
How your CV stacks up
Upload your CV to see how well it fits this job role
?%
Head of Security at HICX
HICX is a leading worldwide provider of enterprise SaaS solutions for digital supplier management. We help Global 5000 companies organise and manage supplier data, enabling businesses to efficiently on-board and manage supplier lifecycles while maintaining high-quality data integrity. Trusted by industry leaders including Unilever, Lenovo, Mars, Mondelez, Baker Hughes, and EDF Energy, HICX powers critical supplier relationships for many of the world’s largest organisations.
About the Role
We are hiring for a Head of Security to oversee our internal IT function and reporting to the CFO, or an alternative senior executive as designated by the Company.
The Head of Security will develop and drive HICX’s information security strategy, ensuring compliance with industry standards such as ISO 27001 and SOC 2. You will manage incident responses, governance, risk, and audit (GRC) processes, and act as the Data Protection Officer (DPO) where required. Additionally, you will head a small IT support team, streamline internal IT operations, and embed a strong security culture across the organisation—fully remotely from anywhere in the UK.
Key Responsibilities
Security Strategy & Compliance
- Formulate and implement HICX’s overall information security strategy, aligning with business objectives and regulatory frameworks.
- Lead adoption of ISMS (Information Security Management System) standards—ensuring alignment with ISO 27001, SOC 2 (Type II), and other critical certifications.
- Organise, coordinate, and drive scheduled ISMS activities, fostering continuous improvement.
- Collaborate with architectural and design teams in security planning and decision-making.
- Oversee the implementation and maintenance of security tooling including:
- EDR (Endpoint Detection and Response)
- SIEM (Security Information and Event Management)
- MFA (Multi-Factor Authentication)
- Password managers
- Device and access management tools
- Access review processes
Incident & Escalation Management
- Primary point of escalation for all major security incidents, including out-of-hours emergencies per the defined Major Security Incident process.
- Coordinate security incident response, direct corrective actions, mitigate risks, and document findings for lessons learned.
- Ensure rapid resolution to minimise operational impact and reduce reputational risk.
Governance, Risk & Audit (GRC)
- Lead and maintain all security documentation, including policies, standards, exceptions, risk registers, and control matrices.
- Oversee the internal risk-assessment and audit program, including:
- Supporting internal and external audits
- Mapping and remediating findings to closure
- Tracking control improvements and compliance status
- Establish and refine access control processes, auditing access across divisions, functions, and systems.
- Produce management reporting on:
- Risk posture
- Incident and breach metrics
- Audit statuses and trends
- Security service improvements -Gap analysis and remediation plans
Reasons to use Rodeo
I’m in my final year doing Economics and I don’t know whether to apply for grad schemes now or do a masters first. What do you think?
Honest answer — it depends on where you want to end up. A lot of top grad schemes (Big 4, civil service, banking) don’t need a masters. Let’s look at the ones you’d be competitive for now, and we can decide if a masters actually adds anything.
Also worth knowing: most autumn 2026 applications are open now. Timing matters more than you think.
Start with a chat, not a search bar
Grad scheme, placement, apprenticeship? Not sure what you want yet — that's fine. Your agent talks it through with you and turns "I have no idea" into a shortlist.
Graduate Consultant — 2026 Scheme
Why you're a good match
StrongYour economics background and your summer at a regional bank line up with what PwC looks for on the consulting scheme. Applications close in four weeks.
See breakdownIt searches the market for you
Every day your agent scans the market matching roles against what actually matters to you, not just keywords on a CV.
Why you're a good match
You’ve got the grades and the economics background, and your bank internship is exactly the experience this scheme looks for. Apply soon — deadlines close within the month.
Experience fit
Your summer at the bank plus your econometrics coursework map directly to the day-one responsibilities on this scheme — client modelling, market briefings, and deal support.
Only hits
No noise. No "maybe this fits." Just roles with a clear explanation of why they're right — and where to focus when applying.
- Work with DevOps, HR, engineering, and customer-facing teams to integrate security controls into daily operations and embedded workflows.
- Continuously improve risk management frameworks and drive data-driven security decisions.
Data Privacy
- Handle data privacy concerns and customer data subject requests (DSRs), ensuring compliance with UK GDPR, global data protection laws, and industry norms.
- Act as the Data Protection Officer (DPO) when required, maintaining records of data processing activities and managing internal compliance disputes.
Policy, Awareness & Customer Assurance
- Enforce security policies across the organisation, fostering cultural adoption and consistency:
- Deliver mandatory security training programs
- Conduct regular department compliance audits
- Embed security best practices into process and tool usage guidelines
- Act as a customer-facing security expert:
- Complete security-related sections of RFPs (Request for Proposals) and supplier questionnaires
- Build and maintain a security knowledge base
- Provide customer-facing assurance (ISO, GDPR, potential risks)
- Attend customer meetings and stakeholder discussions to demonstrate HICX’s security implementation
- Present the organisation’s security posture to prospective clients, outlining controls and compliance measures.
Internal IT & Operations
- Share responsibility for internal IT leadership, providing end-to-end IT operations oversight:
- Manage a small team of IT support admins
- Directly handle complex internal IT/escalation scenarios
- Ensure IT support processes align with security, access, and acceptable usage policies
- Oversee:
- Critical IT provisioning and deprovisioning (employee onboarding/offboarding, account lifecycle management, device assignment/de-assignment)
- Standard operating procedures (SOPs) and IT operations documentation
- Ensure cost-efficient, business-aligned IT infrastructure by:
- Evaluating SaaS tool renewals
- Balancing security cost, usability, and performance
- Perform other duties as assigned by management.
Requirements
Desired Skills & Experience
- Proven leadership experience in Information Security Management or a comparable senior role, typically as a Head of Security, Information Security Manager, or similar.
- Ideally within SaaS, cloud, or large enterprise environments—with a focus on scalable security operations.
- Track record in achieving and maintaining critical compliance certifications, including:
- ISO 27001 (preferably with multiple rescertifications)
- SOC 2 Type II
- Cyber Essentials Plus (or equivalent)


Get help with your application
Your very own career expert that helps elevate your application to the next level.
-
Hands-on expertise in security tooling, including:
- EDR solutions (DrakeNET, CrowdStrike, Tanium)
- SIEM tools (e.g., Splunk, Microsoft Sentinel, IBM QRadar)
- Multi-Factor Authentication (MFA) and Zero Trust strategies
- Identity and Access Management (IAM) solutions (e.g., Okta, Azure AD, Ping Identity)
- Cloud security for AWS, Azure, and Microsoft 365 environments
- Device and endpoint management (Conditional Access, Mobile Device Management)
-
Incident response experience including:
- Leading incident investigation and remediation
- Managing escalations during off-hours
-
Robust data privacy knowledge, including:
- UK GDPR / EU GDPR expertise
- Experience as a Data Protection Officer (DPO) or deep collaboration with one
-
Third-party/Audit Risk focus:
- Due diligence oversight of suppliers and third-party providers
- Audit of sub-processors and security design through contracts
-
Customer security excerpt development:
- RFP (Request for Proposal) response for security questions
- Clear, presentation-ready reporting of security posture
- Technical and business communication of security risks
-
Leadership & administrative skills:
- Ability to build a remote-friendly team with autonomy and accountability
- Collaborative and persuasive with executives, engineers, and non-technical stakeholders
- Balancing security maturity with business/budget considerations through pragmatic risk management
-
Professional security certifications are highly desirable, including:
- CISSP
- CISM / CISA
- ISO 27001 Lead Implementer/Auditor
- Cybersecurity Apprenticeship qualification
-
Internal IT experience (desirable):
- IT Operations team leadership of 3-5 admins
- End-user device lifecycle management, including onboarding/offboarding
- SaaS tool administration and licensing cost optimisation
Benefits
- Remote work flexibility: Operate from anywhere in the UK (100% remote team).
- Private health insurance provided by the company.
- Ample paid time off:
- 25 days annual leave per year (plus Bank Holidays for UK-based employees)
- Bonus paid holiday days on your birthday
- Competitive salary range, adjusted for skill level and location in the UK.
- Diverse, global workplace: Collaborate with a cross-cultural, talented international team.
- Supportive growth opportunities: Career development and learning resources.
No references began in the original document—retained in accordance with requirements. If further clarification is needed on benefits (e.g., exact number of paid festive days), they might be listed among additional local legislation.
“It took my CV and asked me questions relevant to understanding what kind of jobs to suggest for me. Suggestions were almost perfect. Jobs were exactly what I’ve been looking for.”
Jessica, London
Skills
Location