At a Glance
- Tasks: Lead and develop Zinc's information security function as we scale rapidly.
- Company: Join a fast-growing tech company focused on innovative data ownership solutions.
- Benefits: Enjoy 24 days holiday, early finish Fridays, and a £1200 annual benefits allowance.
- Other info: Dynamic role with excellent growth opportunities and a supportive team culture.
- Why this job: Shape the future of InfoSec in an AI-native environment and make a real impact.
- Qualifications: 5+ years in InfoSec with leadership experience; AI literacy is a must.
The predicted salary is between 95000 - 95000 £ per year.
Zinc has grown to 150+ people, we're scaling fast, and our information security function needs to grow with us. We need to continue maturing our InfoSec function in line with our rate of growth. That changes now. We're hiring a Head of Information Security - the person who will own this function, define what good looks like at Zinc's scale, and build the credibility internally and externally that our customers, partners, and regulators expect. You’ll report into our General Counsel and work closely with our AI & Automation lead, operating in an environment where security is understood as a business enabler, not a blocker. This is a step-up role. We're not looking for someone who has already done this job at a mature enterprise - we're looking for someone who is ready to own it now: hands‑on, curious, and comfortable with the AI‑native ways of working that define how Zinc operates. If you want to build something, not just inherit it, this is the role for you.
WHAT YOU WILL FOCUS ON FIRST
- Establishing security maturity - Zinc is scaling fast, and we need our InfoSec function to keep pace. Your first 90 days are about understanding what good looks like at our stage and mapping the path to get there.
- AI security governance - Zinc is AI‑native, which is an opportunity and a responsibility. You'll be in the room with our COO and AI lead regarding adoption decisions from day one.
- Incident management ownership - you're the lead on any material incident. Not managing every P3/P4, but the name at the top of the escalation when it matters. Set up the playbooks, own the response.
- Building the function - you'll have one direct report, our InfoSec Manager. Your job is to define what this function needs to look like in 2‑3 years, and start executing.
Key Responsibilities
- Information security strategy - defining and owning the multi‑year roadmap
- Security architecture - reviewing and advising on technical design decisions, embedding security by design across products and platforms
- Risk management - maintaining the risk register, identifying, prioritising, and tracking the things that actually matter
- Compliance programmes - ISO 27001, SOC 2, and relevant sector standards; in close partnership with our Compliance team
- Incident management - owning major incident response; first port of call in a crisis
- AI security governance - partnering with our AI & Automation lead on safe AI adoption at Zinc
- Customer and supplier security - security questionnaires, diligence requests, contractual requirements
- Third‑party risk - vendor security assessment and ongoing monitoring
- Security awareness - training, culture, getting the business to care
- Budget - managing the InfoSec budget and investment cases, aligned to Zinc's risk profile
Skills, Knowledge and Expertise
- 5+ years in information security, with at least 2 years in a leadership or senior practitioner role - SOC management, security architecture, penetration testing, or engineering. You've built things and broken things, not just written about them.
- Ready to step up - you've been a senior practitioner and you're ready to own the function.
- AI literate - you understand the security implications of LLMs, AI tooling, agentic workflows, shadow AI, and third‑party SaaS risk. This is not optional at Zinc.
- High EQ - you'll inherit an existing team member who is professional, capable, and ambitious. How you lead that relationship matters more than your CV.
- Strong communicator - you'll be speaking to auditors, customers, and a non‑technical leadership team. You need to translate risk into language that drives decisions.
- Compliance‑aware, not compliance‑driven - you understand the standards but you lead with risk, not box‑ticking.
- Comfortable with ambiguity - the playbook is incomplete. You'll write it.
Desirable
- Experience in a fast‑growing global SaaS business
- Familiarity with DevSecOps and secure development lifecycle practices
- Relevant certifications (CISSP, CISM, or similar)
- Experience with cloud security (AWS, Azure, or GCP)
What we offer
- 24 days holiday + Bank Holidays + your birthday off
- £1200 annual benefits allowance (ThanksBen, from month 2)
- Early finish Fridays (16:00)
- Yearly company retreat abroad
- 30 days to Work from anywhere
- Enhanced Maternity, Paternity, and Adoption Leave (2 months full pay, then statutory)
- Statutory pension with NEST (3% employer, 5% employee)
- Zinc shares, issued through the EMI Scheme
- Unlimited access to MoreHappi coaching
- Company socials, quarterly team socials
- Free Monday lunches
- Nursery workplace benefit scheme (Yellownest)
- Option to lease an electric car through Electric Car Scheme
- Celebrated Zinc anniversaries
Head of Information Security employer: Zinc
Zinc is an exceptional employer that fosters a dynamic and innovative work culture, particularly for the Head of Information Security role. With a focus on employee growth and development, Zinc offers a range of benefits including generous holiday allowances, flexible working options, and opportunities for professional advancement in a fast-paced, AI-native environment. The company's commitment to building a supportive community is evident through regular team socials and unique perks like enhanced parental leave and wellness coaching, making it an attractive place for those seeking meaningful and rewarding employment.
StudySmarter Expert Advice🤫
We think this is how you could land Head of Information Security
✨Tip Number 1
Network like a pro! Get out there and connect with folks in the InfoSec community. Attend meetups, webinars, or even just grab a coffee with someone in the field. Building relationships can open doors that a CV just can't.
✨Tip Number 2
Show off your skills! If you’ve got hands-on experience, don’t be shy about it. Share your projects, write articles, or even create videos explaining complex security concepts. This not only showcases your expertise but also demonstrates your passion for the field.
✨Tip Number 3
Prepare for the interview like it’s a big game! Research Zinc’s current InfoSec practices and think about how you can contribute to their growth. Be ready to discuss your vision for the role and how you can help them scale securely.
✨Tip Number 4
Apply through our website! It’s the best way to ensure your application gets seen by the right people. Plus, it shows you’re genuinely interested in being part of the Zinc team. Don’t miss out on this opportunity!
We think you need these skills to ace Head of Information Security
Some tips for your application 🫡
Tailor Your Application:Make sure to customise your CV and cover letter for the Head of Information Security role. Highlight your relevant experience in information security, especially any leadership roles you've had. We want to see how your skills align with what we're looking for at Zinc!
Show Your Passion for AI Security:Since we're an AI-native company, it's crucial to demonstrate your understanding of AI security implications. Share examples of how you've navigated AI-related challenges in your previous roles. This will show us you're ready to tackle the unique opportunities and responsibilities at Zinc.
Be Clear and Concise:When writing your application, keep it straightforward and to the point. Use clear language to explain your achievements and how they relate to the role. We appreciate strong communicators who can translate complex ideas into simple terms, so let that shine through!
Apply Through Our Website:We encourage you to submit your application directly through our website. This helps us streamline the process and ensures your application gets the attention it deserves. Plus, it’s super easy to do – just follow the prompts and you’ll be on your way!
How to prepare for a job interview at Zinc
✨Know Your InfoSec Fundamentals
Make sure you brush up on the core principles of information security, especially in relation to AI and cloud environments. Be ready to discuss how you would establish security maturity at Zinc and what good looks like for a fast-scaling company.
✨Showcase Your Leadership Style
Since this is a step-up role, it's crucial to demonstrate your leadership capabilities. Prepare examples of how you've built teams or functions in the past, and be ready to discuss how you plan to lead the existing InfoSec Manager and shape the function for the future.
✨Communicate Clearly and Effectively
You'll need to translate complex security concepts into language that resonates with non-technical stakeholders. Practice explaining risk management and compliance in simple terms, as you'll be interacting with auditors, customers, and the leadership team.
✨Prepare for Scenario-Based Questions
Expect questions about incident management and AI security governance. Think through potential scenarios you might face at Zinc and how you would handle them. This will show your readiness to take ownership and act decisively when it matters.
