CrawlJobs Logo

Head of Information Security, Risk and Compliance

United Kingdom, Thame 110000.00 GBP / Year · Job Posted February 13, 2026
Apply Position
Job Link Share

Job Description

Senior leadership position within the IT Operations team. The primary mission is to reduce security risks through robust controls that align with Travelodge’s commercial strategy.

Job Responsibility

  • Strategic Leadership: Develop a continuously evolving security roadmap and "defence in depth" strategy
  • manage both internal teams and strategic third-party partners
  • Operational Management: Oversee 24x7x365 security operations, including continuous monitoring, threat assessment, incident response (CIRT)
  • Risk & Compliance: Develop and maintain an industry-standard Risk Management framework
  • ensure compliance with PCI-DSS, GDPR, and NIST frameworks
  • Governance & Policy: Maintain Information Security policies and conduct regular audits of processes and controls
  • Technical Oversight: Coordinate vulnerability management, penetration testing, and code reviews
  • provide "Secure by Design" architectural guidance for all new initiatives
  • Supply Chain & Budget: Manage a portfolio of security vendors to ensure value and responsiveness
  • oversee the OPEX and CAPEX budgets that enable your function to operate and continuously improve
  • Business Integration: Act as a trusted advisor to senior leadership and collaborate with Project Delivery to ensure risk reduction is baked into every project as well as BAU Operations
  • Testing and Readiness: Lead company-wide staff awareness, testing and education campaigns, as well as regular audits, scenario-based testing and penetration testing

Requirements

  • Certifications: CCSP, CISSP-ISSMP, or CISM
  • Methodologies: ITIL v4 Foundation
  • FAIR Risk Modelling
  • experience in Project Management or Business Change
  • Advanced Tech: Experience defining Zero Trust Architecture (ZTA) and implementing security controls within public cloud environments (IaaS/PaaS)
  • pragmatic, hands-on leader
  • master of communication
  • self-starter
  • technical expertise rooted in securing critical B2B and B2C eCommerce platforms, particularly within hosted and SaaS-heavy environments
  • expert-level knowledge of perimeter, cloud, network, and data security
  • proven track record of embedding industry frameworks like NIST, ISO27001, or CIS into a large-scale operation
  • strong commercial acumen to navigate contract negotiations and vendor management

What we offer

  • Annualise Bonus
  • Car Allowance
  • Contributory pension scheme
  • 50% personal discount for hotel bookings and great friends and family discounts too
  • 25 days holiday + bank holidays, increasing with length of service
  • A focus on learning and career development

Looking for more opportunities?

Search for other job offers that match your skills and interests.

Similar Jobs for

Head of Information Security, Risk and Compliance

8 matching positions

Head of Security and Compliance

The Head of Security and Compliance will be responsible for building and leading...
Location
Location
United States
Salary
Salary:
Not provided
eightsleep.com Logo
Eight Sleep
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 8-10+ years of experience in security engineering, with deep expertise in mobile app security, IoT device security, or cloud infrastructure security
  • Proven expertise in cybersecurity, cloud infrastructure security (AWS), IoT device security, and corporate risk management
  • Experience in consumer technology, health tech, or regulated industries is highly desirable
  • Strong knowledge of compliance standards (SOC 2, ISO 27001, HIPAA, GDPR, etc.)
  • Excellent communication and stakeholder management skills
  • Ability to balance risk with business agility in a fast-paced startup environment
Job Responsibility
Job Responsibility
  • Oversight and implementation, operation and monitoring of information security tools and processes in customer production environments
  • Responsible for conducting IT risk assessments, documenting identified threats and maintaining risk register
  • Communicates information security risks to executive leadership
  • Reports information security risks annually to Eight Sleep leadership and gains approvals to bring risks to acceptable levels
  • Define and own Eight Sleep’s end-to-end security strategy across cloud, product, corporate, and customer environments
  • Serve as the primary security advisor to the executive team—translating risk into clear business decisions and helping set the company’s security posture and risk tolerance
  • Build and scale Eight Sleep’s security program, including roadmap, processes, metrics, and future team structure
  • Oversee security architecture and practices for software, cloud infrastructure, connected devices (IoT), and data storage
  • Ensure compliance with security frameworks (e.g., SOC 2, GDPR, HIPAA)
  • Lead vulnerability management, threat detection, and incident response
What we offer
What we offer
  • Equity participation
  • Periodic equity refreshments based on performance
  • Every Eight Sleep employee receives a Pod
  • Fulltime
Read More
Arrow Right

Head of Governance, Risk and Compliance - CISO function - BPL

The Head of GRC leads the pillar responsible for ensuring the organisation under...
Location
Location
United Kingdom , London
Salary
Salary:
Not provided
barclays.co.uk Logo
Barclays
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • CISM, CRISC, or CISSP certification
  • Experience with DORA (Digital Operational Resilience Act) compliance requirements and implementation
  • ISO 27001 Lead Auditor or Lead Implementer certification
  • PCI QSA or Internal Security Assessor (ISA) qualification
  • Previous experience in FinTech, Digital Banking, Payment Acquiring organisation
  • Experience with Visa GACS and Mastercard SDP acquirer compliance programmes
  • Significant experience of progressive experience in information security governance, risk, and compliance, with at least 5 years leading a GRC team in a regulated environment
  • Strong understanding of UK GDPR and the role of security controls in meeting data protection obligations, including breach notification requirements and data protection impact assessments
  • Experience designing and operating security control frameworks mapped to multiple regulatory requirements simultaneously (e.g., a single framework serving PCI DSS, FCA, and GDPR)
  • Understanding of cloud-native architectures and their implications for compliance and risk management
Job Responsibility
Job Responsibility
  • Own the security policy framework, ensuring policies are current, proportionate, and aligned to PCI DSS, FCA expectations, UK GDPR, and DORA requirements
  • Maintain and operate the security risk register, ensuring risks are assessed consistently using a defined methodology, owned explicitly, and reported accurately to the CISO and Executive Leadership Team (ETL)
  • Manage the relationship with external auditors, the Qualified Security Assessor (QSA), and 2nd/3rd Line of Defence (LoD) on all security and technology risk matters
  • Own the third-party security assurance process, ensuring all vendors, partners, and card scheme integrations are risk-assessed with a tiered approach proportionate to data access and criticality
  • Chair the monthly Cyber and Tech Risk and Controls Forum, presenting risk posture, compliance status, and material findings to the CISO, CIO and ELT
  • Design and maintain the control framework, mapping controls to PCI DSS, FCA, UK GDPR, and DORA requirements, and ensuring control effectiveness is tested on a continuous cycle
  • Produce KRI dashboards and risk reporting for CISO, CIO, and ELT consumption, ensuring risk is communicated in business terms
  • Lead regulatory and audit engagement on security matters, coordinating regulatory review and audit interactions and proactively managing stakeholder relationships
  • Own the risk assessment calendar, ensuring both cyclical and event-driven assessments are executed on schedule with appropriate rigour
  • Manage the risk acceptance process, ensuring risk acceptance decisions are documented, time-bound, approved at the appropriate authority level, and reviewed before expiry
What we offer
What we offer
  • Competitive holiday allowance
  • Life assurance
  • Private medical care
  • Pension contribution
  • Fulltime
Read More
Arrow Right

Global Head of Cyber Risk and Compliance

The Technology & Cyber Compliance and Operational Risk Office (TCCORO) at Citi i...
Location
Location
United States , Irving, Texas, United States, New York, New York, United States
Salary
Salary:
250000.00 - 500000.00 USD / Year
https://www.citi.com/ Logo
Citi
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 20+ years' experience in technology risk and/or cyber risk management in the banking/financial services industry, or related field, with at least 5+ years in 2nd or 3rd line senior leadership positions
  • Subject matter expert in technology risk and/or cyber risk management principles and practices across various information system architecture and engineering domains
  • Proven experience in managing complex risk portfolios and developing strategic risk management frameworks for large organizations
  • Robust understanding of operational risk management frameworks, industry standards, regulatory requirements, and risk mitigation practices
  • Experience managing and overseeing large remediation and transformation programs to achieve intended results
  • Extensive experience in effective written and verbal communication with executive audiences including Boards
  • Experienced risk challenger who balances risks vs. rewards aligned with corporate risk culture
  • Understanding of Citi products and services and downstream impacts of technology risk and/or cyber risk strategy
  • Professional certifications in either technology risk and/or cyber risk preferred, including: Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified in Risk and Information Systems Control (CRISC), ERM, CET, ISO27001, COBIT, TOGAF, or CRI
  • In-depth, working knowledge of banking technologies, fraud, cybercrime detection and countermeasures, encryption, data retention, as well as information security support for segregation of duties, application development, network and systems operation, testing and vendor management
Job Responsibility
Job Responsibility
  • Oversight and challenge of the cybersecurity incident response programs
  • Oversight of the security operations center (SOC) and cybersecurity fusion center (CSFC)
  • Oversight of cybersecurity penetration testing and red-team operations
  • Oversight of the Chief Information Security Office (CISO), including the review of the effectiveness of the controls, standards and programs across the enterprise
  • Implementation of guidance for overseeing Emerging Technology and Operational Risks, in compliance with OCC Heightened Standards
  • Able to present and lead discussions with key Regulators, internal and external auditors, as well the Board of Directors and the Risk and Audit sub-committees
  • Governance and Oversight of security risks impacting the business and technology
  • Support in the development of Cyber Policy and Standards
  • Oversight of Key Operational Risks and related indicators and thresholds
  • Challenge of Cyber Risk Self Assessments
What we offer
What we offer
  • Discretionary and formulaic incentive and retention awards
  • medical, dental & vision coverage
  • 401(k)
  • life, accident, and disability insurance
  • wellness programs
  • paid time off packages, including planned time off (vacation), unplanned time off (sick leave), and paid holidays
  • Fulltime
Read More
Arrow Right

Head of Information Security

The Head of Information Security is a senior technical leadership role. The role...
Location
Location
Poland , Kraków
Salary
Salary:
Not provided
content.perkinelmer.com Logo
PerkinElmer
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor’s or Master’s degree in Cybersecurity, Computer Science, Engineering, or related field
  • 5+ years of experience in technical cybersecurity roles
  • Proven experience leading enterprise-scale security engineering and operations teams
Job Responsibility
Job Responsibility
  • Own the enterprise security architecture across network, endpoint, cloud, identity, and application domains
  • Define technical security standards, reference architectures, and engineering patterns
  • Lead the selection, deployment, and lifecycle management of security platforms and tooling
  • Embed security-by-design into infrastructure, cloud, and application initiatives
  • Lead Security Operations (SOC / SecOps), including detection, response, and operational resilience
  • Own vulnerability management, threat intelligence, and security telemetry
  • Drive continuous improvement in detection, automation, and response effectiveness
  • Lead the Cybersecurity Incident Response Team (CIRT)
  • Act as technical incident commander during major security incidents
  • Own investigation, containment, eradication, and recovery activities
What we offer
What we offer
  • Private healthcare including dental care
  • Life and long-term disability insurance
  • MyBenefit Cafeteria system
  • Multisport Card
  • Social Fund Subsidies
  • Home Office allowance
  • Tuition reimbursement
  • Referral awards
  • Internal career development opportunities in multiple business areas
  • Day off to celebrate your birthday
Read More
Arrow Right

Head of Information Security

This is a strategic leadership role which is responsible for leading the transfo...
Location
Location
United Kingdom , Milton Keynes or London
Salary
Salary:
Not provided
triarecruitment.com Logo
TRIA
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Significant leadership experience in enterprise information and cyber security roles, ideally within complex or regulated environments
  • Proven success in leading strategic reviews and transformations of security toolsets, platforms, and operating models
  • Deep technical knowledge of security controls across hybrid cloud, infrastructure, endpoint, and user environments
  • Practical experience delivering cyber security best practices across network, infrastructure, BYOD, web, and cloud services
  • Strong working knowledge of governance and compliance frameworks including ISO 27001, NIST CSF, GDPR, and Cyber Essentials+
  • Demonstrable ability to communicate complex security concepts to non-technical audiences, including board-level stakeholders
Job Responsibility
Job Responsibility
  • Lead the transformation and modernisation of the cyber and information security capabilities
  • Shape and execute a security strategy that aligns with the companies' digital ambitions and evolving risk landscape
  • Lead a complete strategic review of the security landscape, including tools, processes, risk postures, and cultural readiness
  • Report to the board and advise on cyber risk, threats, and mitigation strategies
  • Translate security insights into executive-level communications, influencing investment and change roadmaps
  • Fulltime
Read More
Arrow Right

Head of Risk & Compliance

Giacom is looking for a Head of Risk & Compliance who will take the lead in deve...
Location
Location
United Kingdom , Nelson
Salary
Salary:
Not provided
giacom.com Logo
Giacom
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Demonstrable prior experience in risk management, ideally in a regulated sector (Telecoms, Utilities, etc.)
  • Proven experience designing and leading an effective ERM and compliance framework in a medium/large organisation
  • Understanding of Health & Safety obligations and the ability to embed effective, risk‑based Health & Safety practices across the organisation
  • Able to translate complex risk‑management concepts into clear, accessible insights for colleagues, investors, and non‑executive Board members, and be recognised as a subject matter expert
  • Ability to build strong relationships and secure buy‑in across the business
  • Deep experience conducting risk assessments across strategic, operational, financial and compliance risks
  • Skilled in developing KRIs, assessing controls, and producing high‑quality management and Board reporting
  • A highly organised, structured, and proactive approach to managing a varied and demanding workload
Job Responsibility
Job Responsibility
  • Lead the Group’s risk management strategy, setting the framework that enables smart, proportionate, business‑friendly risk management
  • Partner with the Executive and senior leadership team to embed a strong, practical risk culture that supports growth and accountability
  • Own all risk reporting to the Board and Executive Committee, ensuring clarity, quality, and strategic insight
  • Facilitate the identification, assessment, and management of risks within our agreed appetite, ensuring mitigation where required
  • Lead on information security governance, ISO27001 compliance, data protection, business continuity, insurance, supplier compliance, and health & safety
  • Provide a strong second line monitoring and assurance function
  • Lead our legal and regulatory compliance programme, including Ofcom, TMBS and global communications regulations
  • Oversee incident reporting, breach investigations, root cause analysis, and regulator engagement
  • Develop, coach, and inspire the Risk & Compliance team leveraging in‑house specialists and external experts (including smart use of AI‑based tools)
  • Manage the Risk & Assurance Committee and Compliance Committee secretariat
What we offer
What we offer
  • Competitive package including car allowance and discretionary bonus
  • Flexible working
  • Investment in your future career with a variety of learning and development opportunities
  • No dress code - embrace the freedom to bring your whole self to work
  • 25 days annual leave, plus bank holidays. You'll even get your birthday off, too!
  • A pension plan for your future
  • Complimentary refreshments in all our offices
  • Fulltime
Read More
Arrow Right

Head of Enterprise Risk Management

Enable business strategy, protect clients, and embed and steward a strong risk c...
Location
Location
United Kingdom , London
Salary
Salary:
Not provided
socialvalueportal.com Logo
Social Value Portal Ltd
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor's degree in Risk Management, Finance, Economics, Actuarial Science, or a related discipline
  • Professional qualifications in risk or insurance (IRM Diploma, CII Advanced Diploma)
  • Excellent management skills with the ability to influence and manage a team of professionals
  • Accomplished relationship manager
  • Readily able to influence and negotiate at senior levels within the business
  • Ability to manage time, meet deadlines, and prioritise
  • Motivational skills, team worker as well as able to work on own initiative
  • Ability to work under pressure and to tight deadlines
  • Change management skills – have a track record for designing and implementing robust change management to review and improve existing practices and procedures
  • General commercial and financial knowledge
Job Responsibility
Job Responsibility
  • Implement, maintain, and raise awareness of the Enterprise Risk Framework, including: Corporate Risk Profile
  • Risk Appetite
  • Risk Taxonomy
  • Control Environment
  • Key Risk Indicators
  • and Governance
  • Develop, implement, and maintain effective enterprise, emerging and operational risk frameworks across the group
  • Develop, implement and maintain effective 2nd Line control assurance methodologies, plans and processes
  • Lead the ongoing development of our GRC system, supporting processes and enhancements in the control environment
  • Maintain risk policies and standards, develop suitable KRIs and other relevant risk metrics
  • Fulltime
Read More
Arrow Right

Head - Risk Management & Compliance Gdc

This role requires a deep understanding of the Indian banking and financial serv...
Location
Location
India , Mumbai
Salary
Salary:
Not provided
https://www.randstad.com Logo
Randstad
Expiration Date
July 11, 2026
Flip Icon
Requirements
Requirements
  • At least 5–7 years of relevant experience in banking, financial services, or other regulated environments, with demonstrated involvement in IT governance, risk, controls, or regulatory compliance
  • Strong knowledge in banking business, products, and regulations as prescribed by RBI and other applicable authorities
Job Responsibility
Job Responsibility
  • This role requires a deep understanding of the Indian banking and financial services landscape, local regulatory expectations (including RBI guidelines), and international best practices in banking technology and information security. This role reports to the CEO of the Indian Branch and works closely with senior management, business heads, and the bank’s global technology and information security functions to ensure technology capabilities are aligned with strategic priorities, operational resilience, and regulatory compliance
  • Fulltime
!
Read More
Arrow Right