Job Application for Head of Information Security at watchTowr

New

Hello, let us introduce ourselves!

We are watchTowr, a VC-backed cyber security startup helping organisations continuously discover vulnerabilities in their Internet-facing attack surface. Cyber security veterans and technical experts, we are obsessed with building cybersecurity technology to help prevent breaches.

With experience informed by years of simulating sophisticated cyber attacks against some of the world's largest organisations, our mission is to enable organisations to continuously understand how an attacker would successfully compromise their business - with cutting-edge Attack Surface Management and Continuous Automated Red Teaming technology.

watchTowr was named within Gartner’s Emerging Tech Impact Radar report in 2023, in Gartner's Innovation Impact report for ASM in 2024, and is utilised by Fortune 500 and other large enterprises globally. Our research is well-known and respected across the cybersecurity industry, and can be found in various news outlets - while fuelling the watchTowr Platform.

We are a young, high-energy and high-performing team delivering world-class technology to help our clients prevent breaches. We are in a high and aggressive growth phase of our journey, and are excited to continue adding colleagues to join our phorce of nature.

Our vision for offensive security is continuous.

But what’s the role?

We are looking for an ambitious and hands-on colleague to join watchTowr as our first Head of Information Security to manage and continuously evolve watchTowr’s internal cyber security capability. As such, this individual needs to be a jack of all trades and have the ability to build from the ground up.

Although watchTowr’s first dedicated internal Info Sec role, as a cyber security company, watchTowr has built a strong internal cyber security posture and culture since day zero, maintained by several existing teams. This is demonstrated in numerous ways, including watchTowr’s ISO27001 and SOC 2 Type 2 certifications.

As watchTowr enters another phase of significant growth, dedicated capability and leadership is required to now focus on maintaining and continuing to evolve watchTowr’s existing cyber security posture.

Sounds great – what will I do?

You will establish and build a dedicated internal Information Security team at watchTowr.
You will work with senior leadership to identify and prioritise risks relevant to watchTowr, and relevant action plans.
You will enhance, implement, and maintain further internal self-serve security controls across numerous business areas, including application, infra, cloud, and data security.
You will maintain watchTowr’s alignment to numerous industry standards, including ISO27001 and SOC2 Type 2, while going steps further where relevant due to watchTowr’s unique threat model.
You will oversee security monitoring, threat analysis, threat hunting, penetration testing, and vulnerability management to align cyber risk management with the company's risk strategy.
You will support the watchTowr Commercial team to respond to client and partner queries about watchTowr’s security posture and practices.
You will engage with industry-leading partners whose technology is currently leveraged to protect watchTowr.
You will develop and maintain comprehensive metrics to measure the effectiveness of cyber resilience controls.
Over time, you will build and lead a team of internal security professionals to maintain watchTowr’s security posture.

Sounds perfect to me, what specifics are you looking for?

Core Skills

You have 8+ years of experience, made up of both hands-on technical and GRC experience.
Experience and understanding across numerous areas of cyber security, including endpoint, infrastructure security, compliance, and application security.
You have worked in a startup environment before, preferably in the technology industry.
The ability to lead people, motivate teams and drive a vision to ensure deliverables.
The ability to communicate risk and engage colleagues to maximise your impact.
Driven by your own passion and initiative - you understand the mission, and don’t need someone to guide you.

Advantages

You’ve been an early stage member of a startup previously
You thrive with empowerment and autonomy to fulfil your responsibilities in the best way you see fit.
You continuously learn – whether it be the latest and best way of solving a programmatic challenge or diving headfirst into cyber security.

What’s in it for me?

Meaningful mission - the work we do materially prevents our clients from being breached.
Competitive compensation - we believe that hard work, skills and ambition should be fairly compensated.
Meaningful role in a company - You will be a key and early contributor to a fast-growing cyber security business that helps protect some of the world's largest enterprises.
Endless opportunities – we are in a high-growth phase of our journey, and plan to promote from within as we scale.
Work with cyber security experts – we are solving cutting-edge industry-wide cyber security challenges with some of the world’s most advanced organisations.

Note: This role is a hybrid / remote role based in the UK. We will consider exceptional candidates based in Singapore. Unfortunately, we cannot currently sponsor visas for candidates outside of the UK and Singapore.