Head of Information Security, Compliance
Beamery
full-time
Posted on:
Location Type: Hybrid
Location: London • United Kingdom
Visit company websiteExplore more
Job Level
About the role
- Lead the security program for our AI-powered talent platform
- Maintain Beamery's ISO/IEC 42001 certification
- Lead AI risk assessments and impact evaluations for systems processing candidate and employee data
- Embed security-by-design principles in AI development
- Design and maintain enterprise security program aligned with ISO 27001 and SOC 2 Type II
- Lead security operations including vulnerability management, penetration testing, SIEM monitoring, incident response, and business continuity planning
- Oversee cloud security for AWS, Google Cloud, and Azure environments
- Manage vendor security assessments and third-party risk management
- Build security awareness culture through training and ongoing education programs
- Ensure compliance with GDPR, CCPA/CPRA, UK DPA, and emerging global privacy regulations
- Oversee DPIAs for high-risk processing activities, data breach procedures, and data subject rights fulfillment
- Implement privacy controls including data minimization, purpose limitation, and lawful basis documentation
- Manage DPAs with customers and Standard Contractual Clauses for international data transfers
- Partner with HR to align information security controls with internal HR compliance requirements
- Ensure platform compliance with AI hiring regulations (NYC Local Law 144, EU AI Act)
- Collaborate with Product to build transparency and explainability into AI-powered screening tools
- Lead external audits including SOC 2 Type II, ISO 27001, ISO 42001, and customer security assessments
- Maintain audit-ready documentation and monitor evolving regulatory landscape
- Support Sales with security expertise to accelerate deal closure
- Partner with Engineering and Product to translate compliance requirements into scalable technical controls
- Build security and compliance into M&A readiness planning
Requirements
- 10-15 years information security and compliance experience with 5+ years in leadership roles, preferably in B2B SaaS or HR technology
- Deep expertise in ISO 27001, SOC 2, GDPR, and CCPA with proven track record achieving and maintaining certifications
- Strong understanding of AI governance and emerging AI regulations (ISO 42001, EU AI Act) as applied to employment technology
- Hands-on experience with cloud security architecture and DevSecOps practices across AWS, Google Cloud, or Azure
- Demonstrated success building security and compliance programs including policy development, control implementation, and team building
- Experience managing external audits and supporting enterprise sales cycles with security/compliance expertise
- Exceptional communication skills with ability to translate technical concepts for executives, board members, and customers
- Strong business acumen to balance security requirements with business objectives in fast-paced environments.
- CISSP required; CISM, CRISC, or CISA strongly preferred
- CIPM or CIPP/E highly desirable
- Bachelor's degree in Computer Science, Information Security, or related technical field; Master's degree preferred
Benefits
- Diversity and open expression culture
- Support for reasonable adjustments and adaptations during recruitment
Applicant Tracking System Keywords
Tip: use these terms in your resume and cover letter to boost ATS matches.
Hard Skills & Tools
information securitycomplianceAI risk assessmentsvulnerability managementpenetration testingSIEM monitoringincident responsecloud security architectureDevSecOps practicespolicy development
Soft Skills
leadershipcommunicationbusiness acumenteam buildingtrainingcollaborationtranslating technical conceptssecurity awareness cultureproblem-solvingadaptability
Certifications
CISSPCISMCRISCCISACIPMCIPP/E