Head of Infosec bei Lendable

About Lendable

Lendable is on a mission to make consumer finance amazing: faster, cheaper, and friendlier. We're building one of the world’s leading fintech companies and are off to a strong start:

• One of the UK’s newest unicorns with a team of just over 600 people

• Among the fastest-growing tech companies in the UK

• Profitable since 2017

• Backed by top investors including Balderton Capital and Goldman Sachs

• Loved by customers with the best reviews in the market (4.9 across 10,000s of reviews on Trustpilot)

So far, we’ve rebuilt the Big Three consumer finance products from scratch: loans, credit cards and car finance. We get money into our customers’ hands in minutes instead of days.

We’re growing fast, and there’s a lot more to do: we’re going after the two biggest Western markets (UK and US) where trillions worth of financial products are held by big banks with dated systems and painful processes.

Join us if you want to

1. Take ownership across a broad remit. You are trusted to make decisions that drive a material impact on the direction and success of Lendable from day 1

2. Work in small teams of exceptional people, who are relentlessly resourceful to solve problems and find smarter solutions than the status quo

3. Build the best technology in-house, using new data sources, machine learning and AI to make machines do the heavy lifting

About the role

We're looking for a Head of InfoSec to champion security across Lendable, ensuring our products, platforms, and processes remain secure as we scale. This is a high-impact leadership role with broad responsibility across application security, operations, and governance.

As Head of InfoSec, you'll be the champion of security across the organisation, balancing business growth with operational resilience. You'll shape how we embed security into every part of our product and operations, and play a critical role in building trust with customers, partners, and regulators. You will lead a team of exceptional security engineers, delivering a technical roadmap that you will shape.

What you’ll be doing

• Application Security (AppSec): Driving secure development practices, code analysis, and threat modelling.

• Security Operations (SOC): Overseeing monitoring, incident response, vulnerability management, and operational resilience.

• Governance, Risk & Compliance (GRC): Leading our efforts to achieve and maintain compliance with PCI, GDPR, SOC2, and ISO27001.

• Vendor Security: Spearheading due diligence and monitoring of third parties, integrated with our Vendor Governance Forum.

• Policies & Assurance: Defining and enforcing security standards, collaborating with IT Ops and Platform Engineering on execution, and providing assurance to stakeholders, customers, and regulators.

• Risk Management: Escalating material risks directly to the CTO and other risk functions.

• Culture & Training: Promoting a secure-by-design culture through training, awareness, and best practices across the company.

What we're looking for

We're seeking an experienced security leader who is comfortable with:

• Building a team: You have prior management experience and a proven track record of growing a collaborative and cross-functional Security team.

• Scaling AppSec: You've owned and scaled a robust Application Security program, including secure development, code analysis, and threat modelling.

• Running Security Operations: You have deep experience overseeing a Security Operations function, managing monitoring, incident response, and vulnerability management.

• Driving GRC: You're an expert in managing compliance frameworks such as PCI, GDPR, SOC2, and ISO 27001, and you're skilled at preparing for audits.

• Vendor Security: You have led vendor security analysis, including due diligence and ongoing monitoring.

• Collaboration & Execution: You can define and enforce security policies while working effectively with cross-functional teams like IT Ops and Platform Engineering.

• Stakeholder Management: You're adept at providing assurance to stakeholders, customers, and regulators.

• Risk Leadership: You are comfortable escalating material risks directly to VPs, the CTO, and other risk functions.

• Cultural Influence: You have a passion for promoting a security-first culture through training, awareness, and secure-by-design practices.

• Adaptability: You thrive in a modern Cloud (AWS, GCP, Azure, Kubernetes, CI/CD) and AI environment, staying current with industry trends.

Interview process

• Intro Call with People Team: A brief conversation to get to know you and your background.

• Call with VP of Technology: A deeper dive into your experience and how it aligns with our technical vision.

• Onsite Interview: A deeper session where you’ll meet with several team members and stakeholders to discuss your technical expertise, management philosophy, and approach to delivery and collaboration. Don’t worry, we won’t ask you to code.

Call with CTO: A final conversation to discuss the strategic impact of the role

Life at Lendable

• The opportunity to scale up one of the world’s most successful fintech companies.

• Best-in-class compensation, including equity.

• You can work from home every Monday and Friday if you wish - on the other days, those based in the UK come together IRL at our Shoreditch office in London to be together, build and exchange ideas.

• Enjoy a fully stocked kitchen with everything you need to whip up breakfast, lunch, snacks, and drinks in the office every Tuesday-Thursday.

• We care for our Lendies’ well-being both physically and mentally, so we offer coverage when it comes to private health insurance

• We're an equal-opportunity employer and are looking to make Lendable the most inclusive and open workspace in London

Check out our blog!