Head of Security

🔥 0 minutes ago

🇬🇧 United Kingdom – Remote

⏰ Full Time

🔴 Lead

👮‍♂️ Cybersecurity / Security Engineer

🇬🇧 UK Skilled Worker Visa Sponsor

This company has sponsored UK Skilled Worker visas in the past.

Apply Now

Find Similar Remote Jobs

Receive Emails For Remote Jobs

📊 Check your resume score for this job

Improve your chances of getting an interview by checking your resume score before you apply.

Upload Resume

HICX

WebsiteLinkedInAll Job Openings

51 - 200 employees

Founded 2008

🤝 B2B

🏢 Enterprise

☁️ SaaS

B2B • Enterprise • SaaS

HICX is a company specializing in supplier management solutions. It offers a comprehensive Supplier Information Management (SIM) platform that facilitates supplier onboarding, data management, compliance, and experience management. HICX delivers a seamless supplier experience by integrating data and workflows in a no-code, low-code environment, ensuring that suppliers can efficiently interact with businesses. This flexibility helps large enterprises tailor solutions without IT bottlenecks and offers a consistent and productive relationship with suppliers. HICX serves major global companies, helping them build strong and frictionless supply chains.

📋 Description

• Set up and drive the overall information security strategy. • Own the ISMS standards and their adoption, ensuring compliance with company and external requirements including SOC 2 and ISO 27001. • Organise and manage ISMS-related scheduled activities and drive continuous improvement of the ISMS. • Contribute to security architecture and design decisions. • Oversee security tooling such as EDR, SIEM, MFA, password managers, device management, and access review processes. • Act as the primary escalation point, during and outside business hours, for all major security-related incidents and events. • Coordinate and manage corrective actions and responses to security incidents. • Own security documentation including policies, standards, exceptions, risk registers, and control evidence. • Oversee the internal risk-assessment and audit programme, supporting internal and external audits, remediating findings, and tracking control improvements to closure. • Support vendor and supplier risk management, including due diligence, sub-processor oversight, and security assessments. • Own the access control process, validate and audit access across divisions and functions. • Provide management reporting on risk posture, incidents, audit status, metrics, service trends, and improvement plans. • Work with engineering, DevOps, HR, and customer-facing teams to embed controls into everyday processes. • Drive ongoing security governance improvements. • Address data privacy and data protection concerns, and manage responses to customer data privacy requests. • Act as Data Protection Officer (DPO) for the organisation if and as required. • Help enforce security policies, building adoption, embedding them in the company culture, and introducing regular checks on departmental compliance. • Own and deliver security awareness training and campaigns to strengthen the security culture. • Complete security-related sections of RFPs and customer questionnaires, build and maintain a security knowledge base, and provide assurance of the integrity, confidentiality, and availability of information owned, controlled, and processed by the organisation. • Attend meetings with customers and prospects to provide insights into how HICX implements security across the organization. • Manage a small team of IT support admins providing internal IT support to HICX employees and contractors. • Act as the escalation point for complex IT issues, incidents, and problems requiring cross-team coordination. • Ensure IT support activities align with security controls, access management, and acceptable use requirements. • Oversee onboarding, offboarding, account lifecycle management, and device provisioning/deprovisioning. • Own and maintain standard operating procedures and the operations platform. • Help balance usability, cost, and security when selecting or renewing SaaS and IT tools. • Carry out other reasonable duties as required by the Company.

🎯 Requirements

• Excellent track record of leading security audits; ISO 27001, SOC 2, Cyber Essentials Plus • Proven experience in a senior information security leadership role (Head of Security, Information Security Manager, or similar), ideally within a SaaS or technology business. • Demonstrable experience building, operating, and maturing an ISMS, including achieving and maintaining SOC 2 and ISO 27001 certification. • Strong, hands-on knowledge of security tooling and controls; EDR, SIEM, MFA, identity and access management, device/endpoint management, and vulnerability management. • Solid understanding of cloud security (AWS, Azure, and Microsoft 365 admin suite) • Experience leading end-to-end security incident response, including out-of-hours management of major incidents. • Knowledge of UK GDPR/GDPR and global data protection laws, with experience acting as, or working closely with, a Data Protection Officer. • Experience of third-party, vendor, and supplier risk management, including due diligence and sub-processor oversight. • Experience completing customer security questionnaires and RFPs, maintaining a security knowledge base, and presenting security posture to customers and prospects. • Excellent communication skills, with the ability to translate technical risk into clear business language for technical and non-technical audiences, including executives and customers. • Strong leadership and people-management skills, with a track record of developing and motivating a small team. • Pragmatic, risk-based mindset that balances security with business enablement, usability, and cost. • Highly organised, self-motivated, and comfortable working autonomously within a fully remote, international team. • Collaborative and influential, able to embed a strong security culture across the whole organisation. • Relevant professional certification is desirable (e.g. CISSP, CISM, CISA, or ISO 27001 Lead Implementer/Auditor). • Experience managing internal IT operations and a small IT support team, onboarding/offboarding, account lifecycle, device provisioning, and SaaS administration is desirable

🏖️ Benefits

• Work from anywhere within UK - we are a fully remote company. • Private health insurance. • Flexible PTO - We offer 25 days of paid holiday per year + England Bank Holidays. • We celebrate special occasions with you - like your birthday! Additional PTO for all employees during their birthdays. • Receive Competitive Pay - Our team makes sure to provide a highly competitive rate based on your skills and location. • Work with a diverse, international team.