Director of Security in London

PolyAI automates customer service through lifelike voice assistants that let customers lead a conversation. Our voice assistants make it possible for businesses to deliver outstanding customer service that rivals their human agents. Our customers, which include the world’s leading logos, are expanding how they use our platform, driving automation of critical customer service operations and integrating PolyAI into their daily customer service workflows.

We're looking for a technically strong security leader to own PolyAI's security function end-to-end. This is a hands-on role — you'll be expected to investigate incidents yourself, configure tooling directly, and earn credibility with our engineering org through technical depth, not just seniority. You'll start with one Security Engineer and scale deliberately.

What You'll Own

• Security strategy and roadmap — covering cloud infrastructure, AI/LLM pipelines, voice and telephony stack, and application security.
• Hands-on incident response — owning the playbook and running it; able to diagnose what happened without relying on engineering to interpret.
• Compliance program — SOC 2 Type II, ISO 27001, GDPR, and readiness for HIPAA and PCI DSS as we expand into healthcare and financial services.
• Architecture reviews — embedded in engineering and product decisions before deployment, not after; covering AI integrations, CCaaS partnerships, and third-party model supply chain.
• Security tooling — direct ownership of SIEM, MDM, IAM, secrets management, and endpoint protection.
• Customer security reviews — leading security due diligence.
• Security culture — practical training and awareness programmes; security that enables velocity rather than slowing it.

What You'll Bring

• Significant hands-on security experience — you've been in the technical weeds, not just in the governance layer.
• Cloud and application security depth (AWS, GCP, or Azure) — hard requirement.
• Experience securing engineering organisations at scale; able to review IaC, read code, and write a fix when needed.
• Strong compliance track record: SOC 2, ISO 27001, NIST; HIPAA/PCI working knowledge a plus.
• Leadership capability — can build and run a small team while remaining a strong individual contributor.
• Clear communicator: translates technical risk into business impact for executive and board audiences.

Nice to Have

• AI/ML security experience: prompt injection, model supply chain risk, LLM inference security.
• Voice or telephony security background: SIP, PSTN, real-time audio infrastructure.
• M&A security due diligence experience.
• CISSP, CISM, or CISA certification.

We offer competitive compensation based on experience, expertise, and the level of responsibility. This role also includes equity, giving you the opportunity to share in the long-term success of the business. The listed expectations reflect what we're hiring for, so we encourage you to review the job description carefully.

Benefits

• Participation in the company’s employee share options plan.
• Tenure-Based PTO: You will receive 25 holidays when you join and will gain an additional 1 day after 2 years of service, then 1 day each year until capped at 32 holidays.
• Flexible working from home policy.
• Work from outside of the UK for up to 6 months each year.
• TELUS Health EAP 24/7 - offers you and your chosen family confidential, judgment-free support for any work, health, or life challenge.
• Enhanced parental leave.
• Bike2Work scheme.
• Annual learning and development allowance.
• We’re all about making WFH work for you - that’s why we offer a one-off WFH allowance when you join. Offering perks like noise-cancelling headphones or a comfortable desk chair to boost your comfort and focus!
• Company-funded fertility and family-forming programmes.
• Menopause care programme with Maven.
• Private healthcare and dental cover, discounts on gym members and relaxation apps, and access to a range of mental health programs.
• Sabbatical Program: 5-week paid sabbatical available after 5 years of employment.

At PolyAI, we take great pride in our values - they guide everything we do. We believe that a strong culture leads to meaningful work and lasting impact. Our core values are:

• Only the best - We expect the best from our people, we hire people that expect the best from themselves, and we nurture this drive for excellence.
• Ownership - We care deeply about what we do. We take ownership of our initiatives, decisions and outcomes.
• Relentlessly improve - We demand more from ourselves and are always evolving. Continuous, obsessive improvement is the only way we will transform the world of conversational AI.
• Bias for action - Our world moves quickly and so do we. We take calculated risks and we deliver impact fast.
• Disagree and commit - We are all working toward the same goal. If we don’t agree with something, we work hard to understand it and when a decision is made, we accept it and give it our all.
• Build for people - We want the world to enjoy the experiences they have with us. We are building for a future that prefers automation.

PolyAI is proud to be an equal-opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees. All employment decisions at PolyAI will be based on the business needs without attention to ethnicity, religion, sexual orientation, gender identity, family or parental status, national origin, neurodiversity status or disability status.

Kindly find the Privacy Notice for our recruitment process by following the link here. This document provides important information regarding how we handle your personal data throughout the recruitment journey.