The Director of IT & Information Security is responsible for protecting Thesis SM’s technology assets, data, and infrastructure while enabling seamless IT operations for a globally distributed workforce. This leader will execute the company’s IT and security strategy, ensuring compliance with regulatory frameworks, managing risk, and building a resilient and secure technology environment. The ideal candidate brings strong expertise in enterprise IT, cybersecurity, and compliance, combined with leadership and cross-functional collaboration skills.
- Proven track record managing enterprise IT operations and cybersecurity programmes in a SaaS or technology environment.
- Demonstrable experience with compliance frameworks such as ISO 27001, SOC 2, GDPR, and NIST.
- Strong background in identity & access management, endpoint security, and cloud security.
- Experience managing and scaling IT functions for a remote-first, globally distributed organisation.
- Relevant certifications such as CISSP, CISM, CISA, or equivalent strongly preferred.
- Deep knowledge of cloud security (AWS, Azure, GCP), Zero Trust architecture, and data privacy regulations.
- Lead and execute Thesis SM’s IT and information security strategy, policies, and roadmap.
- Lead all aspects of IT operations, including infrastructure, end-user computing, and IT service management.
- Build and manage a comprehensive information security programme, including threat detection, incident response, and vulnerability management.
- Implement and enforce Thesis's AI security and acceptable use policies, governing shadow AI risk, data classification in AI workflows, and third-party AI vendor assessment.
- Evaluate AI-augmented threat detection and AIOps capabilities to improve security monitoring efficiency and IT operational reliability.
- Report on AI risk posture to senior leadership and ensure compliance with GDPR, ISO 27001, SOC 2, and emerging AI regulation across Thesis's operating jurisdictions.
- Ensure compliance with applicable security and data privacy regulations, including GDPR, ISO 27001, and SOC 2.
- Conduct and oversee regular security risk assessments, audits, and penetration testing.
- Collaborate with Engineering and Product teams to embed security best practices (DevSecOps) into the SDLC.
- Lead security awareness and training programmes across the organisation.
- Manage vendor relationships for security tools, IT services, and managed security providers.
- Competitive Base Salary
- Work from home allowance to contribute towards your monthly bills
- Annual Discretionary Bonus/Commission Plan
- Salary Exchange Pension Scheme with 8% contribution from Thesis and 3% minimum employee contribution
- Enjoy flexible, trust-based time off to recharge and maintain a healthy work-life balance
- Private Medical Insurance
- BHSF Health Cash Plan which allows you to claim back the costs of the excess on Private Medical, various other health benefits such as dental, optical, private prescriptions.
- Yu Life Long Term Health Insurance & 4x Base Salary Life Insurance
- Mortgage Benefit
- EAP
- Enhanced Family Leave policies