Head of Security

About the role

This is a new role at Eagle Eye, created to establish and grow a dedicated security function within the business. Reporting to the Director of Operations, you will have the support of an experienced leader with deep technical and organisational knowledge, along with access to SRE, Customer Care, and Compliance teams as you build this function from the ground up. You will take ownership of security across the group, identifying security risks, translating them into actionable prevention or mitigation work, by working directly with our external partners and internal teams. You will also act as the central point of contact for all security-related matters, including client questionnaires and audits across the group. The role combines hands-on investigation and delivery with coordination across teams. Over time, you will help shape and evolve Eagle Eye’s security function as the business continues to scale.

Typical duties

• Security Ownership & Delivery: Act as the single owner for security across the Eagle Eye group, maintaining a clear, prioritised view of risks and remediation activity across infrastructure, applications, SaaS platforms, and operational processes. Own and manage a structured security backlog, ensuring issues are identified, triaged, prioritised, and progressed through to resolution using inputs from internal tooling and external partners. Work closely with Engineering, SRE, Product, and Customer Care teams to ensure security improvements are delivered in a practical and timely way, aligned to business priorities.
• Identity, Access & Platform Security: Own and evolve identity and access management across Google Cloud and SaaS platforms, improving how roles, permissions, and privileged access are structured, reviewed, and controlled. Ensure authentication and access controls are applied consistently across the organisation, strengthening governance, reducing unnecessary access, and improving visibility across all systems. Oversee the security of the SaaS estate and platform access, working with existing tooling and controls to ensure secure usage, device trust, and network access restrictions are applied effectively.
• Application, Data & External Security: Own the approach to securing application and API access, ensuring appropriate controls are in place to manage how internal and external users interact with the platform. Act as the primary point of contact for security-related queries from clients and external stakeholders, supporting security questionnaires, due diligence processes, and audit requirements. Work closely with the Compliance Manager to strengthen information security processes, policies, and controls, ensuring alignment with standards such as ISO 27001 and supporting ongoing audit and certification activities. Manage day-to-day relationships with third-party security partners, ensuring findings and recommendations are understood, prioritised, and delivered internally. Budget ownership sits with the Director of Operations, but you will have significant influence over vendor selection, engagement scope, and prioritisation of third-party work.
• Group Alignment, Reporting & Continuous Improvement: Act as the central point of contact for security across the wider group, supporting alignment of security practices across acquired businesses and identifying opportunities to improve consistency in controls and processes. Provide clear visibility of security posture, risks, and progress, translating technical findings into actionable insights for stakeholders across the business. Identify opportunities to mature Eagle Eye’s security practices over time, introducing new processes, tooling, or capabilities as the business grows and the threat landscape evolves.

General responsibilities:

• Promote a culture of security awareness, ownership, and continuous improvement.
• Ensure security is embedded into day-to-day operations across the organisation.
• Balance risk reduction with business delivery.
• Act as the escalation point for high-priority security incidents raised by the SRE team supporting investigation and resolution. This is not a first-responder or on-call rota role, but you should be available for escalation when needed, with overtime paid for any out-of-hours involvement.
• Contribute to broader operational initiatives where security input is needed.

About you

You are a pragmatic, hands-on security professional who focuses on solving real problems. Comfortable working across multiple teams and influencing without authority. Able to prioritise based on risk and impact. An excellent communicator who can simplify complex topics. Collaborative, accountable, and focused on delivering outcomes over process. Comfortable operating as an individual contributor while building towards a function. English and French speaking (preferred).

You have:

• Strong experience in Cloud security (ideally within the Google Cloud Platform), Identity & Access Management (IAM), SaaS security, APIs and SSO.
• Comfortable writing scripts or using tooling to investigate vulnerabilities, automate security checks, and prototype solutions (e.g. Python, Bash, or similar).
• Experience working closely with engineering and operational teams.
• Proven ability to identify and reduce real-world security risk.
• Experience supporting audits, compliance, and security assurance activities across frameworks such as ISO 27001, SOC 2, and NIST, with familiarity with threat-led methodologies like MITRE ATT&CK and an awareness of emerging areas such as AI security.
• Experience in high-growth or complex environments.

Benefits:

• A competitive base salary.
• Bonus scheme with potential to earn up to 10% of salary dependent on your own personal behaviours, achievement of goals and company revenue targets.
• Hybrid working and the opportunity to travel for business.
• Generous annual leave package including 25 days paid annual leave and 5 days paid sick leave which if unused gets added to your annual leave the next year.
• Enhanced maternity/paternity leave and assistance in returning to work.
• Contributory pension.
• Support in continuous learning and self-development.
• Simplyhealth scheme including health care cash back, 24-hour access to virtual doctors appointments, and 24-hour employee assistance programme.
• Access to the paid Headspace app subscription.
• Mental Health First Aiders to support employee’s mental wellbeing.
• Employee Resource Groups focused on underrepresented groups in Eagle Eye, including Purple Women Charity Committee committed to organising events throughout the year to raise money for those less privileged.
• Cycle to work salary sacrifice scheme (via CycleScheme).
• Electric vehicle salary sacrifice scheme (via Octopus).
• A friendly, fun, growing team of people who work hard but love to play hard too, with bi-annual get-togethers.