Head of IT Security in London

Who We Are: At Omaze, we give our community in the UK and Germany the chance to win luxury homes and other life-changing prizes — all while raising money for the causes they love. Thanks to our Omaze Community, we’ve raised over £100 million for UK charities in just five years. That’s millions helping organisations like Age UK, the RSPCA, British Heart Foundation and Great Ormond Street Hospital Charity deliver life-saving work. And the best part? We’re only just getting started. Omaze is building a business and culture committed to growth and creating significant social impact on a global scale.

About The Job: We’re looking for a Head of Security to take ownership of Omaze’s end-to-end security posture at a pivotal moment in our growth. As we scale, expand into new territories, and mature our operational foundations, security is moving from a shared responsibility to a critical, business-wide priority. Right now, it sits across Engineering and IT — but we need a dedicated leader to bring it together into a clear, structured, and scalable programme. This is a rare opportunity to build a security function from the ground up. You’ll define our strategy, implement the right controls, and establish the frameworks we need to support our next stage — from ISO 27001 certification to investor scrutiny. You’ll be just as comfortable operating at board level as you are rolling up your sleeves to get things done. At Omaze, everyone is hands-on — including our exec team — and this role is no exception.

What You’ll Be Doing:

• Owning Omaze’s security posture end-to-end across AWS, SaaS platforms, and employee devices
• Building and delivering a company-wide security strategy aligned to our growth, IPO readiness, and regulatory landscape
• Leading our ISO 27001 certification journey, including gap analysis, roadmap creation, and delivery
• Establishing and embedding a robust Information Security Management System (ISMS)
• Designing and implementing a formal GDPR and data protection programme
• Defining and owning our incident response plan — and leading response during security events
• Working with IT in MDM processes and strengthening endpoint security across the business
• Conducting security reviews across our infrastructure and tooling (AWS, Google Workspace, Slack, Shopify, Stripe, etc.)
• Owning relationships with external partners (e.g. auditors, pen testers, security vendors)
• Bringing clarity and visibility to risk through regular board-level reporting
• Building a strong security culture through awareness, education, and practical guidance
• Laying the foundations for a future security team

About You: You’ve operated in a senior security leadership role (Head of, Director, or similar), ideally in a high-growth or scaling tech environment. You’re experienced in building security programmes from scratch — not just maintaining them. You’ve successfully led or been deeply involved in ISO 27001 certification. You’re comfortable balancing strategic thinking with hands-on execution. You understand the realities of GDPR and data protection in a consumer-focused business. You’ve worked in environments preparing for major milestones like IPO, enterprise expansion, or regulatory scrutiny. You can confidently communicate with senior stakeholders, including execs, investors, and auditors. You’re pragmatic — you know how to prioritise and deliver impact without overcomplicating things. You’re naturally collaborative and can influence across Engineering, Product, Legal, and beyond. You care about building something meaningful and want to have a real impact on how we scale.

What’s In It For You: Generous stock options scheme, 25 days annual leave PLUS Bank Holidays, private medical and dental insurance, 9% employer pension contributions, when you contribute at least 2%, a generous personal learning and development budget each year to use on training courses, conferences and professional memberships, personal equipment budget to work from home, enhanced family leave policies, life assurance of 4x your salary.

DEI Statement: We actively seek out diversity of thought and experience to drive innovation. We welcome all backgrounds, identities, and perspectives and work hard to ensure that every Omaze employee can bring their authentic self to work at all times.