Listing Description

About Cazoo: 

Our mission is to transform the car buying experience across the UK and Europe by providing better selection, flexibility, transparency, convenience and peace of mind. We aim to make getting your next car no different to ordering any other product online today, where consumers can simply and seamlessly purchase, finance or subscribe to a car entirely online for delivery or collection in as little as 72 hours.

Cazoo was founded in 2018 by serial entrepreneur Alex Chesterman OBE, has a highly experienced management team and is backed by some of the leading global technology investors.

Job Summary:

We’re looking for a Head of Cyber Security to join our small but mighty information security team. You’ll be reporting to the Chief Information Security Officer (CISO) but working across technology, the business, and key security suppliers to drive security forward.

The successful candidate will have an impressive background in application security (an evolving artform) with solid infrastructure security and cloud security skills. As Cazoo evolves you will identify gaps and inefficiencies, call out better ways of working, and introduce methodologies and technologies to support it. You will be comfortable striving for iterative improvement and enjoy working in a fast-paced and challenging environment. 

We (and you) believe that the best security is built in and considered from the start, so your focus will be ‘building security in’ from design through operations. You know what great looks like and can also readily explain and illustrate where things could go wrong with a design or service. We’ll value your creative and collaborative approach and the strong working relationships you’ll establish with IT, engineering and the business. 

Although this is a leadership role, information security is a growing team so the successful candidate will (on occasion) also be required to ‘roll up their sleeves’ and be hands-on. Over time, as you mature the way we do security, your role and focus will evolve – this is your chance to transform along with a growing business.

What you will be doing:

You’ll be joining Cazoo, one of the fastest-growing technology companies in the world, at an early stage,

where there is an opportunity to have a significant impact, shaping how we do security. You’ll be reporting to the Chief Information Security Officer (CISO), but day to day will spend much of your time partnering with other areas to drive security forward and deliver continuous improvement. 

You’ll be:

• Providing cyber security leadership for a fast-paced, high-growth business 


• Developing working relationships with technology and the business and promoting the building of a collaborative security culture


• Working closely with security, IT and engineering leadership to define and develop our vision and strategy for information and cyber security and drive adoption in IT and engineering


• Expected to know what great security looks like and be able to (constructively) challenge IT and engineering decisions when they don’t seem right


• Championing the adoption of a ‘building security in’ mindset and introducing methodologies, technologies, and automation to support it from design through delivery and operations


• Identifying, promoting and/or managing risk reduction initiatives and delivering iterative improvement


• Driving security and process maturity in IT and engineering as well as in processes that touch security across the business


• Ensuring the effectiveness and completeness of security services delivered by IT and engineering


• Overseeing the SOC and SIEM services and ensuring IT and third-party SOC services evolve their playbooks and monitoring to stay in line with good practice


• Managing relationships with third party security providers, and running procurement rounds when necessary


• Supporting the business, security, the DPO and procurement in the security assessment of third-party services and integrations


• Managing penetration testing, vulnerability scanning and other security testing and maintenance programmes


• Ensuring targeted and people focused security training and awareness sessions are in place


• Supporting compliance and alignment initiatives with industry best practice and security standards overall as well as directly driving these within IT and engineering


• Building trust and making a huge difference

Required Skills & Experience:

• Self-starter and influencer with drive and focus


• Strives for iterative improvement and easily establishes trust-based relationships


• Excellent written and verbal communication skills


• Demonstrates commercial acumen and customer orientation


• Progressive experience and responsibility in information security roles with a strong (if not majority) application security focus


• Extensive experience collaborating with product, engineering, and architecture teams to drive security initiatives


• A background working as a penetration tester would be an asset


• Experience applying security controls in the Cloud (AWS) and in the software development lifecycle/pipeline


• Working knowledge or experience of SOC and SIEM service oversight


• Experience mentoring and supporting career progression of security teams or champions


• Experience driving alignment and demonstrating progress against security best practice and industry standards such as the CIS Controls, Cyber Essentials, PCI DSS, OWASP and the BSIMM


• Experience with privacy and GDPR


• Working knowledge of broader control domains such as access, change management, IT operations, and security incident management


• Experience in the selection and management of security suppliers


• Experience managing budgets would be an asset


• Process and policy writing experience would be an asset


• Working knowledge of SOx (experience would be an asset)

Qualifications:

• Degree educated (BSc/BA) or equivalent experience in a relevant industry (e.g. information security, computer science)


• CISSP, SANS GIAC, CREST or other relevant security certifications

Benefits:

At Cazoo, you will play a key role in creating a highly visible and tangible product that’s seeking to change and replace a painful process that almost everyone must contend with at some point in their life.

We offer a competitive salary, with an outstanding benefits package, including an annual bonus and 25 days holiday (plus an extra day for your birthday). We also offer a 5% salary matched pension scheme, life insurance and critical illness cover. At Cazoo we are also passionate about well being; we provide an annual wellness fund and we partner with a leading healthcare provider.

Useful Information:

Our London home is located a stone’s throw from Euston Station and close to Kings Cross, with tube stations on the Northern, Victoria, Piccadilly, Hammersmith & City and Circle lines all a short walk away.

In the post-Covid era, subject to government guidance, we will be operating a hybrid working model, with employees expected to spend a few days a week in the office alongside colleagues, while the others can be worked from home.

Our selection process will typically involve an initial chat with one of our recruitment team followed by a selection of competency based interviews with stakeholders and the hiring manager.

We know that diverse teams make better teams, and we are an equal opportunity employer that values diversity and inclusivity. We do not discriminate on the basis of gender, race, age, sexual orientation, colour, religion, national origin, disability status or marital status.