
How your CV stacks up
Upload your CV to see how well it fits this job role
?%
Head of Security
Global Security Lead
fresha
The AI-powered OS for beauty, wellness and self-care
Fresha is the AI-powered Operating System for the global beauty, wellness and self-care industry. We’re redefining how professionals and businesses operate by connecting, powering, and optimising every aspect—from salons and barbers to spas, medspas, fitness studios, and health practices.
We’re trusted by millions of consumers and businesses worldwide and have grown significantly:
- Used by 140,000+ businesses and 450,000+ stylists/professionals
- Processed over 1 billion appointments
- Headquartered in London, UK, with 15 global offices
We create seamless experiences across beauty and wellness by empowering consumers to discover, book, and pay via our marketplace. For businesses, we provide an all-in-one platform covering:
- Appointment bookings
- Point-of-sale (PoS)
- Customer records
- Marketing automation & loyalty
- Inventory management
- Team coordination
This enables businesses to unlock revenue through online bookings, automated marketing, and integrations with major platforms (e.g., Instagram, Facebook, Google).
About The Role
Reporting to: VP of Security, IT and Compliance
We need an exceptional Security Leader to shape and own Fresha’s end-to-end approach—ranging from strategy and architecture to incident response and alignment with compliance. This role cannot be siloed: you’ll collaborate closely with the Head of Compliance (also reporting to the same VP) to create a cohesive solution—they own frameworks and evidence, while you drive the execution and remediation.
Fresha operates as a regulated payments business, fundamentally intertwined with PCI DSS, GPDR, SOC 2 Type II audits, HIPAA, and ISO 27001. Our security posture demands pragmatic leadership—not theory.
Location: Based in our London HQ (207-122 Old Street, EC1V 9NR)—daily offices with the flexibility to occasionally work remotely, while fostering collaborative teamwork.
Core Responsibilities
Security Strategy & Execution
- Shape and articulate the comprehensive security strategy alongside the VP, balancing exec vision with technical depths, tradeoffs, and practical roadmaps.
- Define where to invest across tooling, headcount, vendors, and automation, with clear decision-making for allocation.
- Present the strategy to leadership—elaborating priority investments, trade-offs, and impact in alignment with business objectives.
Controls & Protections
- Deploy and enforce security controls across the full spectrum:
- Endpoint
- Network
- Cloud infrastructure & security
- Identity management
- Application & data protection
- Ensure controls are not merely deployed but continuously validated—no static tick-box audits. Drive engineering/IT to embed security first, not as an add-on.
- Partner with Compliance & Engineering to transform security from a silo into a natural part of development practices.
Reasons to use Rodeo
I’m in my final year doing Economics and I don’t know whether to apply for grad schemes now or do a masters first. What do you think?
Honest answer — it depends on where you want to end up. A lot of top grad schemes (Big 4, civil service, banking) don’t need a masters. Let’s look at the ones you’d be competitive for now, and we can decide if a masters actually adds anything.
Also worth knowing: most autumn 2026 applications are open now. Timing matters more than you think.
Start with a chat, not a search bar
Grad scheme, placement, apprenticeship? Not sure what you want yet — that's fine. Your agent talks it through with you and turns "I have no idea" into a shortlist.
Graduate Consultant — 2026 Scheme
Why you're a good match
StrongYour economics background and your summer at a regional bank line up with what PwC looks for on the consulting scheme. Applications close in four weeks.
See breakdownIt searches the market for you
Every day your agent scans the market matching roles against what actually matters to you, not just keywords on a CV.
Why you're a good match
You’ve got the grades and the economics background, and your bank internship is exactly the experience this scheme looks for. Apply soon — deadlines close within the month.
Experience fit
Your summer at the bank plus your econometrics coursework map directly to the day-one responsibilities on this scheme — client modelling, market briefings, and deal support.
Only hits
No noise. No "maybe this fits." Just roles with a clear explanation of why they're right — and where to focus when applying.
Penetration Testing & Vulnerability Management
- Lead regular external pen tests of applications and infrastructure, tied to triage and remediation SLAs.
- Own the cyber risk programme:
- Repeatable vulnerability scanning
- Prioritisation based on business exposure
- Close-loop remediation and closure (directly impacting results seen by auditors).
- Collaborate with Compliance on presenting evidence (clean data for frameworks, solid evidence of fix).
Incident Response & Threat Intelligence
- End-to-end ownership of Fresha’s incident response process:
- Detection-to-recovery sequence (detection, containment, eradication, recovery, lessons learned)
- Design and run on-call operations, playbooks, and tabletop drills to ensure business resilience.
- Lead post-mortems that share honest learning points.
- Build a threat awareness capability combining:
- Information from external sources (reports, global intel)
- Internal data (incidents, threat telemetry)
- Feed this into engineering decision-making: helping prevent future attacks, guiding investment priorities.
Threat Modelling, Proactive Risk
- Implement Threat Modelling as a regular practice (not just an initiative).
- Include automated tools using AI to scan architectural and code changes.
- Evaluate how new risks like large language models (LLMs) can be compromised (prompt injection, model misuse, SLA breaches).
- Be the company’s forward-looking intelligence voice.
- Actively invest to be save from future threats, not reactively.
Security Training & Awareness
- Design and deliver forthright security training relevant to Fresha’s threat landscape:
- Phishing simulations
- Secure coding for engineers
- Cyber threat modelling workshops
- Scene-specific training (PCI, HIPPA, PHI handling).
- Partner with Compliance to deliver regular updates—training is a loop, not a single check-box action.
Automation & Efficiency
- Eliminate manual intervention in security operations:
- Focus on alert triage, incident closure strategies, risk prioritisation, threat intel collation.
- Strategically use code, workflows, and AI without over-reliance.
- Refine operations to reduce manual tasks, enhance coverage, and speed response.
Advisory & Security Advocacy
- Serve as the internal go-to on all security-enablement fronts:
- Provide clear direction, not bureaucracy.
- Work with technical teams to make informed, confident decisions on:
- New products, integrations, acquisitions.
- Architecture and vendor audits.


Get help with your application
Your very own career expert that helps elevate your application to the next level.
Desired Qualifications
- ** Händen of experience leading security within a heavily regulated business** (e.g., payments, industrials, healthcare, financial services).
- Department experience in incident response (not just prepped exercises)—proof-of-study documentation and detailed learning from each case.
- Hands-on experience translating actionable, real-world incident learnings.
- Advanced understanding of modern attack surfaces, cloud environments, supply chains, application layering, and user identity.
- Experienced threat modelling implementation—not just used generic resources, but drives custom fit.
- Designing AI-integrated processes—not only find inefficiencies but solve the process flow.
- Know how LLMs can help, but also where they force new challenges.
- Existing multi-disciplinary leadership. Capabilities to engage as an equal with:
- Core technical engineering teams (dedication, technical depth).
- Business leadership (clarity in framing, value and strategies).
- Bonus: Payments/PCI DSS certification, SOC assessments, experience in applied offense.
How You’ll Work
- Lead a SecOps team from day one.
- Work directly with the EVP across all initiatives and with Compliance/IT/Engineering/product teams.
- Respond with speed and precision—total ownership, not just administration.
- Engage regularly with customers, financial service auditors, and compliance stakeholders.
- Continuously develop technical expertise, rather than act as purely a "dumping ground" for responsibilities.
Interview Process
- Screening
- Video call with Talent Team (~60m).
- Round 1
- VP of Security_, IT & Compliance (~60m).
- Round 2
- Virtual interview with CTO (~60m) and Head of Talent (~30m).
The process will be completed within 4 weeks, and feedback provided meticulously to all candidates.
Fresha’s Core Values
-
Empowerment: We reshape how professionals harness self-care—your input is valued and utilised.
-
Collaboration: Our culture thrives through teamwork and knowledge sharing, both in-person and across borders.
-
Inclusivity: We promote a safe, equitable environment:**
- World-class opportunities for all potential candidates, regardless of background.
- Every role conducted without biases on race, sexual identity, disability, or any related factor.
- If accessibility requirements make the process comfortable, let us know—our team is prepared to support you.
We may use AI tools to assist in screening or skill assessment—but always maintain human oversight. Final decisions rest with us.
We’re on the hunt for a security leader—join us in defining the future of self-care in an evolving industry.
“It took my CV and asked me questions relevant to understanding what kind of jobs to suggest for me. Suggestions were almost perfect. Jobs were exactly what I’ve been looking for.”
Jessica, London
Skills
Location