Director of InfoSec | UK

About The Company

About Cleo

At Cleo, we're not just building another fintech app. We're embarking on a mission to fundamentally change humanity's relationship with money. Imagine a world where everyone, regardless of background or income, has access to a hyper-intelligent financial advisor in their pocket. That's the future we're creating.

Cleo is a rare success story: a profitable, fast-growing unicorn with over $300 million in ARR and growing over 2x year-over-year. This isn't just a job; it's a chance to join a team of brilliant, driven individuals who are passionate about making a real difference. We have an exceptionally high bar for talent, seeking individuals who are not only at the top of their field but also embody our culture of collaboration and positive impact.

If you’re driven by complex challenges that push your expertise, the chance to shape something truly transformative, and the potential to share in Cleo’s success as we scale, while growing alongside a company that’s scaling fast, this might be your perfect fit.

Follow us on LinkedIn to keep up to date with new product features and insights from the team.

The Role

Cleo is looking for an experienced Head of InfoSec to own and lead security across the company as we continue to scale. This is a senior, hands-on leadership role with end-to-end responsibility for Cleo’s security strategy, compliance posture, and risk management.

You’ll be the primary owner of security at Cleo — shaping our security and risk strategy, leading compliance programmes (including SOC2 and PCI), protecting our applications and infrastructure, and working closely with Engineering, Product, Legal, Procurement, and the wider business.

As a member of the senior leadership group, you’ll act as a trusted advisor on security and risk, helping Cleo navigate an evolving regulatory landscape while enabling growth in a pragmatic, risk-based way. You’ll also build and lead the IT and security function, embedding strong security practices and a positive security culture across the company.

This role combines strategic leadership with practical execution and is critical to protecting our customers, our platform, and Cleo’s long-term success.

What You’ll Actually Do

Own Cleo’s security, risk, and compliance strategy end-to-end, defining a clear, risk-based approach that aligns with our business goals and risk appetite. Lead and maintain Cleo’s security compliance programmes, including SOC2 and PCI DSS, partnering with teams across the business to prepare for audits, manage evidence, and drive remediation. Assess Cleo’s current security maturity and deliver a clear roadmap, evolving our processes, controls, and tooling as the company scales. Build and lead the IT and security function, setting clear goals, developing team members, and putting in place the right operating model, processes, and controls. Embed secure-by-design practices across Cleo’s products and platform, working closely with engineering to raise application and cloud security maturity, including pen testing, vulnerability management, and remediation. Own security risk management and incident readiness, ensuring Cleo can identify, prioritise, and respond effectively to internal, external, and third-party risks. Oversee third-party and supplier security risk, working with the Legal, Compliance & Vendor Management teams to assess, tier, and manage vendor risk in a scalable way. Develop and maintain Cleo’s security policies and standards, ensuring they remain practical, proportionate, and aligned with evolving threats and regulatory expectations. Provide clear, data-driven security reporting to senior leadership, giving visibility into risk, trends, and priorities. Champion a strong, mature security culture, scaling security awareness and training so that teams understand their responsibilities and see security as an enabler, not a blocker.

About You

You have significant experience in senior security roles, ideally within high-growth technology, fintech, SaaS companies or regulated environments. You’ve led security and compliance programmes end-to-end (e.g. SOC2, PCI DSS, NIST, GDPR, or ISO) and are comfortable owning audits, evidence, and remediation. You bring a strong technical foundation in application security, cloud security, and secure architecture, and can engage credibly with engineers and technical leaders. You’re experienced in building and leading teams, and enjoy scaling functions, developing people, and setting clear direction. You take a risk-based, pragmatic approach, balancing security, compliance, and business needs. You communicate clearly and confidently, and can explain complex security topics to non-technical stakeholders, including senior leaders. You’re collaborative, outcome-focused, and comfortable operating in a fast-moving environment where not everything is fully defined. You have experience scaling + maturing security in an earlier stage organisation, ideally during a period of hypergrowth and across different geos.

Our Tech Stack

Cleo is built as a Ruby on Rails monolith with a single React Native app frontend, utilising TypeScript. We also leverage Python for machine learning services and PostgreSQL for our database, all hosted on AWS. Our CI/CD pipeline is fully automated, with production deployments happening on every merge via Heroku. Our backend engineers deploy multiple times a week, and we release our frontend app to Google and Apple for review at least once a week.

While we take a pragmatic approach, we place a strong emphasis on quality. Our code is peer-reviewed, and we maintain automated testing using Minitest and CircleCI. We're also actively working towards a more modular architecture, focusing on separating concerns to achieve all the benefits of microservices within a monolith, while progressively refactoring our code as we build new features. Everyone in the engineering team contributes to driving our technical strategy, voices & ideas from all levels are valued: we are all owners at Cleo.

What do you get for all your hard work?

A competitive compensation package (base + equity) with bi-annual reviews, aligned to our quarterly OKR planning cycles. You can view our public progression framework and salary bandings here: https://cleo-ai.progressionapp.com/ Work at one of the fastest-growing tech startups, backed by top VC firms, Balderton & EQT Ventures A clear progression plan. We want you to keep growing. That means trying new things, leading others, challenging the status quo and owning your impact. Always with our complete support. Flexibility. We can’t fight for the world’s financial health if we’re not healthy ourselves. We work with everyone to make sure they have the balance they need to do their best work Work where you work best. We’re a globally distributed team. Our Poland team works fully remotely, but we host virtual socials and an annual company offsite somewhere in Europe with all expenses paid. Other benefits; Company-wide performance reviews every 6 months Generous pay increases for high-performing team members Equity top-ups for team members getting promoted 25 days annual leave a year + public holidays (+ an additional day for every year you spend at Cleo, up to 30 days) Private medical insurance via Vitality, dental cover, and life assurance 1 month paid sabbatical after 4 years at Cleo Regular socials and activities, online and in-person We'll pay for your OpenAI subscription Online mental health support via Spill Enhanced parental leave Workplace Nursery Scheme And many more!

We strongly encourage applications from people of colour, the LGBTQ+ community, people with disabilities, neurodivergent people, parents, carers, and people from lower socio-economic backgrounds.

If there’s anything we can do to accommodate your specific situation, please let us know.

UK App access: The Cleo app is no longer downloadable in the UK. If you’re an existing user, you’ll still have access to the app. But some features won’t be available. Why? 99% of our users are based in the US – where financial health is often overlooked. We’ve decided to shift our focus to where we can provide the most value and make the greatest impact for users who need it most. Then we’ll be able to apply what we learn to better support our UK users in the future.

By submitting this application, I confirm that all the information given by me in this application for employment and any additional documents attached hereto are true to the best of my knowledge and that I have not wilfully suppressed any material fact. I confirm I have disclosed if applicable any previous employment with Cleo AI. I accept that if any of the information given by me in this application is in any way false or incorrect, my application may be rejected, any offer of employment may be withdrawn or my employment with Cleo AI may be terminated summarily or I may be dismissed. By submitting this application, I agree that my personal data will be processed in accordance with Cleo AI's Candidate Privacy Notice