About this role
CUBE are a global RegTech business defining and implementing the gold standard of regulatory intelligence for the financial services industry. We deliver our services through intuitive SaaS solutions, powered by AI, to simplify the complex and everchanging world of compliance for our clients.Ā
Ā
Why us?
š CUBE is a globally recognized brand at the forefront of Regulatory Technology. Our industry-leading SaaS solutions are trusted by the worldās top financial institutions globally.
š In 2024, we achieved over 50% growth, both organically and through two strategic acquisitions. Weāre a fast-paced, high-performing team that thrives on pushing boundariesācontinuously evolving our products, services, and operations. At CUBE, we donāt just keep up we stay ahead.
š± We believe our future is built by bold, ambitious individuals who are driven to make a real difference. Our āmake it happenā culture empowers you to take ownership of your career and accelerate your personal and professional development from day one.
š With over 700 CUBERs across 19 countries spanning EMEA, the Americas, and APAC, we operate as one team with a shared mission to transform regulatory compliance. Diversity, collaboration, and purpose are the heartbeat of our success.
š” We were among the first to harness the power of AI in regulatory intelligence, and we continue to lead with our cutting-edge technology. At CUBE, You will work alongside some of the brightest minds in AI research and engineering in developing impactful solutions that are reshaping the world of regulatory compliance.
We are seeking an experienced Chief Information Security Officer to join our leadership team, reporting directly to the Chief Technology Officer. This critical role will shape and execute our information security strategy as we scale our RegTech platform and expand our customer base in highly regulated markets. You will be responsible for safeguarding the companyās information systems against evolving cyber threats. This includes ensuring the security of our diverse infrastructureāspanning private data centres, Office 365, and Azureāwhile maintaining best-in-class secure development practices and staying abreast of emerging AI security standards.
You will lead the development of a world-class security programme that not only protects our assets but also serves as a competitive differentiator for customers who demand the highest security standards.
Key Responsibilities
Strategic Leadership & Programme Management
Ā· Own and evolve the CUBE information security programme, aligning security initiatives with business objectives and regulatory requirements.
Develop and maintain a multi-year security roadmap that addresses current threats and anticipates future challenges.
Collaborate with internal stakeholders and external partners to deliver complex security projects from initiation to completion.
Lead secure development and AI security programmes, ensuring best practices are followed.
Define, track, and monitor information security KPIs to enable effective oversight.
Partner with the CTO to brief the CEO, Executive team, Board of Directors, and investors on information security posture, risks, and programme delivery.
Security Operations & Risk Management
Design, implement, and continuously improve a comprehensive enterprise information security programme, encompassing preventive, detective, and responsive controls.
Establish and maintain 24/7 security monitoring and incident response capabilities appropriate for a RegTech serving banking customers working with our outsourced MDR service.
Lead the response to security incidents and breaches, including investigation, remediation, and lessons learned.
Conduct regular risk assessments, vulnerability assessments, and security audits to identify and mitigate potential threats.
Manage relationships with external security vendors, consultants, and managed security service providers.
Ā· Oversee regular penetration testing of applications and infrastructure, including scoping, vendor management, and remediation tracking.
Compliance & Governance
Drive achievement and maintenance of critical certifications, including ISO 27001, SOC 2 Type II, and other relevant standards.
Establish and govern comprehensive information security policies, procedures, and standards aligned with industry best practices.
Support customer security assessments and due diligence processes, working closely with sales and customer success teams.
Maintain and improve our investor cyber security score and other investor-required security metrics.
Lead supplier onboarding and ongoing security assessment/assurance activities, supporting Legal, Procurement, and Finance teams as required.
Infrastructure & Cloud Security
Oversee security architecture and controls across our hybrid infrastructure including:
Multi-cloud environments (Azure primary, with AWS and GCP considerations)
On-premises data centres and colocation facilities
Endpoint security for 800+ devices across multiple geographies
Office 365 and Microsoft ecosystem security
Infrastructure as Code and DevSecOps practices including use of Kubernetes.
Partner with Infrastructure, TechOps, and Platform teams to embed security into all layers of our technology stack
Lead security aspects of M&A due diligence and integration activities
Team Development & Culture
Build, mentor, and lead a high-performing information security team
Foster a security-conscious culture across all CUBE teams through training, awareness programmes, and clear communication
Ensure all teams understand information security risks and their role in mitigation
Develop security champions across engineering teams to embed security thinking in daily operations
Required Experience & Qualifications
Essential Experience
10+ years of progressive experience in information security, risk management, and IT leadership roles
Proven track record of building and/or scaling information security functions in regulated firms, preferably in financial services or RegTech
Hands-on experience achieving and maintaining ISO 27001 and SOC 2 Type II certifications
Demonstrated success running the oversight of outsourced Security Operations Centre (SOC/MDR) and incident response teams
Experience managing and responding to security incidents in a dynamic global environment.
Experience delivering multi-year security transformation programmes in mid-to-large sized organisations (500-1000+ employees)
Strong background in cloud security, particularly Azure, with working knowledge of AWS and multi-cloud strategies
Deep understanding of regulatory compliance requirements in banking and financial services
Engagement in M&A Due Diligence and integration activities
Working in Private Equity backed businesses understand the pace and pressure associated with high growth.
Technical Competencies
Expert knowledge of security frameworks including ISO/IEC 27001, NIST Cybersecurity Framework, and CIS Controls
Proficiency in security technologies including:
SIEM/SOAR platforms
Identity and Access Management (particularly Microsoft Entra ID/Azure AD)
Endpoint Detection and Response (EDR)
Cloud Security Posture Management (CSPM)
Application Security and DevSecOps tools
Understanding of modern threats, attack vectors, and defensive strategies
Experience with Zero Trust architecture principles and implementation
Educational Background & Certifications
One or more professional certifications required:
CISSP (Certified Information Systems Security Professional)
CISM (Certified Information Security Manager)
CISA (Certified Information Systems Auditor)
Additional certifications valued: CCSP, Azure Security Engineer, AWS Security Specialty
Preferred - Bachelor's degree in Information Security or Computer Science.
Leadership & Soft Skills
Exceptional leadership abilities with experience managing diverse, distributed teams
Outstanding communication skills with ability to translate technical security concepts for executive and board audiences
Strong business acumen with ability to balance security requirements with business enablement
Proven ability to influence and build consensus across technical and non-technical stakeholders
Experience working with external auditors, regulators, and customer security teams
Cultural fit with fast-paced, scaling technology company environment
Interested?
If you are passionate about leveraging technology to transform regulatory compliance and meet the qualifications outlined above, we invite you to apply. Please submit your resume detailing your relevant experience and interest in CUBE.ā
CUBE is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees.
Other facts
About CUBE
CUBE is an established leader in Automated Regulatory Intelligence (ARI) and Regulatory Change Management (RCM). We deliver next-generation solutions that keep customers ahead of every-changing regulatory demands, enable them to reduce the risk of regulatory breaches or the propensity to miss regulations. The CUBE RegPlatform product portfolio is powered by a purpose-built regulatory AI engine (RegBrain). They track, analyse, and monitor laws, rules, and regulations in every country and in every published language to create an always up-to-date regulatory view.
With over 700 employees, a global footprint across six main hubs, we can support customer needs across all time zones and territories. CUBE has c.1000 customers in banking, insurance, asset and investment management, payments and associated industries.
What you'll do
- The Executive Head of Information Security will shape and execute the information security strategy, safeguarding the companyās information systems against cyber threats. This role includes leading the development of a comprehensive security program and ensuring compliance with regulatory standards.
Ready to join CUBE?
Take the next step in your career journey