Information Security Lead

Remote /
Product & Technology – Engineering /
Whereabouts: At Whereby we work from everywhere within CET +/- 7 hours, however, especially for roles focusing on security we do have some limitations, as described here
Interviews: Around 4-6 hours over a few weeks, including some practical work
Salary: £ 83,500 - £ 93,000 (Depending on seniority)
Reporting to: Joel Overton, our Director of Engineering
Other: Please note that this process will involve a full criminal records and background check

“I’ve never seen a job being done by a five-hundred-person engineering team that couldn’t be done better by fifty people.” - C. Gordon Bell

Ask us anything: or check out our FAQ for candidates here

Your mission at Whereby*
Make security a differentiator for Whereby, by strengthening our security practices and build processes and systems to stay ahead of customers' expectations and threat scenarios in the market.

*This is the mission that moves you and your team through our strategic roadmap, and should be your focus for up to a year or two.

What is Whereby all about
Freedom to work from anywhere: our mission with Whereby is to give people freedom to live and work where they thrive.

📍 Our global HQ is in Oslo, Norway, but our users (and team) are worldwide - having been used in nearly every country in the world by millions of folk. 🌏
By making it possible to collaborate as well over video as you can in real life, we want to give you the choice to work from where your life happens. To allow you to be in a place where you can think and focus, but also allow a seamless and instant connection with others when you need to.
For our 70 team members, and also for our customers, we know that the ability to decouple location from work can be life-changing. They can afford the house they want, can spend less time commuting, be closer to nature, and their children get to grow up seeing their grandparents every day. Everyone on our team enjoys the enormous benefits that a flexible work policy brings, and we truly believe the future of work will gravitate towards our vision of the future.

Engineering at Whereby
We strongly believe in the superpowers of a well-led, and expertly designed engineering team. We are an engineering-centric business who hopes to scale our operation sustainably, with beautiful code, an ethical approach to our users and data, and an innovative opinion on new technologies in the market.

We try to ensure both that we're building the right thing and building the thing right. We analyse data, talk to users, prototype and iterate. We focus on discovering and solving user problems, not just building and shipping features. 

Working with security at Whereby means that your work will span across all engineering teams and the company at large.

🔍 What we're looking for in our Information Security Lead
We're looking for an experienced leader to develop security strategy at Whereby. You'll work with engineers and teams across the company to refine our security practices, develop scalable systems and tools, and govern their usage.
We expect you to be motivated by understanding the assets Whereby as a company need to protect, and helping us strike the right balance in terms of reducing and managing risks.

🌎 We believe in everyone
We fundamentally believe talent is distributed to all of us in equal measure. We open our doors (physical or URL) to everyone and we see our differences as a strength; it’s this philosophy that drives us towards our mission.
This means we see your unique history as having a value money cannot buy; we believe in the strength of every intersection of race, religion or belief, ethnic origin, different physical ability, family structure, socio-economics, age, nationality or citizenship, marital, domestic or civil partnership status, sexual orientation, or gender identity.

⚒️ The nuts and bolts of the role*
* Please do not see everything in this job ad as "must have", but rather a guiding list of what we're looking for. We know that no candidate will be the perfect match for all we've mentioned in this posting, so don't be afraid to apply if you feel you're close to the brief but not "spot on".

Your previous experience

    • We are prioritising attitude, aptitude, and the kinds of projects you've worked on in favour of years' experience. With that said, you may be a good fit if you...
    • Have experience in a leadership role – as a senior analyst/engineer, lead or manager in a Security team
    • Have driven security for an org, taking a risk-based approach to prioritisation
    • Have owned key risk indicators, developed procedures and policies, and a roadmap of security initiatives
    • See yourself as an enabler of security, depending on others to help you achieve this mission
    • Understand the landscape of security tools and technologies. Have exposure to some of: penetration testing and tools, network monitoring systems, IDS/IPS, web application firewalls, audit tools...
    • See yourself diving into tools, coordinating external resources (hired help), conducting training for colleagues, or anything else needed to move security forward at Whereby
    • Are open-minded to other perspectives and able to present your ideas effectively to a broad range of people and professions
    • Are a really nice person with loads of ambition!

Your attributes

    • Self-directed
    • Creative
    • Detail-oriented
    • Design-thinker
    • Empathetic and people-centric

🌟 How we'll measure your success

    • Our teams are productive with security practice embedded into their ways of working
    • The leadership team and engineering teams understand, and are confident in, Whereby's security posture
    • Regular audits are completed according to industry standards

Strategic responsibilities

    • Own security strategy at Whereby
    • Develop KRIs, policies and procedures
    • Make security a differentiator for Whereby, by strengthening and evangelising our security practices
    • Stay ahead of our customers' expectations and threat scenarios in the market

Tactical responsibilities

    • Assess and expand our repertoire of automatic control mechanisms for security monitoring and compliance
    • Work closely with the rest of the engineering team and provide the means to identify, quantify and act upon potential security flaws
    • As long as the projects you’d work on are directly relevant to security at Whereby we’ll be open to adapt the tactical responsibilities of the role to the priorities set by you and your manager after getting to know you better

Foundational responsibilities

    • Introduce new security technologies and processes where appropriate
    • Develop our incident response processes
    • Take part in regular penetration testing and audits
    • Contribute and assist on compliance work
    • Have fun, learn and share your knowledge and expertise while doing so
Your progression
Security is a broad area and a team we expect will grow over time. There's no shortage of scope for impact in this role: you'll have a lot of autonomy to lead the company in our approach to security.
You might choose to develop your management responsibilities and grow as a manager with this team as it grows – or you might choose to deepen your expertise in particular areas of your domain.

You've read all this way... you may as well apply! 🙌

If you have any more questions, take a peek at our Recruitment FAQ on Notion or drop us an email to