Find a job 
Featured Companies 
Featured Universities 
For Companies At a Glance
- Tasks: Lead and manage Information Security initiatives across the UK and Europe.
- Company: Join Cabot, a dynamic company focused on security excellence and compliance.
- Benefits: Enjoy travel opportunities, professional development, and a collaborative work environment.
- Why this job: Be part of a leadership team shaping cybersecurity strategies and making a real impact.
- Qualifications: 12+ years in Information Security with strong leadership and communication skills required.
- Other info: Must have professional security certifications like CISSP, CISM, or CISA.
The predicted salary is between 72000 - 108000 £ per year.
An exciting opportunity has arisen for a Head of Information Security within Cabot. This is a permanent role, with travel to Kings Hill, London, and within Europe required.
Job Purpose
To act as the primary Information Security business partner in the UK and Europe for all Cabot security activities. The role involves prioritizing activities to ensure the effectiveness of Information Security and Cybersecurity controls, working with risk and control owners to evaluate control design, effectiveness, and standards. Key focus areas include compliance, operational performance, and enterprise information and cyber risk. The individual must balance these elements while aligning with the Global InfoSec strategy and objectives. The Head of Information Security will also plan for new requirements and work with business leaders to meet the goals of Encore and Cabot securely and compliantly.
Key Accountabilities & Responsibilities
- Member of the Encore InfoSec leadership team, supporting Cabot Group
- Responsible for the security service quality provided to Business Units from internal, shared, and external resources
- Manage executive reporting and strategic decision-making/communications
- Support BU leaders with specific InfoSec responsibilities, including UK FCA SMCR and Ireland CBI SEAR compliance, through effective risk management and issue escalation
- Ensure timely resolution of risk events, audit, risk, and compliance actions
- Deliver regulatory responsibilities, including completing required training and documentation for Fitness and Propriety activities
- Manage and develop direct and matrixed team members, inspiring excellence and supporting daily responsibilities
- Maintain awareness of emerging cybersecurity insurance requirements and prioritize related maturity activities
- Support ongoing programs aligning with ISO 27001, SOC2, PCI, SOX404, GDPR, CCPA, and other regional requirements
- Track progress against enterprise security strategy and goals
- Collaborate with CISO, IT Risk, Compliance, and the InfoSec Program Office to develop governance and compliance strategies
- Advise and educate stakeholders on InfoSec trends and technologies
- Coordinate security risk metrics and measurements across Business Units
- Oversee internal and customer security assessments to ensure policy and control compliance
- Collaborate with IT and business teams to ensure security controls are effective and functioning as intended
- Support the CISO in consolidating and harmonizing security policies, standards, processes, and tools
Person Specification
- 12+ years in Information Security, preferably in leadership roles with executive and board reporting experience
- 10+ years experience in security policy areas like ISO, NIST, COSO, COBIT, PCI, FFIEC, SOX, SSAE16, and others
- At least 7+ years in IT audit, risk management, and compliance within Information Security
- Ability to translate technical risk into business risk and communicate impacts effectively
- Strong analytical, technical, and assessment skills
- Excellent organizational and documentation skills
- Strong project management skills highly desired
- Proven ability to manage priorities and work independently in a dynamic environment
- Strong business acumen to balance value and risk
- Excellent communication skills for technical and non-technical audiences, including executives
- Ability to develop and document policies, standards, and guidelines
- Professional security or compliance certifications such as CISSP, CISM, or CISA are required or achievable
Head of Information Security employer: Encore Capital Group
Contact Detail:
Encore Capital Group Recruiting Team
StudySmarter Expert Advice 🤫
We think this is how you could land Head of Information Security
✨Tip Number 1
Network with professionals in the Information Security field, especially those who have experience in leadership roles. Attend industry conferences or webinars to connect with potential colleagues and learn about the latest trends and challenges in cybersecurity.
✨Tip Number 2
Familiarise yourself with the specific compliance frameworks mentioned in the job description, such as ISO 27001 and GDPR. Being able to discuss these frameworks in detail during interviews will demonstrate your expertise and readiness for the role.
✨Tip Number 3
Prepare to showcase your experience in managing teams and projects effectively. Think of examples where you led initiatives that improved security measures or compliance, as this will highlight your leadership capabilities.
✨Tip Number 4
Stay updated on emerging cybersecurity threats and insurance requirements. Being knowledgeable about current issues will allow you to engage in meaningful discussions during interviews and show that you are proactive in your approach to information security.
We think you need these skills to ace Head of Information Security
Some tips for your application 🫡
Tailor Your CV: Make sure your CV highlights relevant experience in Information Security, especially leadership roles. Emphasise your familiarity with compliance standards like ISO, NIST, and GDPR, as well as your ability to communicate technical risks to non-technical audiences.
Craft a Compelling Cover Letter: In your cover letter, express your passion for Information Security and how your background aligns with the role's responsibilities. Mention specific achievements that demonstrate your ability to manage security services and collaborate with business leaders.
Highlight Relevant Certifications: Clearly list any professional security or compliance certifications you hold, such as CISSP, CISM, or CISA. If you are working towards these certifications, mention that as well, as it shows your commitment to professional development.
Showcase Leadership Experience: Detail your experience in managing teams and projects within Information Security. Provide examples of how you've inspired excellence and supported team members in achieving their goals, as this is crucial for the Head of Information Security role.
How to prepare for a job interview at Encore Capital Group
✨Understand the Role Thoroughly
Before the interview, make sure you have a deep understanding of the Head of Information Security role. Familiarise yourself with the key responsibilities and accountabilities mentioned in the job description, such as compliance with regulations like ISO 27001 and GDPR, and be prepared to discuss how your experience aligns with these requirements.
✨Showcase Your Leadership Experience
Given that this role involves managing teams and collaborating with various business units, be ready to share specific examples of your leadership experience. Highlight instances where you've inspired excellence in your team or successfully managed cross-functional projects, especially in high-pressure environments.
✨Prepare for Technical Questions
Expect technical questions related to information security frameworks and compliance standards. Brush up on your knowledge of ISO, NIST, and other relevant policies. Be prepared to explain how you would approach risk management and compliance challenges, translating technical risks into business impacts.
✨Communicate Effectively with Diverse Audiences
Since the role requires communication with both technical and non-technical stakeholders, practice articulating complex security concepts in simple terms. Prepare to demonstrate your excellent communication skills by discussing how you've effectively communicated security strategies to executives or non-technical teams in the past.
