Head of Cyber Security chez Pexa

As the Head of Cyber Security at PEXA UK, you’ll play a key role in protecting the digital backbone of our business. Working closely with the UK CTO, Group CISO in Australia, and the PEXA UK leadership team, you’ll define and drive the security strategy, standards, and posture across our three UK brands: PEXA UK, Smoove, and Optima Legal.You’ll lead our Security Operations (SOC), Security Engineering, and Information Security and Governance functions, covering everything from incident response and secure architecture to audits, lender assurance, and compliance with ISO 27001 and FCA requirements.This is a senior leadership role offering the opportunity to define security strategy, strengthen governance, and protect critical systems, data, and operations. You’ll shape how we manage threats, embed secure-by-design principles, and foster a culture of security awareness across the organisation.You’ll also collaborate closely with technology, legal, risk, and operations teams, as well as external partners, to ensure alignment and resilience, making cyber security a trusted enabler for our customers and colleaguesOur EthosWe believe cyber security should be understood, embraced, and loved, not feared. Our job is to make it simple and part of how everyone works.

Key Responsibilities

Define and deliver the UK cyber security strategy and roadmap aligned with business and group objectives

Act as the senior security authority for PEXA UK, Smoove, and Optima Legal

Partner with the Group CISO, UK CTO, and Risk functions to align frameworks and initiatives

Lead and mentor a multi-disciplinary team across SOC, engineering, and information security

Represent UK security priorities in leadership forums, lender assurance discussions, and governance reviews

Oversee SOC operations ensuring timely threat detection, response, and resolution

Continuously improve detection and response capabilities using Cortex XDR, Abnormal Security, Splunk, and Nucleus

Manage vulnerability management end-to-end, from scanning and prioritisation to remediation tracking

Coordinate with third-party partners such as Blazeguard and CCX to ensure effective service delivery

Oversee secure configuration, endpoint management, and patch compliance across hybrid environments including Azure and AWS

Own the UK information security framework and assurance programs including ISO 27001, FCA standards, SOC audits, and lender assurances

Maintain and evolve security policies, standards, and control frameworks

Lead audit preparation, evidence collection, and control testing for certifications and partner reviews

Build strong partnerships across engineering, IT, legal, HR, and operations to embed security in everyday practices

Provide input on vendor assessments and third-party risk management

Promote a culture of security awareness through training, phishing simulations, and education programs

Report on cyber risk, maturity, and incidents to senior leadership with transparency and continuous improvement

Key Skills

Proven experience leading cyber security operations in a regulated or financial services environment (FCA exposure preferred).

Strong understanding of security governance, assurance frameworks, and audit processes (ISO 27001, NIST, GDPR, Cyber Essentials Plus).

Experience with modern security tooling such as:

Deep knowledge of incident response, threat hunting, and vulnerability management.

Excellent stakeholder management and communication skills — able to explain complex risks in simple terms.

Experience building and mentoring high-performing teams across technical and governance functions.

Confident working in partnership with global teams and external partners to deliver consistent, secure outcomes.

Postuler maintenant