Security Strategy Lead

Hybrid in London United Kingdom

The company

Small businesses move fast. Opportunities often dont wait and cash flow pressures can appear overnight. To keep going and growing SMEs need finance thats as flexible and responsive as they are.

Thats why we built iwoca. Our smart technology data science and five-star customer service ensures business owners can act with the speed confidence and control they need exactly when its needed.

Weve already cleared the way for 100000 businesses with more than 4 billion in funding. Our passionate team is driven to help even more SMEs succeed through access to better finance and other services that make running a business easier. Our ultimate mission is to support one million SMEs in their defining moments creating lasting impact for the communities and economies they drive.

The team

iwoca builds and operates credit products that handle sensitive financial and customer data where securing such data is important. Until now security has been managed across engineering and IT. This role establishes security as a dedicated discipline embedded in how products are designed built and operated with a focus on proportionate controls aligned to real risk rather than abstract compliance goals.

The role

As Security Strategy Lead youll define how security works at iwoca and own the decisions that shape it. Youll assess security risks influence priorities across teams and embed security into how products are built and operated. This is iwocas first dedicated security role reporting to the Engineering Director with visibility at company level and scope to shape standards ways of working and long-term security strategy.

Youll be accountable for the following areas deciding priorities and how work is delivered in iwocas context. We expect this to involve judgement trade-offs and discussion rather than following a fixed playbook.

• Security strategy and leadership: Own iwocas security strategy minimising security risk while avoiding unnecessary friction for customers and developers. Act as the key decision maker for security checks and processes and decide how the security function evolves over time including when to use internal capability third-party expertise or new tooling.

• Tooling and process optimisation: Decide how security tooling and processes should be designed and applied across iwocas systems. Maintain a consolidated view of our security posture including identity risks third-party exposure and supply-chain vulnerabilities and oversee the development or adoption of automated detection where it adds value.

• Monitoring reporting and continuous improvement: Establish monitoring and reporting that provides visibility into the effectiveness of security controls. Use this to generate insights recommend improvements and guide prioritisation as risks and the business evolve.

• Collaboration and incident response: Work closely with product engineering and infrastructure teams to align on security priorities and trade-offs. Act as the primary point of contact for security matters and lead coordinated incident response and triage of emerging threats.

The requirements

Essential:

• Proven ability to analyse security risks across application and infrastructure systems and implement effective protections and monitoring solutions.

• Understanding of security techniques such as static analysis network scanning and penetration testing and how to apply them in practice.

• Experience turning security plans into action prioritising work and delivering meaningful improvements with engineering teams.

• Experience leading or influencing change across teams making trade-offs explicit and aligning security decisions with business context.

Bonus:

• Experience contributing to security certifications such as ISO 27001.

• Experience building security practices in a fast-growing company.

• Exposure to identity-based attacks supply chain vulnerabilities or other advanced threat classes.

The salary

We expect to pay from 100000 - 150000 for this role. But were open-minded so definitely include your salary goals with your application. We routinely benchmark salaries against market rates and run quarterly performance and salary reviews.

The culture

At iwoca we prioritise a culture of learning growth and support and invest in the professional development of our team members. We value thought and skill diversity and encourage you to explore new areas of interest to help us innovate and improve our products and services.

The offices

We put a lot of effort into making iwoca a great place to work:

• Offices in London Leeds Berlin and Frankfurt with plenty of drinks and snacks.

• Events and community-led groups including running groups padel and monthly ping-pong and pool competitions.

The benefits

• Flexible working hours.

• Medical insurance from Vitality including discounted gym membership.

• A private GP service (separate from Vitality) for you your partner and your dependents.

• 25 days holiday per year an extra day off for your birthday the option to buy or sell an additional five days of annual leave and unlimited unpaid leave.

• A one-month fully paid sabbatical after four years.

• Instant access to external counselling and therapy sessions for team members that need emotional or mental health support.

• 3% Pension contributions on total earnings.

• An employee equity incentive scheme.

• Generous parental leave and a nursery tax benefit scheme to help you save money.

• Electric car scheme and cycle to work scheme.

• Two company retreats a year: weve been to France Italy Spain and further afield.

And to make sure we all keep learning we offer:

• A learning and development budget for everyone.

• Company-wide talks with internal and external speakers.

• Access to learning platforms like Treehouse.

Useful links:

• iwoca benefits & policies

• Interview welcome pack