Head of Information Security in London

Zinc has grown to 150+ people, we're scaling fast, and our information security function needs to grow with us. We need to continue maturing our InfoSec function in line with our rate of growth. That changes now. We're hiring a Head of Information Security - the person who will own this function, define what good looks like at Zinc's scale, and build the credibility internally and externally that our customers, partners, and regulators expect. You’ll report into our General Counsel and work closely with our AI & Automation lead, operating in an environment where security is understood as a business enabler, not a blocker. This is a step-up role. We're not looking for someone who has already done this job at a mature enterprise - we're looking for someone who is ready to own it now: hands-on, curious, and comfortable with the AI-native ways of working that define how Zinc operates. If you want to build something, not just inherit it, this is the role for you.

WHAT YOU WILL FOCUS ON FIRST

• Establishing security maturity - Zinc is scaling fast, and we need our InfoSec function to keep pace. Your first 90 days are about understanding what good looks like at our stage and mapping the path to get there.
• AI security governance - Zinc is AI-native, which is an opportunity and a responsibility. You'll be in the room with our COO and AI lead regarding adoption decisions from day one.
• Incident management ownership - you're the lead on any material incident. Not managing every P3/P4, but the name at the top of the escalation when it matters. Set up the playbooks, own the response.
• Building the function - you'll have one direct report, our InfoSec Manager. Your job is to define what this function needs to look like in 2-3 years, and start executing.

Key Responsibilities

• Information security strategy - defining and owning the multi-year roadmap
• Security architecture - reviewing and advising on technical design decisions, embedding security by design across products and platforms
• Risk management - maintaining the risk register, identifying, prioritising, and tracking the things that actually matter
• Compliance programmes - ISO 27001, SOC 2, and relevant sector standards; in close partnership with our Compliance team
• Incident management - owning major incident response; first port of call in a crisis
• AI security governance - partnering with our AI & Automation lead on safe AI adoption at Zinc
• Customer and supplier security - security questionnaires, diligence requests, contractual requirements
• Third-party risk - vendor security assessment and ongoing monitoring
• Security awareness - training, culture, getting the business to care
• Budget - managing the InfoSec budget and investment cases, aligned to Zinc's risk profile

Skills, Knowledge and Expertise

• 5+ years in information security, with at least 2 years in a leadership or senior practitioner role - SOC management, security architecture, penetration testing, or engineering. You've built things and broken things, not just written about them.
• Ready to step up - you've been a senior practitioner and you're ready to own the function.
• AI literate - you understand the security implications of LLMs, AI tooling, agentic workflows, shadow AI, and third-party SaaS risk. This is not optional at Zinc.
• High EQ - you'll inherit an existing team member who is professional, capable, and ambitious. How you lead that relationship matters more than your CV.
• Strong communicator - you'll be speaking to auditors, customers, and a non-technical leadership team. You need to translate risk into language that drives decisions.
• Compliance-aware, not compliance-driven - you understand the standards but you lead with risk, not box-ticking.
• Comfortable with ambiguity - the playbook is incomplete. You'll write it.

Desirable:

• Experience in a fast-growing global SaaS business
• Familiarity with DevSecOps and secure development lifecycle practices
• Relevant certifications (CISSP, CISM, or similar)
• Experience with cloud security (AWS, Azure, or GCP)

What we offer

• Zinc offers a chance to work on a product that brings a fresh perspective on data ownership in hiring
• 24 days holiday + Bank Holidays + your birthday off
• £1200 annual benefits allowance (ThanksBen, from month 2)
• Early finish Fridays (16:00)
• Yearly company retreat abroad
• 30 days to Work from anywhere
• Enhanced Maternity, Paternity, and Adoption Leave (2 months full pay, then statutory)
• Statutory pension with NEST (3% employer, 5% employee)
• Zinc shares, issued through the EMI Scheme
• Unlimited access to MoreHappi coaching
• Company socials, quarterly team socials
• Free Monday lunches
• Nursery workplace benefit scheme (Yellownest)
• Option to lease an electric car through Electric Car Scheme
• Celebrated Zinc anniversaries