Head of Information Security

Head of Information Security / CISO Location Bedford (1 day a week in the office) Salary £80-90k + Bens Skills - InfoSec, CISO, Cybersecurity, PC!-DSS, ISO2007, cloud security (AWS, GCP, AZURE), Risk Analysis, GDPR, Security Lead, Security Architect Leading International SaaS Business. We’re partnering with a high-growth, globally recognised SaaS software house to appoint a Head of InfoSec (CISO) to lead, evolve and scale a best-in-class security function across a complex, cloud-first environment. This is a strategic and hands-on leadership role where you’ll own the full information security roadmap, driving compliance, risk management and security maturity across the organisation while influencing at board level. You’ll take accountability for maintaining and advancing ISO27001, ISO9001 and PCI-DSS certifications, embedding a robust ISMS and QMS, and ensuring security is fully integrated across engineering, product and commercial functions. The role demands deep expertise in security frameworks, governance and audit, alongside the ability to lead business continuity, disaster recovery, incident response and supplier risk programmes. You’ll act as the organisation’s security authority, delivering risk assessments, implementing controls, leading internal and external audits, managing penetration testing cycles and responding to enterprise client compliance requirements. Strong stakeholder engagement is critical – you’ll work cross-functionally with Legal, Engineering and senior leadership to align security with business objectives while promoting a security-first culture through training and awareness. Essential Experience & Skills * Proven experience operating as a CISO / Head of Information Security / Director of Cyber Security within a global SaaS, technology or cloud-first environment * Deep expertise across international security frameworks including ISO27001, NIST, SOC 2 and PCI-DSS, with the ability to align and scale controls across multiple regions * Demonstrable track record of leading enterprise-wide risk management, translating cyber risk into commercial and financial impact for board-level stakeholders * Strong technical grounding in cloud security (AWS, Azure, GCP), Zero Trust architecture and DevSecOps / Secure SDLC * Extensive experience leading global incident response, including ransomware, breach management and executive crisis communication * Expertise in third-party / supply chain risk management, particularly within complex SaaS ecosystems * Proven ability to build, scale and lead high-performing international security teams across multiple geographies * Experience delivering and maintaining ISMS / QMS frameworks, including audit, certification and continuous improvement programmes * Strong knowledge of global data protection and privacy regulations (e.g. GDPR, CCPA and other regional frameworks) * Ability to influence at C-suite and board level, driving security as a business enabler rather than a blocker * Experience supporting M&A activity, due diligence and post-acquisition security integration * Advanced stakeholder management skills with the ability to engage technical and non-technical audiences globally * Industry-recognised certifications such as CISSP, CISM, CRISC or CCSP (desirable but not essential) We’re looking for a proven InfoSec leader with extensive experience across ISO, PCI and regulatory environments, a strong background in risk and control frameworks, and the ability to operate both strategically and tactically. Experience within SaaS, technology or telecoms environments is highly desirable, alongside exceptional communication, leadership and change management capability. This is an opportunity to shape and lead security at scale in a forward-thinking, international business where InfoSec is seen as a true enabler of growth