Skip to main content

This job has expired

You will need to login before you can apply for a job.

Head of Information Security

Employer
Duco
Location
London, UK
Salary
Up to £110K base per annum, plus bonus and generous benefits
Closing date
16 Dec 2021

View more

Sector
IT
Job Role
Cloud Security
Job Type
Permanent

When was the last time you felt really appreciated at work?

Information Security is a tough arena, and not fully understood in every company.  But risk management is increasingly vital in the age of cloud technology, which is why Duco values its InfoSec folks and genuinely appreciates what they do.  In fact, our employees recently voted one of them Employee of the Month.  

A high-profile role, with huge potential, in a fast-growing company:

At Duco, we help customers solve their toughest data problems with our intuitive software.  Simple as that.  Founded in 2013, the company has grown to 160 employees across London, Edinburgh, New York, Singapore and Wroclaw, and is still expanding fast.  Our customer base already includes many of the world's leading financial institutions, and the product is so successful we are now developing into other key global markets.  

We're looking for an experienced Head of Information Security to help us navigate this high-growth phase and beyond. You’ll be leading the evolution of the information security roadmap, and developing and maturing the organisation through practices, processes and tooling, as well as partnering with global colleagues at all levels to embed InfoSec into Duco’s culture.

What you’ll be doing day to day:

  • Lead Duco’s information security program, encompassing both the Duco platform and more broadly, the organisation’s information handling 
  • Bring thought leadership to the organisation, designing and leading the organisation's information security roadmap and maturity evolution 
  • Partner with the commercial organisation to efficiently support revenue growth
  • Actively contribute as a leader within the organisation, to support the company scaling and achieving our Enterprise strategy 
  • Manage compliance activities to maintain assurance certifications (ISO27001, SOC2, and SOC1) and compliance with contractual obligations 
  • Work with internal stakeholders to risk assess changes, new projects, vendors, suppliers, and applications 
  • Collaborate across Duco to foster a strong security posture and embed this within the culture to enable the growth of practices and enhance governance across the organisation 
  • Support the Legal team in reviewing security requirements within customer contracts to ensure applicability and appropriateness to Duco 
  • Coordinate and manage the response to information security incidents
  • Undertake periodic governance reporting to Executive and Senior Management on the status of Duco’s information security program 
  • Plan budget allocation and financial forecasting related to information security
  • Manage and support the information security team’s technical and personal development

A caring employer and great culture:

We put people first - always - so we ensure everyone has a voice and what we do and how we do it. Regardless of role or seniority, we value all opinions and input. We communicate honestly, whether the news is good or bad, and share knowledge and successes.  Our philosophy is always to support, not micromanage. This approach is why our Glassdoor feedback reflects 90% of our people would recommend us as an employer, and 99% approve of the CEO.  Not bad huh?

A very compelling reward package:

  • Competitive base salary, reviewed annually.  The starting range will be £90 - £110K p/a
  • Annual success-share bonus scheme to reward your efforts in supporting Duco’s success
  • Equity investment scheme
  • Unlimited holiday policy, because we trust our people to manage their own time off
  • Flexible working options, including hybrid working and flexible hours
  • Enhanced family leave provisions e.g. maternity and paternity leave and pay
  • Annual budget for personal learning and development opportunities 
  • Spot rewards, so we can say thanks when you do a really great bit of work
  • Healthcare and eyecare schemes
  • Pension scheme with 5% employer contributions 
  • Cycle to work and tech purchase schemes 
  • Employee Assistance Programme, for extra support if times get tough
  • Annual home working allowance to help make your personal space comfortable 

Interested? Great! We would love to hear from you if you have:

  • Proven experience in information security, within a similar level role
  • Industry level certifications such as CISSP, CISM, CRISC, etc. or equivalent
  • Experience in leading an information security department, including providing direction, support, influence and mentoring 
  • ISO27001 certification, and experience in managing SOC2/SOC1 audits
  • Ability to engage with internal and external customers to discuss, understand and contextualise their information security requirements 
  • Strong understanding of DevSecOps and cloud computing concepts, processes and controls 
  • Exceptional organisational skills and proven ability to drive positive change 

Bonus points if you have:

  • Experience of applying information security within a software development/SaaS organisation 
  • Experience supporting cloud based platforms including technologies and services such as Amazon AWS, CloudWatch, CloudTrail, GuardDuty, Infrastructure as Code, GitOps, EKS/Kubernetes, Containers, ELK, and Terraform. 
  • Knowledge of commercial security offerings from multiple vendors

Important note!

At Duco, we believe in developing potential ,so we’re not necessarily looking for 'the perfect candidate' with gold medals and superpowers. Even if you don’t have every single thing listed above, if you think you could be great for this role then please do apply.  

A final note about COVID-19 and our hiring process: 

We’re helping to prevent the spread of COVID-19 by continuing to work mostly remotely. Interviews will therefore be carried out mainly by video conference. Our hiring process is usually four stages, including an initial conversation, a competency test and final-stage interviews.

So that’s us.  And you.  Want to talk...?  

Get job alerts

Create a job alert and receive personalised job recommendations straight to your inbox.

Create alert