Director of Information Security

Director of Information Security  

Reports to: Chief Executive Officer

Location: Hybrid - Newmarket - 2 days on site, 2 days WFH

Hours: 32 hours across a 4-day week (no salary sacrifice)

Salary: £80,000 - £90,000

Product: Group Level, Wonde, Evouchers & Secure Schools

Who we are and what is important to us:

Beyond unifies three technology-driven brands, Wonde, Evouchers and Secure Schools. 

Each brand shares a vision to reduce the friction of adapting technology, to help customers navigate an often overwhelming area and provide powerful solutions that make their everyday life easier. 

The three brands run independently with the autonomy to continue to prosper although as part of the Beyond team, you’ll join a wider, supportive environment where you’ll be able to pull on the expertise and capabilities of the group. 

We do not limit ourselves to standing still. We look ahead and strive to disrupt the sector we operate in. We believe technology should not be complicated or overwhelming. It should do what it says - quickly, safely and efficiently.

Job snapshot:

As our Director of Information Security, you will be responsible for all aspects of security, governance, and risk management across Beyond. This is a hands-on leadership role for a seasoned security expert with deep expertise in modern technology environments and cloud infrastructure. 

You will bring experience in enabling the secure use of AI, managing financial fraud and regulatory compliance, ensuring data protection, and supporting rapidly scaling businesses. Working closely with cross-functional teams, you will establish and maintain a robust security posture while enabling growth and innovation. 

What you’ll be doing:

• Define, develop, and implement a comprehensive information security strategy that supports Beyond’s growth while safeguarding assets, data, and systems. (Infrastructure, Physical and personnel)
• Actively oversee and participate in the design, implementation, and management of security & privacy controls, systems, and tools, across the global markets we operate in.
• Oversee and influence all aspects of our governance, risk, and compliance (GRC) frameworks. Ensuring we meet legislative, regulatory, contractual and industry standards such as ISO 27001, FCA Regulations, SOC 2, GDPR, and other relevant regulations.
• Identify, assess, and manage risks associated with our IT business's operations, ensuring appropriate measures are in place to mitigate potential threats.
• Establish and manage a robust incident response plan, including the ability to handle and remediate security & privacy breaches and vulnerabilities in real time.
• Work closely with engineering and DevOps teams to integrate security & privacy best practices into the development lifecycle, infrastructure, and architecture (cloud, hybrid, on-premises).
• Work closely with the Data Protection Officer to ensure that data protection, security and compliance are part of a culture throughout the Beyond group.
• Continuously evaluate and enhance vulnerability management programs, performing risk assessments, security testing, and recommending mitigation strategies.
• Build, mentor, and lead a security and data privacy team to support our security ambitions, ensuring continuous growth and professional development within the team.
• Act as a key point of contact for internal stakeholders (engineering, product, legal) and external auditors, vendors, and clients regarding security-related matters.
• Promote a culture of security and data protection compliance throughout the group through training, awareness programs, and regular updates on best practices and emerging threats.
• Plan and manage departmental budgets and closely monitor spend.