Head of Information Security

Job Title: Head of Information Security  Reports to: Chief Technology Officer (CTO) or Leadership Team Hours & Place of Work-  Birmingham, UK (with international remit: UK, Pakistan, Vietnam)  Company Overview Established in 1998, Joblogic is the UK’s #1 Field Service Management (FSM) software. With offices in the UK, Pakistan, and Vietnam and a team of over 400 people, we’ve been empowering service businesses for more than two decades.While we’ve been around for a while, our real growth trajectory began in 2021. Joblogic was proudly bootstrapped to £10M ARR before securing its first external investment in March 2023. In September 2025, we’re thrilled to announce that Joblogic has received investment from Vista Equity Partners, a leading global enterprise software investor.With Vista’s backing, Joblogic is now on an accelerated journey of innovation and international expansion-a rocket ship we’d love for you to be part of!Joblogic provides an all-in-one SaaS/CRM platform for field service businesses across industries such as HVACR, Plumbing & Heating, and Electrical Contracting & Maintenance. Our world-class software streamlines operations, boosts profitability, ensures compliance, and drives rapid growth for service businesses worldwide.Role Purpose Head of Information Security is responsible for defining, leading, and continuously improving Joblogic’s information security and data protection strategy. This role ensures the protection of company, customer, and employee data across global operations, while enabling business growth and innovation. The SISL will build and mature Joblogic’s Information Security Management System (ISMS), maintain certifications such as ISO/IEC 27001:2022 certification and Cyber Essentials Plus, ensure compliance with UK GDPR and international regulations, and strengthen Joblogic’s resilience to cyber threats. Key Responsibilities 1. Strategy & Leadership Develop and execute a comprehensive cybersecurity and data protection strategy, aligned with Joblogic’s business goals ,investor expectations and compliance needs. Serve as the executive authority for all information security and privacy matters, reporting regularly to the Board and leadership team. Champion a security-first culture across the organisation, embedding awareness and accountability at every level. Anticipate future risks (e.g. AI, evolving regulations, cross-border operations) and shape proactive security strategies. Support Sales and Customer Success in security assurance and due diligence processes for example InfoSec questionnaires.  2. Governance & Compliance Maintain and continually mature Joblogic’s ISO/IEC 27001:2022 certification, ensuring audit readiness. Ensure compliance with UK GDPR, Pakistan’s PECA, Vietnam’s Cybersecurity Law, and other applicable regulations. Lead policy development and governance frameworks covering information security, data protection, privacy, access control, and acceptable use. Act as Joblogic’s senior escalation point for regulatory or compliance inquiries. 3. Risk & Resilience Own the global information security risk register, including supply chain/vendor risk management. Lead on incident detection, response, and recovery, ensuring readiness through regular tabletop and crisis simulations. Develop and test the Business Continuity Plan (BCP) and Disaster Recovery Plan (DRP). Oversee secure international data transfers, ensuring lawful mechanisms (e.g. SCCs). 4. Operational Security Implement and monitor technical and organisational controls across UK, Pakistan, and Vietnam operations. Lead vulnerability management, endpoint protection, DLP, identity & access management, and secure coding practices. Establish metrics, dashboards, and KPIs for ISMS and privacy programme performance. Drive security monitoring, detection, and response capabilities. 5. Culture & Capability Building Launch continuous security and privacy awareness programmes, including phishing simulations and global Security & Privacy Week. Appoint and mentor local security champions in each office. Partner with HR and L&D to build security capability into onboarding and ongoing training. Support talent development for InfoSec and privacy professionals within Joblogic. Key Skills & Competencies Strategic Cybersecurity Planning – ability to balance business goals, risk appetite, and technological progression. Cyber Governance – designing frameworks that meet global standards and adapt to regulatory change. Risk Management – proven ability to identify, assess, and mitigate risks across complex global supply chains. Incident Management – expertise in crisis leadership, communication, and recovery planning. Security Architecture – ensuring resilience and security are embedded in system and product design. Cultural Change Leadership – influencing behaviour and embedding secure practices at scale. Innovation Enablement – enabling secure adoption of AI, automation, and emerging technologies. Executive Communication – confident in advising Board and investors, with clear risk-based reporting. Qualifications & Experience Proven track record as a senior information security leader (CISO, Deputy CISO, Head of Security, or equivalent). Experience managing ISO 27001-certified ISMS across multiple geographies. In-depth knowledge of data protection and privacy law (UK GDPR, international frameworks). Professional certifications desirable: CISSP, CISM, CISA, ISO 27001 Lead Implementer/Lead Auditor, CEH, CCISO. Strong experience in SaaS/cloud environments (ideally multi-tenant, B2B). Demonstrated success in building and scaling global InfoSec programmes. What We Offer Holidays: 25 days of holiday plus bank holidays. Flexible Working: Hybrid working arrangements to support work-life balance. Competitive Salary: A competitive salary based on experience and performance. Pension: Company pension scheme. Insurance: Death in service benefit. Culture: Team events, Christmas parties, an amazing office environment, and a fun, collaborative work culture.