Fractional Chief Information Security Officer – CISO
ApprovalMax
contract
Posted on:
Location Type: Remote
Location: United Kingdom
Visit company websiteExplore more
Job Level
About the role
- Develop and own the Information Security strategy aligned with ApprovalMax's business objectives and European expansion plans
- Maintain and continuously improve the Information Security Management System (ISMS)
- Create, review, and maintain core security policies, standards, and procedures
- Establish and chair a cross-functional Security Working Group (Engineering, Architecture, IT, HR)
- Build and present a multi-year security roadmap with clear milestones, resource requirements, and priorities
- Serve as the central authority on risk assessment, risk treatment, and risk acceptance decisions
- Assess and provide guidance on secure AI adoption across the organisation, including AI-powered product features and internal AI tooling
- Maintain ISO 27001 certification and prepare for the 2027 recertification audit
- Lead SOC 2 Type II readiness programme (target: 2026-2027), including gap analysis and control mapping
- Ensure compliance with GDPR and data protection requirements across EU/UK/US/AU/NZ/CA/ZA jurisdictions
- Collaborate with external DPO support provider on privacy-related matters and customer security questionnaires as needed
- Provide security oversight across Azure, AWS, and Google Workspace environments
- Conduct access reviews and advise on identity and access management best practices
- Evaluate and guide implementation of security tooling (SIEM, vulnerability management, endpoint protection)
- Oversee VMware Workspace ONE MDM deployment and device security policies
- Advise engineering teams on secure SDLC practices, DevSecOps integration, and application security principles
- Develop and maintain incident response plans and procedures
- Lead incident response tabletop exercises and post-incident reviews
- Provide guidance on business continuity and disaster recovery planning
- Advise on vendor security assessments and third-party risk management
- Design and deliver company-wide security awareness training programmes
- Mentor and upskill internal staff on security best practices
- Foster a security-first culture across all departments
- Act as a trusted advisor to leadership on emerging threats and security trends
- Report regularly to the CTO on security posture, risks, and programme progress
- Prepare board-level security presentations as required (infrequent)
- Support commercial teams by contributing to customer security discussions when escalated
Requirements
- 8+ years of progressive experience in information security, with at least 3 years in a CISO, Head of Security, or senior security leadership role
- Demonstrated experience in B2B SaaS environments, ideally in fintech, finance software, or similarly regulated industries
- Proven track record of achieving and maintaining ISO 27001 certification
- Experience preparing organisations for SOC 2 Type II certification
- Hands-on experience securing cloud environments (Azure and/or AWS required; GCP a plus)
- Experience with Google Workspace security configuration and administration
- Background working with distributed, remote-first engineering teams
Benefits
- 26 days paid time off
- 1 additional day off for your Birthday
- Remote office assistance
- Service years recognition financial reward
Applicant Tracking System Keywords
Tip: use these terms in your resume and cover letter to boost ATS matches.
Hard skills
information security strategyrisk assessmentrisk treatmentsecure AI adoptionincident responseidentity and access managementsecure SDLC practicesDevSecOps integrationvulnerability managementbusiness continuity planning
Soft skills
leadershipmentoringcommunicationcollaborationorganizational skillsstrategic planningproblem-solvingadvisory skillstraining developmentcultural advocacy
Certifications
ISO 27001SOC 2 Type II