At a Glance
- Tasks: Lead and develop Zinc's information security function as we scale rapidly.
- Company: Join a fast-growing tech company focused on innovative data ownership solutions.
- Benefits: Enjoy 24 days holiday, early finish Fridays, and a £1200 annual benefits allowance.
- Other info: Dynamic role with excellent growth opportunities and a supportive team culture.
- Why this job: Shape the future of InfoSec in an AI-native environment and make a real impact.
- Qualifications: 5+ years in InfoSec with leadership experience; AI literacy is a must.
The predicted salary is between 95000 - 95000 £ per year.
Zinc has grown to 150+ people, we're scaling fast, and our information security function needs to grow with us. We need to continue maturing our InfoSec function in line with our rate of growth. That changes now. We're hiring a Head of Information Security - the person who will own this function, define what good looks like at Zinc's scale, and build the credibility internally and externally that our customers, partners, and regulators expect. You’ll report into our General Counsel and work closely with our AI & Automation lead, operating in an environment where security is understood as a business enabler, not a blocker. This is a step-up role. We're not looking for someone who has already done this job at a mature enterprise - we're looking for someone who is ready to own it now: hands‑on, curious, and comfortable with the AI‑native ways of working that define how Zinc operates. If you want to build something, not just inherit it, this is the role for you.
WHAT YOU WILL FOCUS ON FIRST
- Establishing security maturity - understanding what good looks like at our stage and mapping the path to get there.
- AI security governance - partnering with our COO and AI lead regarding adoption decisions from day one.
- Incident management ownership - leading on any material incident and owning the response.
- Building the function - defining what this function needs to look like in 2‑3 years, and start executing.
Key Responsibilities
- Information security strategy - defining and owning the multi‑year roadmap.
- Security architecture - reviewing and advising on technical design decisions, embedding security by design across products and platforms.
- Risk management - maintaining the risk register, identifying, prioritising, and tracking the things that actually matter.
- Compliance programmes - ISO 27001, SOC 2, and relevant sector standards; in close partnership with our Compliance team.
- Incident management - owning major incident response; first port of call in a crisis.
- AI security governance - partnering with our AI & Automation lead on safe AI adoption at Zinc.
- Customer and supplier security - handling security questionnaires, diligence requests, and contractual requirements.
- Third‑party risk - vendor security assessment and ongoing monitoring.
- Security awareness - training, culture, getting the business to care.
- Budget - managing the InfoSec budget and investment cases, aligned to Zinc's risk profile.
Skills, Knowledge and Expertise
- 5+ years in information security, with at least 2 years in a leadership or senior practitioner role - SOC management, security architecture, penetration testing, or engineering.
- Ready to step up - you've been a senior practitioner and you're ready to own the function.
- AI literate - understanding the security implications of LLMs, AI tooling, agentic workflows, shadow AI, and third‑party SaaS risk.
- High EQ - leading an existing team member who is professional, capable, and ambitious.
- Strong communicator - translating risk into language that drives decisions.
- Compliance‑aware, not compliance‑driven - leading with risk, not box‑ticking.
- Comfortable with ambiguity - writing the playbook.
Desirable
- Experience in a fast‑growing global SaaS business.
- Familiarity with DevSecOps and secure development lifecycle practices.
- Relevant certifications (CISSP, CISM, or similar).
- Experience with cloud security (AWS, Azure, or GCP).
What we offer
- 24 days holiday + Bank Holidays + your birthday off.
- £1200 annual benefits allowance (ThanksBen, from month 2).
- Early finish Fridays (16:00).
- Yearly company retreat abroad.
- 30 days to Work from anywhere.
- Enhanced Maternity, Paternity, and Adoption Leave (2 months full pay, then statutory).
- Statutory pension with NEST (3% employer, 5% employee).
- Zinc shares, issued through the EMI Scheme.
- Unlimited access to MoreHappi coaching.
- Company socials, quarterly team socials.
- Free Monday lunches.
- Nursery workplace benefit scheme (Yellownest).
- Option to lease an electric car through Electric Car Scheme.
- Celebrated Zinc anniversaries.
Head of Information Security employer: Zinc Work Limited
Zinc is an exceptional employer that fosters a dynamic and innovative work culture, particularly for the Head of Information Security role. With a focus on employee growth and development, Zinc offers a range of benefits including 24 days holiday, early finish Fridays, and a generous annual benefits allowance, all while promoting a collaborative environment where security is seen as a business enabler. Located in London, this fast-growing company provides unique opportunities to shape the future of information security in an AI-native context, making it an ideal place for those looking to make a meaningful impact.
StudySmarter Expert Advice🤫
We think this is how you could land Head of Information Security
✨Tip Number 1
Network like a pro! Get out there and connect with people in the InfoSec field. Attend industry events, join relevant online forums, and don’t be shy about reaching out on LinkedIn. You never know who might have the inside scoop on job openings or can put in a good word for you.
✨Tip Number 2
Show off your skills! Prepare a portfolio that highlights your past projects and achievements in information security. This could include case studies, incident management examples, or even presentations you've given. When you get the chance to chat with potential employers, let your work speak for itself.
✨Tip Number 3
Be ready for the interview! Research Zinc’s current InfoSec challenges and think about how you can contribute. Prepare to discuss your vision for building the function and how you’d handle AI security governance. Show them you’re not just looking for a job, but you’re excited to help them grow.
✨Tip Number 4
Apply through our website! It’s the best way to ensure your application gets seen by the right people. Plus, it shows you’re genuinely interested in being part of the Zinc team. Don’t forget to follow up after applying; a little persistence can go a long way!
We think you need these skills to ace Head of Information Security
Some tips for your application 🫡
Tailor Your CV:Make sure your CV reflects the skills and experiences that align with the Head of Information Security role. Highlight your leadership experience and any hands-on security projects you've tackled, especially in fast-growing environments like Zinc.
Craft a Compelling Cover Letter:Your cover letter is your chance to show us your personality and passion for the role. Explain why you're excited about building the InfoSec function at Zinc and how your background makes you the perfect fit for this challenge.
Showcase Your AI Knowledge:Since we're an AI-native company, it's crucial to demonstrate your understanding of AI security implications. Share examples of how you've navigated security challenges in AI contexts or how you plan to approach them at Zinc.
Apply Through Our Website:We encourage you to apply directly through our website. It’s the best way for us to receive your application and ensures you’re considered for the role. Plus, it shows us you’re keen on joining the Zinc team!
How to prepare for a job interview at Zinc Work Limited
✨Know Your InfoSec Fundamentals
Make sure you brush up on the core principles of information security, especially in relation to AI and cloud environments. Be ready to discuss how you would establish security maturity at Zinc and what good looks like for a fast-scaling company.
✨Showcase Your Leadership Style
Since this is a step-up role, it's crucial to demonstrate your leadership capabilities. Prepare examples of how you've built teams or functions in the past, and be ready to discuss how you plan to lead the existing InfoSec Manager and shape the function for the future.
✨Communicate Clearly and Effectively
You'll need to translate complex security concepts into language that resonates with non-technical stakeholders. Practice explaining risk management and compliance in simple terms, as you'll be interacting with auditors, customers, and the leadership team.
✨Prepare for Scenario-Based Questions
Expect questions about incident management and AI security governance. Think through potential scenarios you might face at Zinc and how you would handle them. This will show your readiness to take ownership and act decisively when it matters.
