Get AI-powered advice on this job and more exclusive features.
We are looking for a hands-on, technically fluent Head of Security to lead our cybersecurity efforts across both corporate and enterprise environments. This is a hybrid role combining team leadership, technical security direction, risk management, and delivery of key security initiatives.
You will work closely with IT, Engineering, Architecture, and Delivery teams to drive the implementation of our cybersecurity roadmap — spanning cloud security hardening, secure SDLC, data protection, and CIS benchmark compliance. This is an ideal opportunity for a security team lead or manager ready to step into a broader, more impactful leadership role while remaining close to technical execution.
Overview Your Mission
Your mission is to lead and grow our security capability; ensuring that cloud infrastructure, development pipelines, corporate systems, and critical data are all secured against evolving threats. You will shape the execution of security OKRs, manage and mentor a small but high-performing team, and directly contribute to the delivery of key technical initiatives. By translating strategic risks into actionable controls, and collaborating across departments, you will help embed security into everything we build, deploy, and operate.
Responsibilities Lead the cybersecurity function across corporate (Azure/O365) and enterprise (GitLab, AWS, GCP) environments
Own and drive delivery of security-related OKRs, working hands-on where needed
Provide technical direction and mentorship to security analysts and engineers
Act as the internal authority on security risk, translating business objectives into appropriate technical safeguards
Identify skills/resource gaps and write statements of work (SOWs) to onboard external SMEs when required
Oversee threat detection, alert triage, and incident response processes
Ensure proper implementation of cloud security controls (Azure Security Center, Microsoft Defender, AWS/GCP posture management)
Guide implementation of secure software development lifecycle (SSDLC) controls, including threat modelling and CI/CD security
Drive coverage and remediation of vulnerabilities in infrastructure and code
Own and maintain the cybersecurity risk register in collaboration with IT and Engineering
Lead internal assessments against the CIS Benchmarks for Azure, Microsoft 365, AWS, GCP, and relevant platforms
Track remediation of CIS control gaps and report posture improvements to IT leadership
Manage the development and review of key security policies and operational procedures
Work closely with IT on Azure and Microsoft 365 security initiatives, including Defender and Purview rollouts
Partner with Engineering on SSDLC enablement and GitLab security pipelines
Collaborate with Delivery/PMO to align and track execution of security objectives
Communicate risk posture, metrics, and roadmap progress to the Director of IT and key stakeholders
What you\'ll bring 5+ years in cybersecurity, with 2+ years in a leadership or team lead role
Strong technical expertise in cloud security (Azure, AWS, GCP), Microsoft Defender stack, and IAM
Experience delivering SSDLC practices (e.g., threat modelling, CI/CD pipeline security)
Working knowledge of the CIS Benchmarks and implementing associated controls
Proven ability to manage competing priorities, influence stakeholders, and deliver results across technical teams
What\'s in it for you Inspiring and fulfilling work at an innovative and values-driven company creating cutting-edge tech
Attractive salary and customisable benefits package
Flexible working hours and ways of working (we promote hybrid working model: work time is split between 3 days in the office and 2 days from home)
Contemporary and accessible office environments with a range of workplace perks
Relocation package for you and your family including soft-landing package services to help you settle in (applicable in Spain, if you are moving from a different city/country)
Being part of a team with a forward-looking, international mindset and agile working practices
A friendly, inclusive and multicultural environment
Wellbeing programmes, learning and personal growth opportunities
A range of employee events throughout the year
Opportunities to shape the tech community within and outside of the company, through mentoring and knowledge-sharing
Employment & Seniority Seniority level: Mid-Senior level
Employment type: Full-time
Industries Software Development and Gambling Facilities and Casinos
Referrals increase your chances of interviewing at Expenti by 2x
Sign in to set job alerts for "Head of Security" roles. We're unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.
#J-18808-Ljbffr