At a Glance
- Tasks: Lead and build Zinc's information security function in a fast-growing environment.
- Company: Join a dynamic, AI-native tech company focused on innovation and security.
- Benefits: Competitive salary, growth opportunities, and a chance to shape security strategy.
- Other info: Work closely with senior leaders and influence security governance in a collaborative culture.
- Why this job: Make a real impact by defining security at Zinc's scale and driving business enablement.
- Qualifications: 5+ years in information security with leadership experience; AI literacy is essential.
The predicted salary is between 80000 - 100000 £ per year.
This is a step-up role. We're not looking for someone who has already done this job at a mature enterprise - we're looking for someone who is ready to own it now: hands-on, curious, and comfortable with the AI-native ways of working that define how Zinc operates. If you want to build something, not just inherit it, this is the role for you.
Requirements:
- 5+ years in information security, with at least 2 years in a leadership or senior practitioner role - SOC management, security architecture, penetration testing, or engineering.
- Ready to step up - you've been a senior practitioner and you're ready to own the function.
- AI literate - you understand the security implications of LLMs, AI tooling, agentic workflows, shadow AI, and third-party SaaS risk. This is not optional at Zinc.
- High EQ - you'll inherit an existing team member who is professional, capable, and ambitious. How you lead that relationship matters more than your CV.
- Strong communicator - you'll be speaking to auditors, customers, and a non-technical leadership team. You need to translate risk into language that drives decisions.
- Compliance-aware, not compliance-driven - you understand the standards but you lead with risk, not box-ticking.
- Comfortable with ambiguity - the playbook is incomplete. You'll write it.
- (Desirable) Experience in a fast-growing global SaaS business.
- (Desirable) Familiarity with DevSecOps and secure development lifecycle practices.
- (Desirable) Relevant certifications (CISSP, CISM, or similar).
- (Desirable) Experience with cloud security (AWS, Azure, or GCP).
What the job involves:
- Zinc has grown to 150+ people, we're scaling fast, and our information security function needs to grow with us. We need to continue maturing our InfoSec function in line with our rate of growth.
- We're hiring a Head of Information Security - the person who will own this function, define what good looks like at Zinc's scale, and build the credibility internally and externally that our customers, partners, and regulators expect.
- You’ll report into our General Counsel and work closely with our AI & Automation lead, operating in an environment where security is understood as a business enabler, not a blocker.
- Establishing security maturity - your first 90 days are about understanding what good looks like at our stage and mapping the path to get there.
- AI security governance - you'll be in the room with our COO and AI lead regarding adoption decisions from day one.
- Incident management ownership - you're the lead on any material incident. Set up the playbooks, own the response.
- Building the function - you'll have one direct report, our InfoSec Manager. Your job is to define what this function needs to look like in 2-3 years, and start executing.
- Information security strategy - defining and owning the multi-year roadmap.
- Security architecture - reviewing and advising on technical design decisions, embedding security by design across products and platforms.
- Risk management - maintaining the risk register, identifying, prioritising, and tracking the things that actually matter.
- Compliance programmes - ISO 27001, SOC 2, and relevant sector standards; in close partnership with our Compliance team.
- Incident management - owning major incident response; first port of call in a crisis.
- Customer and supplier security - security questionnaires, diligence requests, contractual requirements.
- Third-party risk - vendor security assessment and ongoing monitoring.
- Security awareness - training, culture, getting the business to care.
- Budget - managing the InfoSec budget and investment cases, aligned to Zinc's risk profile.
Head of Information Security employer: Zinc Work
Zinc is an exceptional employer for those looking to make a significant impact in the field of information security. With a fast-paced, AI-native work environment, employees are encouraged to innovate and build from the ground up, fostering a culture of collaboration and growth. The company prioritises professional development, offering opportunities to lead critical initiatives while working alongside a talented team, all within a supportive atmosphere that values communication and risk management.
StudySmarter Expert Advice🤫
We think this is how you could land Head of Information Security
✨Tip Number 1
Get your networking game on! Connect with folks in the industry, especially those already at Zinc or similar companies. A friendly chat can open doors and give you insights that a job description just can't.
✨Tip Number 2
Show off your hands-on experience! When you get the chance to chat with hiring managers, share specific examples of how you've built or improved security functions. We want to see your passion for creating something great!
✨Tip Number 3
Brush up on your communication skills. You'll need to explain complex security concepts to non-techies, so practice translating technical jargon into everyday language. This will help you stand out as a strong communicator.
✨Tip Number 4
Don't forget to apply through our website! It’s the best way to ensure your application gets seen by the right people. Plus, it shows you're genuinely interested in being part of the Zinc team.
We think you need these skills to ace Head of Information Security
Some tips for your application 🫡
Show Your Hands-On Experience:We want to see that you've built and broken things in the info security space. Highlight your practical experience, especially in leadership roles, and don’t shy away from sharing specific examples of your hands-on work.
Communicate Clearly:As a strong communicator, you’ll need to translate complex security concepts into simple language. Make sure your application reflects this skill; clarity is key when you're talking to non-technical folks or auditors.
Emphasise Your Curiosity:We're looking for someone who's curious and ready to own the function. In your application, express your eagerness to learn and adapt, especially in the fast-paced world of AI and security.
Apply Through Our Website:We encourage you to apply directly through our website. It’s the best way for us to receive your application and ensures you’re considered for this exciting opportunity at Zinc!
How to prepare for a job interview at Zinc Work
✨Show Your Hands-On Experience
Make sure to highlight your practical experience in information security. Talk about specific projects where you've built or broken systems, and how that hands-on approach has shaped your understanding of security challenges.
✨Demonstrate AI Literacy
Since Zinc is AI-native, it's crucial to discuss your understanding of AI security implications. Be prepared to explain how you would manage risks associated with LLMs and third-party SaaS tools, showcasing your ability to navigate this modern landscape.
✨Communicate Effectively
You'll need to translate complex security concepts into language that resonates with non-technical stakeholders. Practice explaining risk management and compliance in straightforward terms, as this will be key in your interactions with auditors and leadership.
✨Embrace Ambiguity
Zinc is looking for someone who can thrive in an incomplete playbook environment. Share examples of how you've successfully navigated uncertainty in previous roles, and outline your approach to defining and executing a security strategy from scratch.
