This website uses cookies to ensure you get the best experience.

Expenti and our selected partners use cookies and similar technologies (together “cookies”) that are necessary to present this website, and to ensure you get the best experience of it. If you consent to it, we will also use cookies for analytics purposes.

See our Cookie Policy to read more about the cookies we set.

You can withdraw and manage your consent at any time, by clicking “Manage cookies” at the bottom of each website page.

Select which cookies you accept

On this site, we always set cookies that are strictly necessary, meaning they are necessary for the site to function properly.

If you consent to it, we will also set other types of cookies. You can provide or withdraw your consent to the different types of cookies using the toggles below. You can change or withdraw your consent at any time, by clicking the link “Manage Cookies”, which is always available at the bottom of the site.

To learn more about what the different types of cookies do, how your data is used when they are set etc, see our Cookie Policy.

These cookies are necessary to make the site work properly, and are always set when you visit the site.

Vendors Teamtailor

These cookies collect information to help us understand how the site is being used.

Vendors Teamtailor
Expenti career site
Malaga, London · Hybrid

Head of Security

About this role

We are looking for a hands-on, technically fluent Head of Security to lead our cybersecurity efforts across both corporate and enterprise environments. This is a hybrid role combining team leadership, technical security direction, risk management, and delivery of key security initiatives.

You will work closely with IT, Engineering, Architecture, and Delivery teams to drive the implementation of our cybersecurity roadmap — spanning cloud security hardening, secure SDLC, data protection, and CIS benchmark compliance. This is an ideal opportunity for a security team lead or manager ready to step into a broader, more impactful leadership role while remaining close to technical execution


Your Mission

Your mission is to lead and grow our security capability; ensuring that cloud infrastructure, development pipelines, corporate systems, and critical data are all secured against evolving threats. You will shape the execution of security OKRs, manage and mentor a small but high-performing team, and directly contribute to the delivery of key technical initiatives. By translating strategic risks into actionable controls, and collaborating across departments, you will help embed security into everything we build, deploy, and operate.


Leadership & Strategy

  • Lead the cybersecurity function across corporate (Azure/O365) and enterprise (GitLab, AWS, GCP) environments
  • Own and drive delivery of security-related OKRs, working hands-on where needed
  • Provide technical direction and mentorship to security analysts and engineers
  • Act as the internal authority on security risk, translating business objectives into appropriate technical safeguards
  • Identify skills/resource gaps and write statements of work (SOWs) to onboard external SMEs when required


Security Operations & Engineering

  • Oversee threat detection, alert triage, and incident response processes
  • Ensure proper implementation of cloud security controls (Azure Security Center, Microsoft Defender, AWS/GCP posture management)
  • Guide implementation of secure software development lifecycle (SSDLC) controls, including threat modelling and CI/CD security
  • Drive coverage and remediation of vulnerabilities in infrastructure and code


Governance, Risk, and Compliance

  • Own and maintain the cybersecurity risk register in collaboration with IT and Engineering
  • Lead internal assessments against the CIS Benchmarks for Azure, Microsoft 365, AWS, GCP, and relevant platforms
  • Track remediation of CIS control gaps and report posture improvements to IT leadership
  • Manage the development and review of key security policies and operational procedures


Collaboration & Stakeholder Engagement

  • Work closely with IT on Azure and Microsoft 365 security initiatives, including Defender and Purview rollouts
  • Partner with Engineering on SSDLC enablement and GitLab security pipelines
  • Collaborate with Delivery/PMO to align and track execution of security objectives
  • Communicate risk posture, metrics, and roadmap progress to the Director of IT and key stakeholders


What you'll bring

Essential Experience

  • 5+ years in cybersecurity, with 2+ years in a leadership or team lead role
  • Strong technical expertise in cloud security (Azure, AWS, GCP), Microsoft Defender stack, and IAM
  • Experience delivering SSDLC practices (e.g., threat modelling, CI/CD pipeline security)
  • Working knowledge of the CIS Benchmarks and implementing associated controls
  • Proven ability to manage competing priorities, influence stakeholders, and deliver results across technical teams



Desirable Skills

  • Hands-on with Microsoft Defender, Azure Security Center, GitLab CI, AWS/GCP Security tools
  • Experience writing SOWs or managing vendor security engagements
  • Relevant certifications such as AZ-500, AWS Security Specialty, or GIAC/GSEC
  • Exposure to SIEM, CSPM tools, or automated compliance reporting platforms

Soft Skills

  • Strategic mindset with strong attention to detail
  • Effective communicator, able to translate risk into clear priorities
  • Collaborative team player with leadership potential and a proactive approach
  • Comfortable working in a fast-paced, cross-functional environment
Locations
Malaga, London
Remote status
Hybrid

About Expenti

We're digital innovators, leveraging the latest tech to deliver solutions that drive engagement, supercharge efficiency and create unstoppable growth. It's our mission to push the envelope and build products that redefine what's possible.

Epic experiences. Exceptional quality. That's Expenti.

Malaga, London · Hybrid

Head of Security

Loading application form

Already working at Expenti ?

Let’s recruit together and find your next colleague.