Rodeo
ResourcesPartnersSign in

Zinc

Head of Information Security

London
£95k/yr
Posted 26 days ago
Sign up to applySee more jobs like this

How your CV stacks up

1Upload CV
2Analyse CV
3Improve CV

Upload your CV to see how well it fits this job role

?%

Head of Information Security

Department: Legal & Compliance

Location: Zinc - London
Compensation: £95,000 / year


Description

Zinc has grown to 150+ people, we're scaling fast, and our information security function needs to grow with us. We need to continue maturing our InfoSec function in line with our rate of growth. That changes now.

We're hiring a Head of Information Security - the person who will own this function, define what good looks like at Zinc's scale, and build the credibility internally and externally that our customers, partners, and regulators expect. You’ll report into our General Counsel and work closely with our AI & Automation lead, operating in an environment where security is understood as a business enabler, not a blocker.

This is a step-up role. We're not looking for someone who has already done this job at a mature enterprise - we're looking for someone who is ready to own it now: hands-on, curious, and comfortable with the AI-native ways of working that define how Zinc operates. If you want to build something, not just inherit it, this is the role for you.

WHAT YOU WILL FOCUS ON FIRST

  • Establishing security maturity - Zinc is scaling fast, and we need our InfoSec function to keep pace. Your first 90 days are about understanding what good looks like at our stage and mapping the path to get there.
  • AI security governance - Zinc is AI-native, which is an opportunity and a responsibility. You'll be in the room with our COO and AI lead regarding adoption decisions from day one.
  • Incident management ownership - you're the lead on any material incident. Not managing every P3/P4, but the name at the top of the escalation when it matters. Set up the playbooks, own the response.
  • Building the function - you'll have one direct report, our InfoSec Manager. Your job is to define what this function needs to look like in 2-3 years, and start executing.

Reasons to use Rodeo

I’m in my final year doing Economics and I don’t know whether to apply for grad schemes now or do a masters first. What do you think?

Honest answer — it depends on where you want to end up. A lot of top grad schemes (Big 4, civil service, banking) don’t need a masters. Let’s look at the ones you’d be competitive for now, and we can decide if a masters actually adds anything.

Also worth knowing: most autumn 2026 applications are open now. Timing matters more than you think.

Start with a chat, not a search bar

Grad scheme, placement, apprenticeship? Not sure what you want yet — that's fine. Your agent talks it through with you and turns "I have no idea" into a shortlist.

P

Graduate Consultant — 2026 Scheme

PwC·London, UK
£35,000/yr

Why you're a good match

Strong

Your economics background and your summer at a regional bank line up with what PwC looks for on the consulting scheme. Applications close in four weeks.

See breakdown
Save jobNot relevant
View details

It searches the market for you

Every day your agent scans the market matching roles against what actually matters to you, not just keywords on a CV.

Why you're a good match

You’ve got the grades and the economics background, and your bank internship is exactly the experience this scheme looks for. Apply soon — deadlines close within the month.

See breakdown
Strong

Experience fit

Your summer at the bank plus your econometrics coursework map directly to the day-one responsibilities on this scheme — client modelling, market briefings, and deal support.

See breakdown
Strong

Only hits

No noise. No "maybe this fits." Just roles with a clear explanation of why they're right — and where to focus when applying.


Key Responsibilities 🗝️

  • Information security strategy - defining and owning the multi-year roadmap
  • Security architecture - reviewing and advising on technical design decisions, embedding security by design across products and platforms
  • Risk management - maintaining the risk register, identifying, prioritising, and tracking the things that actually matter
  • Compliance programmes - ISO 27001, SOC 2, and relevant sector standards; in close partnership with our Compliance team
  • Incident management - owning major incident response; first port of call in a crisis
  • AI security governance - partnering with our AI & Automation lead on safe AI adoption at Zinc
  • Customer and supplier security - security questionnaires, diligence requests, contractual requirements
  • Third-party risk - vendor security assessment and ongoing monitoring
  • Security awareness - training, culture, getting the business to care
  • Budget - managing the InfoSec budget and investment cases, aligned to Zinc's risk profile

Skills, Knowledge and Expertise 🚀

  • 5+ years in information security, with at least 2 years in a leadership or senior practitioner role - SOC management, security architecture, penetration testing, or engineering. You've built things and broken things, not just written about them.
  • Ready to step up - you've been a senior practitioner and you're ready to own the function.
  • AI literate - you understand the security implications of LLMs, AI tooling, agentic workflows, shadow AI, and third-party SaaS risk. This is not optional at Zinc.
  • High EQ - you'll inherit an existing team member who is professional, capable, and ambitious. How you lead that relationship matters more than your CV.
  • Strong communicator - you'll be speaking to auditors, customers, and a non-technical leadership team. You need to translate risk into language that drives decisions.
  • Compliance-aware, not compliance-driven - you understand the standards but you lead with risk, not box-ticking.
  • Comfortable with ambiguity - the playbook is incomplete. You'll write it.

Get help with your application

Your very own career expert that helps elevate your application to the next level.

Get help applying for this job

Desirable:

  • Experience in a fast-growing global SaaS business
  • Familiarity with DevSecOps and secure development lifecycle practices
  • Relevant certifications (CISSP, CISM, or similar)
  • Experience with cloud security (AWS, Azure, or GCP)

What we offer 🍉

  • Zinc offers a chance to work on a product that brings a fresh perspective on data ownership in hiring
  • 24 days holiday + Bank Holidays + your birthday off 🎉
  • £1200 annual benefits allowance (ThanksBen, from month 2)
  • Early finish Fridays (16:00)
  • Yearly company retreat abroad ✈️
  • 30 days to Work from anywhere 🌍
  • Enhanced Maternity, Paternity, and Adoption Leave (2 months full pay, then statutory)
  • Statutory pension with NEST (3% employer, 5% employee)
  • Zinc shares, issued through the EMI Scheme
  • Unlimited access to MoreHappi coaching
  • Company socials, quarterly team socials
  • Free Monday lunches
  • Nursery workplace benefit scheme (Yellownest)
  • Option to lease an electric car through Electric Car Scheme
  • Celebrated Zinc anniversaries 🥳
Trusted by 25,000+ job seekers

“It took my CV and asked me questions relevant to understanding what kind of jobs to suggest for me. Suggestions were almost perfect. Jobs were exactly what I’ve been looking for.”

Jessica, London

Get help applying for this job

Skills

Information Security
Security Architecture
Risk Management
Compliance
Incident Management
AI Security Governance
Customer Security
Third-party Risk
Security Awareness
Budget Management
Leadership
Communication
AI Literacy
High Emotional Intelligence
Compliance Awareness
Comfort with Ambiguity

Location

London, England, United Kingdom

Sign up to applySee more jobs like this