At a Glance
- Tasks: Lead and build the information security function in a fast-growing tech environment.
- Company: Join Zinc, an innovative AI-native company scaling rapidly.
- Benefits: Competitive salary, dynamic work culture, and opportunities for professional growth.
- Other info: Work closely with senior leaders and drive security as a business enabler.
- Why this job: Shape the future of security at Zinc and make a real impact.
- Qualifications: 5+ years in information security with leadership experience; AI literacy is essential.
The predicted salary is between 80000 - 100000 £ per year.
This is a step-up role. We're not looking for someone who has already done this job at a mature enterprise - we're looking for someone who is ready to own it now: hands-on, curious, and comfortable with the AI-native ways of working that define how Zinc operates. If you want to build something, not just inherit it, this is the role for you.
Requirements:
- 5+ years in information security, with at least 2 years in a leadership or senior practitioner role - SOC management, security architecture, penetration testing, or engineering.
- Ready to step up - you've been a senior practitioner and you're ready to own the function.
- AI literate - you understand the security implications of LLMs, AI tooling, agentic workflows, shadow AI, and third-party SaaS risk. This is not optional at Zinc.
- High EQ - you'll inherit an existing team member who is professional, capable, and ambitious. How you lead that relationship matters more than your CV.
- Strong communicator - you'll be speaking to auditors, customers, and a non-technical leadership team. You need to translate risk into language that drives decisions.
- Compliance-aware, not compliance-driven - you understand the standards but you lead with risk, not box-ticking.
- Comfortable with ambiguity - the playbook is incomplete. You'll write it.
- (Desirable) Experience in a fast-growing global SaaS business.
- (Desirable) Familiarity with DevSecOps and secure development lifecycle practices.
- (Desirable) Relevant certifications (CISSP, CISM, or similar).
- (Desirable) Experience with cloud security (AWS, Azure, or GCP).
What the job involves:
- Zinc has grown to 150+ people, we're scaling fast, and our information security function needs to grow with us. We need to continue maturing our InfoSec function in line with our rate of growth.
- We're hiring a Head of Information Security - the person who will own this function, define what good looks like at Zinc's scale, and build the credibility internally and externally that our customers, partners, and regulators expect.
- You’ll report into our General Counsel and work closely with our AI & Automation lead, operating in an environment where security is understood as a business enabler, not a blocker.
- Establishing security maturity - your first 90 days are about understanding what good looks like at our stage and mapping the path to get there.
- AI security governance - you'll be in the room with our COO and AI lead regarding adoption decisions from day one.
- Incident management ownership - you're the lead on any material incident. Set up the playbooks, own the response.
- Building the function - you'll have one direct report, our InfoSec Manager. Your job is to define what this function needs to look like in 2-3 years, and start executing.
- Information security strategy - defining and owning the multi-year roadmap.
- Security architecture - reviewing and advising on technical design decisions, embedding security by design across products and platforms.
- Risk management - maintaining the risk register, identifying, prioritising, and tracking the things that actually matter.
- Compliance programmes - ISO 27001, SOC 2, and relevant sector standards; in close partnership with our Compliance team.
- Incident management - owning major incident response; first port of call in a crisis.
- Customer and supplier security - security questionnaires, diligence requests, contractual requirements.
- Third-party risk - vendor security assessment and ongoing monitoring.
- Security awareness - training, culture, getting the business to care.
- Budget - managing the InfoSec budget and investment cases, aligned to Zinc's risk profile.
Head of Information Security in London employer: Zinc Work
Zinc is an exceptional employer for those looking to make a significant impact in the field of information security. With a fast-paced, AI-native work environment, employees are encouraged to innovate and build from the ground up, fostering a culture of collaboration and growth. The company prioritises professional development, offering opportunities to lead and shape the future of its InfoSec function while working alongside a talented team in a supportive atmosphere.
StudySmarter Expert Advice🤫
We think this is how you could land Head of Information Security in London
✨Tip Number 1
Get your networking game on! Connect with folks in the industry, especially those already at Zinc or similar companies. A friendly chat can open doors and give you insights that a job description just can't.
✨Tip Number 2
Show off your hands-on experience! When you get the chance to chat with hiring managers, share specific examples of how you've built or improved security functions. We want to see your passion for creating something great!
✨Tip Number 3
Brush up on your communication skills. You'll need to explain complex security concepts to non-techies, so practice translating tech jargon into everyday language. This will help you stand out as a strong communicator.
✨Tip Number 4
Don't forget to apply through our website! It’s the best way to ensure your application gets seen by the right people. Plus, it shows you're genuinely interested in being part of the Zinc team.
We think you need these skills to ace Head of Information Security in London
Some tips for your application 🫡
Show Your Hands-On Experience:We want to see that you've not just talked about security but have actually built and broken things. Highlight your practical experience in your application, especially in areas like SOC management or penetration testing.
Communicate Clearly:As a strong communicator, you’ll need to translate complex security risks into simple terms for non-technical folks. Make sure your application reflects your ability to convey important information clearly and effectively.
Emphasise Your Curiosity:We're looking for someone who's curious and ready to own the function. In your application, share examples of how you've tackled ambiguity and taken initiative in past roles. Show us you're ready to build something new!
Apply Through Our Website:We encourage you to apply directly through our website. It’s the best way for us to receive your application and ensures you don’t miss out on any important updates from our team.
How to prepare for a job interview at Zinc Work
✨Know Your Stuff
Make sure you brush up on your information security knowledge, especially around AI-native practices. Be ready to discuss your hands-on experience in SOC management, security architecture, and incident management. They want someone who can build and break things, so have some examples ready!
✨Show Your Leadership Skills
This role is all about owning the function and leading a team. Think about how you've managed relationships in the past, especially with existing team members. Prepare to share how you would approach leading a capable and ambitious individual while fostering a positive team dynamic.
✨Communicate Clearly
You’ll need to translate complex security risks into language that resonates with non-technical stakeholders. Practice explaining technical concepts in simple terms, as you'll be speaking to auditors, customers, and leadership. Clear communication is key!
✨Embrace Ambiguity
Zinc is looking for someone comfortable with an incomplete playbook. Be prepared to discuss how you’ve navigated uncertainty in previous roles and how you plan to establish security maturity in a fast-growing environment. Show them you’re ready to write the playbook!
