Home › Companies › Duco › Head of Information Security

Head of Information Security

Duco · Barbican, London, City of, EC1M 7AN, United Kingdom · Active · BambooHR

Job facts

Field	Value
Company	Duco
Title	Head of Information Security
Normalized title	-
Department / team	Infosec
Location	Barbican, London, City of
Work model	-
Employment type	Full Time
Salary	-
Status	active
ATS provider	BambooHR
Posted / first seen	2026-06-10 / 2026-06-11
Changed / last seen	2026-06-11 / 2026-06-18

Related slices

Page	What it contains	Open
Company jobs	Active postings from Duco.	Open
Company breakdowns	Role, location, ATS, and work model facets for this company.	Open
ATS provider jobs	Active postings observed through BambooHR.	Open
Provider filtered search	The same provider as a filtered job collection.	Open
City jobs	Active postings in Barbican.	Open
Department jobs	Active postings in Infosec.	Open
Lifecycle events	Open, update, close, and reopen events for this posting.	Open
Original posting	Canonical source or apply URL captured from the ATS.	Open

Linked records

Company	Duco
Source	d36c7a36-772f-45a7-8a0a-5ba22e55ac20
ATS provider	BambooHR

Description

Duco is empowering financial services to transform the work undertaken in Operations by automating manual work and elevating humans from task workers to decision makers. We do this with a combination of proprietary technique, innovative cloud computing, artificial intelligence technology, and deep subject matter expertise. Our agentic Operations platform gives firms the ability to unlock full end-to-end reconciliation, data trust and automation of their data, regardless of source, format or structure. By partnering with the industry's leading firms, we are helping to rethink operating models, increase efficiency, strengthen governance and regulatory compliance, reduce risk, streamline processes and build the workforce of the future. More than 10,000 users across 30+ countries process billions of data records every week using the platform. Duco is headquartered in London, with offices in New York, Wroclaw, Antwerp and Singapore. Customers include global banks, investment managers, exchanges and insurance firms, such as CIBC Mellon, ING and Man Group. The role We are looking for a Head of Information Security to own our end-to-end security posture, govern our risk and compliance programme, and lead our IT Operations function. This is a VP Level role with company-wide scope. With approximately 200 employees across London, New York, Wroclaw, Antwerp, and Singapore, we move fast, build with purpose, and hold ourselves to a high bar. As we scale, information security, governance, and IT operations sit at the heart of that ambition. What you will be doing Security architecture and engineering – Define security architecture standards and lead threat modelling across the organisation – Establish and maintain long-term security architecture aligned to business strategy and regulatory requirements – Guide technology decisions at an enterprise level, including cloud strategy and zero trust adoption – Oversee penetration testing, DLP, and advanced threat detection programmes. – Own the vulnerability management programme – Implement enterprise frameworks including IAM, SIEM, and data classification. – Anticipate emerging threats, leverage AI/ML for predictive security, and set the technology vision – Lead Security Incident Response Programme Governance, risk, and compliance (GRC) – Define and own the GRC programme, including the ISMS, policy framework, risk registers, and audit readiness – Implement and maintain compliance with ISO 27001, SOC 1, SOC 2, NIST CSF, GDPR, and relevant financial services regulations – Understand the GRC landscape, implement appropriate controls, and adapt as the threat and regulatory environment shifts – Own execution of GRC strategy across the organisation; ensure frameworks are scalable and adaptable – Own Third Party Risk Management (TRPM) programme, including vendor assessments and ongoing oversight IT operations – Define and own the IT Operations programme, setting strategy and standards for the function – Own execution of IT Operations strategy; ensure frameworks are scalable and adaptable as Duco grows – Ensure operational excellence across infrastructure, tooling, and end-user support Leadership and stakeholder management – Lead, mentor, and develop a high-performing team across InfoSec, GRC, and IT Ops – Build strategic relationships with clients, regulators, and internal stakeholders – Engage effectively with large, complex, and multi-national enterprise clients that have mission-critical operations requirements, building trust and credibility at the most senior levels – Recognise, influence, and resolve critical issues that may affect company direction – Create strategies that cross organisational boundaries to achieve broad business goals – Work with industry peers and working groups to develop solutions that benefit the wider market – Enterprise Client Assurance: Act as a key partner to Duco's Client Success and Pre-Sales teams. This involves speaking directly with the CISOs and security teams of global financial institutions to assure them of Duco’s risk management and data privacy practices. Core Competencies Technical leadership – Proven track record of strategic impact at company-wide and industry-wide Level – Recognised internally and externally as an InfoSec expert, with evidence of exceptional technical and people leadership – Establishes long-term security architecture aligned to business strategy and regulatory requirements; guides enterprise technology decisions including cloud strategy and zero trust – Anticipates emerging threats, leverages AI/ML for predictive security, and sets the technology vision – Deep understanding of the GRC landscape; implements appropriate controls and adapts as the environment shifts End-to-end ownership – Develops proven solutions and replicates them across teams; designs systems and frameworks built to last – Accountable and collaborative: works with clients and colleagues to resolve complex issues and views challenges as opportunities to improve – Owns execution of security, GRC, and IT Ops strategy; ensures frameworks are scalable, adaptable, and aligned to business strategy and executive-level risk expectations Market knowledge – Deep understanding of the security and risk landscape across fintech and beyond; adapts market knowledge to continuously improve Duco's posture – Evaluates and integrates advanced security technologies and GRC best practices; knows when to buy, adapt, or build internally – Acts as a recognised industry leader: participates in regulatory advisory groups, defines Duco's position on InfoSec maturity, and anticipates regulatory shifts before they arrive Scope and influence – Operates across all departments; builds sponsorship for strategic initiatives and drives them through – Leads all InfoSec, GRC, and IT Ops functions with cross-functional influence across product, engineering, and compliance – Recognised outside of Duco for technology excellence; participates in industry events and shapes the wider conversation on risk and threat. – Influences executive peers, board decisions, and global regulatory compliance strategy What We Are Looking For - 8+ years of progressive experience in information security, with at least 3 years in a senior or leadership role - Hands-on experience owning ISO 27001 and SOC 1 and SOC 2 programmes, not just supporting them - Demonstrated experience managing security incidents end-to-end, including client and regulatory communications - Strong understanding of cloud security, particularly AWS, including IAM, logging, and observability infrastructure - Experience operating in a B2B SaaS or fintech environment, with exposure to enterprise client security requirements - Track record of building and managing TPRM programmes at scale - Excellent stakeholder management skills; comfortable presenting to the board and to client security teams in equal measure - Ability to make pragmatic decisions based on company culture and risk appetite - Strong written communication skills: able to translate complex security topics into clear, plain-language communications for non-technical audiences - Experience leading and developing a small, high-performing team - Familiarity with AI governance and the security implications of agentic AI systems Beneficial Experience - Experience with DLP, SIEM, or SOC build-outs - Relevant certifications such as CISSP, CISM, or ISO 27001 Lead Implementer - Experience in capital markets, asset management, or securities services

Full job record

Job ID	21373ba990804181bc17a757a3ca729e5a3ca7f8
Org ID	f19a394a-a884-47b9-abb8-6151778230e1
Source ID	d36c7a36-772f-45a7-8a0a-5ba22e55ac20
Board ID	d36c7a36-772f-45a7-8a0a-5ba22e55ac20
Provider	bamboohr
Provider Job Key	581
Title	Head of Information Security
Normalized Title	—
Status	active
Active	yes
Location Text	Barbican, London, City of, EC1M 7AN, United Kingdom
Department	Infosec
Team	—
Employment Type	full_time
Workplace Type	—
Remote Policy	—
Country	—
Region	London, City of
City	Barbican
Salary Raw	—
Salary Min	—
Salary Max	—
Salary Currency	—
Salary Period	—
Source URL	https://duco.bamboohr.com/careers/581
Apply URL	https://duco.bamboohr.com/careers/581
First Seen At	2026-06-11 10:43:57Z
Last Seen At	2026-06-18 10:43:53Z
Last Checked At	2026-06-18 10:43:53Z
Last Changed At	2026-06-11 10:43:57Z
Inactive At	—
Source Posted At	2026-06-10 00:00:00Z
Source Updated At	—
Raw Payload Uri	s3://job-postings-prod-raw-590183727216/raw/provider=bamboohr/board=duco/date=2026-06-18/2026-06-18T10-43-51-199Z-b106655051e3e662c34cc1c1fc5b5f8abd64859e4a740d3041e18be23b5a65c1.json

Event Fields

{
  "content_hash": "92755a9ea27dfe9f078cdf188f27bc6f9d0734924783f7e93a11370331c11beb",
  "source_hash": "272a3f672c78976b21a472a1e2ad18c9907b2613d97148143c8c9c446921ce04",
  "last_changed_at": "2026-06-11T10:43:57.544Z",
  "active_status": "active"
}

Parsed Structured

{
  "language": "en",
  "location": {
    "raw": "Barbican, London, City of, EC1M 7AN, United Kingdom",
    "city": "Barbican",
    "region": "London, City of",
    "country": null,
    "is_remote": false,
    "confidence": 0.8
  },
  "salary_max": null,
  "salary_min": null,
  "inferred_at": "2026-06-18T10:43:53.523Z",
  "launch_scope": {
    "reason": "bamboohr_production_catalog",
    "included": true,
    "location": {
      "raw": "Barbican, London, City of, EC1M 7AN, United Kingdom",
      "city": "Barbican",
      "region": "London, City of",
      "country": null,
      "is_remote": false,
      "confidence": 0.8
    },
    "countries": []
  },
  "remote_policy": null,
  "salary_period": null,
  "workplace_type": null,
  "salary_currency": null
}

Extensions

{}

Native Structured

{
  "list_job": {
    "id": "581",
    "isRemote": null,
    "location": {
      "city": "Barbican",
      "state": "London, City of"
    },
    "atsLocation": {
      "city": null,
      "state": null,
      "country": null,
      "province": null
    },
    "departmentId": "18439",
    "locationType": "2",
    "jobOpeningName": "Head of Information Security",
    "departmentLabel": "Infosec",
    "employmentStatusLabel": "Full Time"
  },
  "detail_errors": [],
  "detail_job_opening": {
    "location": {
      "city": "Barbican",
      "state": "London, City of",
      "postalCode": "EC1M 7AN",
      "addressCountry": "United Kingdom"
    },
    "datePosted": "2026-06-10",
    "atsLocation": {
      "city": null,
      "state": null,
      "country": null,
      "countryId": null
    },
    "description": "<p><br></p>\n<p><span style=\"color: rgb(10, 10, 10); font-family: Inter, sans-serif; font-size: 10pt\">Duco is empowering financial services to transform the work undertaken in Operations by automating manual work and elevating humans from task workers to decision makers.  We do this with a combination of proprietary technique, innovative cloud computing, artificial intelligence technology, and deep subject matter expertise.  Our agentic Operations platform gives firms the ability to unlock full end-to-end reconciliation, data trust and automation of their data, regardless of source, format or structure.  By partnering with the industry's leading firms, we are helping to rethink operating models, increase efficiency, strengthen governance and regulatory compliance, reduce risk, streamline processes and build the workforce of the future.  More than 10,000 users across 30+ countries process billions of data records every week using the platform.</span></p>\n<p><span style=\"color: rgb(10, 10, 10); font-family: Inter, sans-serif; font-size: 10pt\">Duco is headquartered in London, with offices in New York, Wroclaw, Antwerp and Singapore. Customers include global banks, investment managers, exchanges and insurance firms, such as CIBC Mellon, ING and Man Group.</span></p>\n<p><br></p>\n<p><span style=\"color: rgb(10, 10, 10); font-family: Inter, sans-serif; font-size: 12pt; font-weight: bold; text-decoration: underline\">The role</span></p>\n<p><span style=\"color: rgb(10, 10, 10); font-family: Inter, sans-serif; font-size: 10pt\">We are looking for a Head of Information Security to own our end-to-end security posture, govern our risk and compliance programme, and lead our IT Operations function. This is a VP Level role with company-wide scope.   With approximately 200 employees across London, New York, Wroclaw, Antwerp, and Singapore, we move fast, build with purpose, and hold ourselves to a high bar. As we scale, information security, governance, and IT operations sit at the heart of that ambition.</span></p>\n<p><br></p>\n<p><br></p>\n<p><span style=\"color: rgb(10, 10, 10); font-family: Inter, sans-serif; font-size: 12pt; font-weight: bold; text-decoration: underline\">What you will be doing</span><br></p>\n<p><span style=\"color: rgb(10, 10, 10); font-family: Inter, sans-serif; font-size: 10pt; font-weight: bold\">Security architecture and engineering</span></p>\n<p><span style=\"color: rgb(10, 10, 10); font-family: Inter, sans-serif; font-size: 10pt\">–  Define security architecture standards and lead threat modelling across the organisation</span></p>\n<p><span style=\"color: rgb(10, 10, 10); font-family: Inter, sans-serif; font-size: 10pt\">–  Establish and maintain long-term security architecture aligned to business strategy and regulatory requirements</span></p>\n<p><span style=\"color: rgb(10, 10, 10); font-family: Inter, sans-serif; font-size: 10pt\">–  Guide technology decisions at an enterprise level, including cloud strategy and zero trust adoption</span></p>\n<p><span style=\"color: rgb(10, 10, 10); font-family: Inter, sans-serif; font-size: 10pt\">–  Oversee penetration testing, DLP, and advanced threat detection programmes.</span></p>\n<p><span style=\"color: rgb(10, 10, 10); font-family: Inter, sans-serif; font-size: 10pt\">–  Own the vulnerability management programme</span></p>\n<p><span style=\"color: rgb(10, 10, 10); font-family: Inter, sans-serif; font-size: 10pt\">–  Implement enterprise frameworks including IAM, SIEM, and data classification.</span></p>\n<p><span style=\"color: rgb(10, 10, 10); font-family: Inter, sans-serif; font-size: 10pt\">–  Anticipate emerging threats, leverage AI/ML for predictive security, and set the technology vision</span></p>\n<p><span style=\"color: rgb(10, 10, 10); font-family: Inter, sans-serif; font-size: 10pt\">–  Lead Security Incident Response Programme</span></p>\n<p><br></p>\n<p><span style=\"color: rgb(10, 10, 10); font-family: Inter, sans-serif; font-size: 10pt; font-weight: bold\">Governance, risk, and compliance (GRC)</span></p>\n<p><span style=\"color: rgb(10, 10, 10); font-family: Inter, sans-serif; font-size: 10pt\">–  Define and own the GRC programme, including the ISMS, policy framework, risk registers, and audit readiness</span></p>\n<p><span style=\"color: rgb(10, 10, 10); font-family: Inter, sans-serif; font-size: 10pt\">–  Implement and maintain compliance with ISO 27001, SOC 1, SOC 2, NIST CSF, GDPR, and relevant financial services regulations</span></p>\n<p><span style=\"color: rgb(10, 10, 10); font-family: Inter, sans-serif; font-size: 10pt\">–  Understand the GRC landscape, implement appropriate controls, and adapt as the threat and regulatory environment shifts</span></p>\n<p><span style=\"color: rgb(10, 10, 10); font-family: Inter, sans-serif; font-size: 10pt\">–  Own execution of GRC strategy across the organisation; ensure frameworks are scalable and adaptable</span></p>\n<p><span style=\"color: rgb(10, 10, 10); font-family: Inter, sans-serif; font-size: 10pt\">–  Own Third Party Risk Management (TRPM) programme, including vendor assessments and ongoing oversight</span></p>\n<p><br></p>\n<p><span style=\"font-family: Inter, sans-serif; font-size: 10pt\"><span style=\"color: rgb(10, 10, 10); font-weight: bold\">IT operations</span><br></span></p>\n<p><span style=\"color: rgb(10, 10, 10); font-family: Inter, sans-serif; font-size: 10pt\">–  Define and own the IT Operations programme, setting strategy and standards for the function</span></p>\n<p><span style=\"color: rgb(10, 10, 10); font-family: Inter, sans-serif; font-size: 10pt\">–  Own execution of IT Operations strategy; ensure frameworks are scalable and adaptable as Duco grows</span></p>\n<p><span style=\"color: rgb(10, 10, 10); font-family: Inter, sans-serif; font-size: 10pt\">–  Ensure operational excellence across infrastructure, tooling, and end-user support</span></p>\n<p><br></p>\n<p><span style=\"color: rgb(10, 10, 10); font-family: Inter, sans-serif; font-size: 10pt; font-weight: bold\">Leadership and stakeholder management</span></p>\n<p><span style=\"color: rgb(10, 10, 10); font-family: Inter, sans-serif; font-size: 10pt\">–  Lead, mentor, and develop a high-performing team across InfoSec, GRC, and IT Ops</span></p>\n<p><span style=\"color: rgb(10, 10, 10); font-family: Inter, sans-serif; font-size: 10pt\">–  Build strategic relationships with clients, regulators, and internal stakeholders</span></p>\n<p><span style=\"color: rgb(10, 10, 10); font-family: Inter, sans-serif; font-size: 10pt\">–  Engage effectively with large, complex, and multi-national enterprise clients</span></p>\n<p><span style=\"color: rgb(10, 10, 10); font-family: Inter, sans-serif; font-size: 10pt\">that have mission-critical operations requirements, building trust and</span></p>\n<p><span style=\"color: rgb(10, 10, 10); font-family: Inter, sans-serif; font-size: 10pt\">credibility at the most senior levels</span></p>\n<p><span style=\"color: rgb(10, 10, 10); font-family: Inter, sans-serif; font-size: 10pt\">–  Recognise, influence, and resolve critical issues that may affect company direction</span></p>\n<p><span style=\"color: rgb(10, 10, 10); font-family: Inter, sans-serif; font-size: 10pt\">–  Create strategies that cross organisational boundaries to achieve broad business goals</span></p>\n<p><span style=\"color: rgb(10, 10, 10); font-family: Inter, sans-serif; font-size: 10pt\">–  Work with industry peers and working groups to develop solutions that benefit the wider market</span></p>\n<p><span style=\"color: rgb(10, 10, 10); font-family: Inter, sans-serif; font-size: 10pt\">–  Enterprise Client Assurance: Act as a key partner to Duco's Client Success and Pre-Sales teams. This involves speaking directly with the CISOs and security teams of global financial institutions to assure them of Duco’s risk management and data privacy practices.</span></p>\n<p><br></p>\n<p><span style=\"color: rgb(10, 10, 10); font-family: Inter, sans-serif; font-size: 12pt; font-weight: bold; text-decoration: underline\">Core Competencies</span><br></p>\n<p><span style=\"font-family: Inter, sans-serif; font-size: 10pt\"><span style=\"color: rgb(10, 10, 10); font-weight: bold\">Technical leadership</span><br></span></p>\n<p><span style=\"color: rgb(10, 10, 10); font-family: Inter, sans-serif; font-size: 10pt\">–  Proven track record of strategic impact at company-wide and industry-wide</span></p>\n<p><span style=\"color: rgb(10, 10, 10); font-family: Inter, sans-serif; font-size: 10pt\">Level</span></p>\n<p><span style=\"color: rgb(10, 10, 10); font-family: Inter, sans-serif; font-size: 10pt\">–  Recognised internally and externally as an InfoSec expert, with evidence of</span></p>\n<p><span style=\"color: rgb(10, 10, 10); font-family: Inter, sans-serif; font-size: 10pt\">exceptional technical and people leadership</span></p>\n<p><span style=\"color: rgb(10, 10, 10); font-family: Inter, sans-serif; font-size: 10pt\">–  Establishes long-term security architecture aligned to business strategy and</span></p>\n<p><span style=\"color: rgb(10, 10, 10); font-family: Inter, sans-serif; font-size: 10pt\">regulatory requirements; guides enterprise technology decisions including</span></p>\n<p><span style=\"color: rgb(10, 10, 10); font-family: Inter, sans-serif; font-size: 10pt\">cloud strategy and zero trust</span></p>\n<p><span style=\"color: rgb(10, 10, 10); font-family: Inter, sans-serif; font-size: 10pt\">–  Anticipates emerging threats, leverages AI/ML for predictive security, and</span></p>\n<p><span style=\"color: rgb(10, 10, 10); font-family: Inter, sans-serif; font-size: 10pt\">sets the technology vision</span></p>\n<p><span style=\"color: rgb(10, 10, 10); font-family: Inter, sans-serif; font-size: 10pt\">–  Deep understanding of the GRC landscape; implements appropriate controls</span></p>\n<p><span style=\"color: rgb(10, 10, 10); font-family: Inter, sans-serif; font-size: 10pt\">and adapts as the environment shifts</span></p>\n<p><br></p>\n<p><span style=\"color: rgb(10, 10, 10); font-family: Inter, sans-serif; font-size: 10pt; font-weight: bold\">End-to-end ownership</span></p>\n<p><span style=\"color: rgb(10, 10, 10); font-family: Inter, sans-serif; font-size: 10pt\">–  Develops proven solutions and replicates them across teams; designs</span></p>\n<p><span style=\"color: rgb(10, 10, 10); font-family: Inter, sans-serif; font-size: 10pt\">systems and frameworks built to last</span></p>\n<p><span style=\"color: rgb(10, 10, 10); font-family: Inter, sans-serif; font-size: 10pt\">–  Accountable and collaborative: works with clients and colleagues to resolve</span></p>\n<p><span style=\"color: rgb(10, 10, 10); font-family: Inter, sans-serif; font-size: 10pt\">complex issues and views challenges as opportunities to improve</span></p>\n<p><span style=\"color: rgb(10, 10, 10); font-family: Inter, sans-serif; font-size: 10pt\">–  Owns execution of security, GRC, and IT Ops strategy; ensures frameworks</span></p>\n<p><span style=\"color: rgb(10, 10, 10); font-family: Inter, sans-serif; font-size: 10pt\">are scalable, adaptable, and aligned to business strategy and executive-level</span></p>\n<p><span style=\"color: rgb(10, 10, 10); font-family: Inter, sans-serif; font-size: 10pt\">risk expectations</span></p>\n<p><br></p>\n<p><span style=\"color: rgb(10, 10, 10); font-family: Inter, sans-serif; font-size: 10pt; font-weight: bold\">Market knowledge</span></p>\n<p><span style=\"color: rgb(10, 10, 10); font-family: Inter, sans-serif; font-size: 10pt\">–  Deep understanding of the security and risk landscape across fintech and beyond; adapts market knowledge to continuously improve Duco's posture</span></p>\n<p><span style=\"color: rgb(10, 10, 10); font-family: Inter, sans-serif; font-size: 10pt\">–  Evaluates and integrates advanced security technologies and GRC best practices; knows when to buy, adapt, or build internally</span></p>\n<p><span style=\"color: rgb(10, 10, 10); font-family: Inter, sans-serif; font-size: 10pt\">–  Acts as a recognised industry leader: participates in regulatory advisory groups, defines Duco's position on InfoSec maturity, and anticipates regulatory shifts before they arrive</span></p>\n<p><br></p>\n<p><span style=\"color: rgb(10, 10, 10); font-family: Inter, sans-serif; font-size: 10pt; font-weight: bold\">Scope and influence</span></p>\n<p><span style=\"color: rgb(10, 10, 10); font-family: Inter, sans-serif; font-size: 10pt\">–  Operates across all departments; builds sponsorship for strategic initiatives</span></p>\n<p><span style=\"color: rgb(10, 10, 10); font-family: Inter, sans-serif; font-size: 10pt\">and drives them through</span></p>\n<p><span style=\"color: rgb(10, 10, 10); font-family: Inter, sans-serif; font-size: 10pt\">–  Leads all InfoSec, GRC, and IT Ops functions with cross-functional influence</span></p>\n<p><span style=\"color: rgb(10, 10, 10); font-family: Inter, sans-serif; font-size: 10pt\">across product, engineering, and compliance</span></p>\n<p><span style=\"color: rgb(10, 10, 10); font-family: Inter, sans-serif; font-size: 10pt\">–  Recognised outside of Duco for technology excellence; participates in</span></p>\n<p><span style=\"color: rgb(10, 10, 10); font-family: Inter, sans-serif; font-size: 10pt\">industry events and shapes the wider conversation on risk and threat.</span></p>\n<p><span style=\"color: rgb(10, 10, 10); font-family: Inter, sans-serif; font-size: 10pt\">–  Influences executive peers, board decisions, and global regulatory</span></p>\n<p><span style=\"color: rgb(10, 10, 10); font-family: Inter, sans-serif; font-size: 10pt\">compliance strategy</span></p>\n<p><br></p>\n<p><span style=\"color: rgb(10, 10, 10); font-family: Inter, sans-serif; font-size: 12pt; font-weight: bold; text-decoration: underline\">What We Are Looking For</span></p>\n<p><span style=\"color: rgb(10, 10, 10); font-family: Inter, sans-serif; font-size: 10pt\">- 8+ years of progressive experience in information security, with at least 3 years in a senior or leadership role</span></p>\n<p><span style=\"color: rgb(10, 10, 10); font-family: Inter, sans-serif; font-size: 10pt\">- Hands-on experience owning ISO 27001 and SOC 1 and SOC 2 programmes, not just supporting them</span></p>\n<p><span style=\"color: rgb(10, 10, 10); font-family: Inter, sans-serif; font-size: 10pt\">- Demonstrated experience managing security incidents end-to-end, including client and regulatory communications</span></p>\n<p><span style=\"color: rgb(10, 10, 10); font-family: Inter, sans-serif; font-size: 10pt\">- Strong understanding of cloud security, particularly AWS, including IAM, logging, and observability infrastructure</span></p>\n<p><span style=\"color: rgb(10, 10, 10); font-family: Inter, sans-serif; font-size: 10pt\">- Experience operating in a B2B SaaS or fintech environment, with exposure to enterprise client security requirements</span></p>\n<p><span style=\"color: rgb(10, 10, 10); font-family: Inter, sans-serif; font-size: 10pt\">- Track record of building and managing TPRM programmes at scale</span></p>\n<p><span style=\"color: rgb(10, 10, 10); font-family: Inter, sans-serif; font-size: 10pt\">- Excellent stakeholder management skills; comfortable presenting to the board and to client security teams in equal measure</span></p>\n<p><span style=\"color: rgb(10, 10, 10); font-family: Inter, sans-serif; font-size: 10pt\">- Ability to make pragmatic decisions based on company culture and risk appetite </span></p>\n<p><span style=\"color: rgb(10, 10, 10); font-family: Inter, sans-serif; font-size: 10pt\">- Strong written communication skills: able to translate complex security topics into clear, plain-language communications for non-technical audiences</span></p>\n<p><span style=\"color: rgb(10, 10, 10); font-family: Inter, sans-serif; font-size: 10pt\">- Experience leading and developing a small, high-performing team</span></p>\n<p><span style=\"font-family: Inter, sans-serif; font-size: 10pt\"><span style=\"color: rgb(10, 10, 10)\">- </span>Familiarity with AI governance and the security implications of agentic AI systems</span></p>\n<p><br></p>\n<p><span style=\"font-family: Inter, sans-serif; font-size: 12pt; font-weight: bold; text-decoration: underline\">Beneficial Experience</span></p>\n<p><span style=\"font-family: Inter, sans-serif; font-size: 10pt\">- Experience with DLP, SIEM, or SOC build-outs</span></p>\n<p><span style=\"font-family: Inter, sans-serif; font-size: 10pt\">- Relevant certifications such as CISSP, CISM, or ISO 27001 Lead Implementer</span></p>\n<p><span style=\"font-family: Inter, sans-serif; font-size: 10pt\">- Experience in capital markets, asset management, or securities services</span></p>",
    "compensation": null,
    "departmentId": "18439",
    "locationType": "2",
    "seekPromoted": false,
    "jobCategoryId": null,
    "jobOpeningName": "Head of Information Security",
    "departmentLabel": "Infosec",
    "jobOpeningStatus": "Open",
    "minimumExperience": null,
    "jobOpeningShareUrl": "https://duco.bamboohr.com/careers/581",
    "employmentStatusLabel": "Full Time"
  }
}

Get this page with API

Rendered from the bluedoor Job Postings API. Reproduce it:

GET https://api.bluedoor.sh/job-postings/v1/jobs/21373ba990804181bc17a757a3ca729e5a3ca7f8?include=descriptionJSON

GET https://api.bluedoor.sh/job-postings/v1/orgs/f19a394a-a884-47b9-abb8-6151778230e1JSON

GET https://api.bluedoor.sh/job-postings/v1/sources/d36c7a36-772f-45a7-8a0a-5ba22e55ac20JSON

GET https://api.bluedoor.sh/job-postings/v1/jobs/21373ba990804181bc17a757a3ca729e5a3ca7f8/eventsJSON

Docs · Get an API key