×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Information Security IT Consultant IT Project Manager

Fractional Chief Information Security Officer; CISO

Job in Greater London, London, Greater London, EC1A, England, UK
Listing for: ApprovalMax Limited
Full Time position
Listed on 2026-01-13
Job specializations:
  • IT/Tech
    Cybersecurity, Information Security, IT Consultant, IT Project Manager
Job Description & How to Apply Below
Position: Fractional Chief Information Security Officer (CISO)
Location: Greater London

Fractional Chief Information Security Officer (CISO)

  • Contract

Approval Max is redefining how finance teams manage the
Money Out cycle
— from purchase orders and supplier bills to employee expense management and payroll. Trusted by
18,000+ businesses worldwide
, our platform empowers companies to automate financial controls, ensure compliance, and scale efficiently.

At the end of
2024
, Approval Max secured a£10 million growth investment from Yttrium
, a leading European technology investor. This funding marks the beginning of a new chapter in our journey — scaling our category leadership in Money Out automation, expanding enterprise capabilities, and accelerating product innovation.

We are seeking an experienced Fractional CISO to provide hands‑on security leadership as we evolve our security function to support continued growth and European expansion. This is a permanent fractional engagement reporting directly to the CTO.

You will own our information security strategy, maintain our ISO 27001 certification, build our security roadmap, and prepare the organisation for SOC 2 readiness in 2026‑2027. This role requires someone who can operate both strategically and tactically — developing policy one day and reviewing cloud configurations the next.

Key Responsibilities
  • Develop and own the Information Security strategy aligned with Approval Max's business objectives and European expansion plans
  • Maintain and continuously improve the Information Security Management System (ISMS)
  • Create, review, and maintain core security policies, standards, and procedures
  • Establish and chair a cross‑functional Security Working Group (Engineering, Architecture, IT, HR)
  • Build and present a multi‑year security roadmap with clear milestones, resource requirements, and priorities
  • Serve as the central authority on risk assessment, risk treatment, and risk acceptance decisions
  • Assess and provide guidance on secure AI adoption across the organisation, including AI‑powered product features and internal AI tooling
Compliance & Certification
  • Maintain ISO 27001 certification and prepare for the 2027 recertification audit
  • Lead SOC 2 Type II readiness programme (target: 2026‑2027), including gap analysis and control mapping
  • Ensure compliance with GDPR and data protection requirements across EU/UK/US/AU/NZ/CA/ZA jurisdictions
  • Collaborate with external DPO support provider on privacy‑related matters and customer security questionnaires as needed
Cloud & Technical Security
  • Provide security oversight across Azure, AWS, and Google Workspace environments
  • Conduct access reviews and advise on identity and access management best practices
  • Evaluate and guide implementation of security tooling (SIEM, vulnerability management, endpoint protection)
  • Oversee VMware Workspace ONE MDM deployment and device security policies
  • Advise engineering teams on secure SDLC practices, Dev Sec Ops  integration, and application security principles
Operational Security
  • Develop and maintain incident response plans and procedures
  • Lead incident response tabletop exercises and post‑incident reviews
  • Provide guidance on business continuity and disaster recovery planning
  • Advise on vendor security assessments and third‑party risk management
Awareness & Culture
  • Design and deliver company‑wide security awareness training programmes
  • Mentor and upskill internal staff on security best practices
  • Foster a security‑first culture across all departments
  • Act as a trusted advisor to leadership on emerging threats and security trends
Stakeholder Engagement
  • Report regularly to the CTO on security posture, risks, and programme progress
  • Prepare board‑level security presentations as required (infrequent)
  • Support commercial teams by contributing to customer security discussions when escalated
Qualifications
  • 8+ years of progressive experience in information security, with at least 3 years in a CISO, Head of Security, or senior security leadership role
  • Demonstrated experience in B2B SaaS environments, ideally in fintech, finance software, or similarly regulated industries
  • Proven track record of achieving and maintaining ISO 27001 certification
  • Experience preparing organisations for SOC 2 Type II certification
  • Hands‑on experience…
Note that applications are not being accepted from your jurisdiction for this job currently via this jobsite. Candidate preferences are the decision of the Employer or Recruiting Agent, and are controlled by them alone.
To Search, View & Apply for jobs on this site that accept applications from your location or country, tap here to make a Search:
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)

Job Posting Language
Employment Category
Education (minimum level)
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search