessment tools. Be ready to discuss specific scenarios where you’ve applied these skills, as hands-on experience can really set us apart in interviews.
✨Prepare for Scenario-Based Questions
Expect the interviewers at Duco Technology Ltd to throw in some hypothetical situations to see how you’d handle them. Think about common security breaches or incidents and be prepared to explain how you would respond. This not only shows your problem-solving skills but also your understanding of real-world cybersecurity challenges.
✨Highlight Your Certifications
Certifications like CompTIA Security+, CISSP, or CEH can give you a significant edge in a full-time role in cybersecurity. Make sure to mention these during your interview and be prepared to discuss what you learned through those certifications and how they relate to the position at Duco Technology Ltd.
✨Show Your Passion for Cybersecurity
Since you’re going for a full-time gig, showing genuine enthusiasm for the field can make all the difference. Share any personal projects, blogs, or communities you’re part of that relate to cybersecurity. This not only showcases your passion but also your commitment to staying engaged in this ever-evolving field.
