Executive Head, Information Security

CUBE are a global RegTech business defining and implementing the gold standard of regulatory intelligence for the financial services industry. We deliver our services through intuitive SaaS solutions, powered by AI, to simplify the complex and everchanging world of compliance for our clients. 

Why us?

🌍 CUBE is a globally recognized brand at the forefront of Regulatory Technology. Our industry-leading SaaS solutions are trusted by the world’s top financial institutions globally.

🚀 In 2024, we achieved over 50% growth, both organically and through two strategic acquisitions. We’re a fast-paced, high-performing team that thrives on pushing boundaries—continuously evolving our products, services, and operations. At CUBE, we don’t just keep up we stay ahead.

🌱 We believe our future is built by bold, ambitious individuals who are driven to make a real difference. Our “make it happen” culture empowers you to take ownership of your career and accelerate your personal and professional development from day one.

🌐 With over 700 CUBERs across 19 countries spanning EMEA, the Americas, and APAC, we operate as one team with a shared mission to transform regulatory compliance. Diversity, collaboration, and purpose are the heartbeat of our success.

💡 We were among the first to harness the power of AI in regulatory intelligence, and we continue to lead with our cutting-edge technology. At CUBE, You will work alongside some of the brightest minds in AI research and engineering in developing impactful solutions that are reshaping the world of regulatory compliance.

We are seeking an experienced Exec Head of Information Security to join our leadership team, reporting directly to the Chief Technology Officer. This critical role will shape and execute our information security strategy as we scale our RegTech platform and expand our customer base in highly regulated markets. You will be responsible for safeguarding the company’s information systems against evolving cyber threats. This includes ensuring the security of our diverse infrastructure—spanning private data centres, Office 365, and Azure—while maintaining best-in-class secure development practices and staying abreast of emerging AI security standards.

You will lead the development of a world-class security programme that not only protects our assets but also serves as a competitive differentiator for customers who demand the highest security standards.

This role will be based in London and report into our CTO.

Key Responsibilities

Strategic Leadership & Programme Management

· Own and evolve the CUBE information security programme, aligning security initiatives with business objectives and regulatory requirements.

• Develop and maintain a multi-year security roadmap that addresses current threats and anticipates future challenges.

• Collaborate with internal stakeholders and external partners to deliver complex security projects from initiation to completion.

• Lead secure development and AI security programmes, ensuring best practices are followed.

• Define, track, and monitor information security KPIs to enable effective oversight.

• Partner with the CTO to brief the CEO, Executive team, Board of Directors, and investors on information security posture, risks, and programme delivery.

Security Operations & Risk Management

• Design, implement, and continuously improve a comprehensive enterprise information security programme, encompassing preventive, detective, and responsive controls.

• Establish and maintain 24/7 security monitoring and incident response capabilities appropriate for a RegTech serving banking customers working with our outsourced MDR service.

• Lead the response to security incidents and breaches, including investigation, remediation, and lessons learned.

• Conduct regular risk assessments, vulnerability assessments, and security audits to identify and mitigate potential threats.

• Manage relationships with external security vendors, consultants, and managed security service providers.

• · Oversee regular penetration testing of applications and infrastructure, including scoping, vendor management, and remediation tracking.

Compliance & Governance

• Drive achievement and maintenance of critical certifications, including ISO 27001, SOC 2 Type II, and other relevant standards.

• Establish and govern comprehensive information security policies, procedures, and standards aligned with industry best practices.

• Support customer security assessments and due diligence processes, working closely with sales and customer success teams.

• Maintain and improve our investor cyber security score and other investor-required security metrics.

• Lead supplier onboarding and ongoing security assessment/assurance activities, supporting Legal, Procurement, and Finance teams as required.

Infrastructure & Cloud Security

• Oversee security architecture and controls across our hybrid infrastructure including:

• Multi-cloud environments (Azure primary, with AWS and GCP considerations)

• On-premises data centres and colocation facilities

• Endpoint security for 800+ devices across multiple geographies

• Office 365 and Microsoft ecosystem security

• Infrastructure as Code and DevSecOps practices including use of Kubernetes.

• Partner with Infrastructure, TechOps, and Platform teams to embed security into all layers of our technology stack

• Lead security aspects of M&A due diligence and integration activities

Team Development & Culture

• Build, mentor, and lead a high-performing information security team

• Foster a security-conscious culture across all CUBE teams through training, awareness programmes, and clear communication

• Ensure all teams understand information security risks and their role in mitigation

• Develop security champions across engineering teams to embed security thinking in daily operations

Required Experience & Qualifications

Essential Experience

• 10+ years of progressive experience in information security, risk management, and IT leadership roles

• Proven track record of building and/or scaling information security functions in regulated firms, preferably in financial services or RegTech

• Hands-on experience achieving and maintaining ISO 27001 and SOC 2 Type II certifications

• Demonstrated success running the oversight of outsourced Security Operations Centre (SOC/MDR) and incident response teams

• Experience managing and responding to security incidents in a dynamic global environment.

• Experience delivering multi-year security transformation programmes in mid-to-large sized organisations (500-1000+ employees)

• Strong background in cloud security, particularly Azure, with working knowledge of AWS and multi-cloud strategies

• Deep understanding of regulatory compliance requirements in banking and financial services

• Engagement in M&A Due Diligence and integration activities

• Working in Private Equity backed businesses understand the pace and pressure associated with high growth.

Technical Competencies

• Expert knowledge of security frameworks including ISO/IEC 27001, NIST Cybersecurity Framework, and CIS Controls

• Proficiency in security technologies including:

  • SIEM/SOAR platforms

  • Identity and Access Management (particularly Microsoft Entra ID/Azure AD)

  • Endpoint Detection and Response (EDR)

  • Cloud Security Posture Management (CSPM)

  • Application Security and DevSecOps tools

• Understanding of modern threats, attack vectors, and defensive strategies

• Experience with Zero Trust architecture principles and implementation

Educational Background & Certifications

• One or more professional certifications required:

  • CISSP (Certified Information Systems Security Professional)

  • CISM (Certified Information Security Manager)

  • CISA (Certified Information Systems Auditor)

• Additional certifications valued: CCSP, Azure Security Engineer, AWS Security Specialty

• Preferred - Bachelor's degree in Information Security or Computer Science.

Leadership & Soft Skills

• Exceptional leadership abilities with experience managing diverse, distributed teams

• Outstanding communication skills with ability to translate technical security concepts for executive and board audiences

• Strong business acumen with ability to balance security requirements with business enablement

• Proven ability to influence and build consensus across technical and non-technical stakeholders

• Experience working with external auditors, regulators, and customer security teams

• Cultural fit with fast-paced, scaling technology company environment

Interested?

If you are passionate about leveraging technology to transform regulatory compliance and meet the qualifications outlined above, we invite you to apply. Please submit your resume detailing your relevant experience and interest in CUBE.​

CUBE is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees.