Back to Jobs
London, United Kingdom On-site Full-time

Fresha is hiring a Head of Security

Responsibilities

  • Collaborate with executive leadership to define security strategy, providing technical insight and actionable plans that ground high-level direction.
  • Manage the security roadmap, including decisions on initiatives to pursue, delay, or discontinue, with clear justifications.
  • Determine optimal allocation of resources across tools, personnel, third-party services, and automation within strategic boundaries.
  • Communicate the security roadmap in a clear, business-relevant way to secure executive understanding and funding.
  • Implement and maintain security controls across endpoints, networks, cloud environments, identity systems, and applications.
  • Ensure security controls are effective through ongoing validation, not just periodic compliance checks.
  • Work closely with Engineering and IT teams to integrate security early in design and deployment processes.
  • Oversee regular external penetration tests for applications and infrastructure, ensuring findings are assessed and resolved.
  • Lead the vulnerability management program, covering scanning, risk ranking, response timelines, and remediation tracking.
  • Coordinate with Compliance leadership on audit-ready data, aligning issue resolution with evidence requirements.
  • Own the full incident response lifecycle, from detection through recovery and post-incident analysis.
  • Manage incident response operations, including on-call rotations, response playbooks, simulations, and supporting technology.
  • Serve as the central figure during active security incidents and lead transparent post-incident reviews.
  • Establish a threat intelligence function to collect, categorize, and utilize data from incidents, near misses, industry sources, and internal systems.
  • Develop a threat intelligence data repository that actively guides security decisions, planning, and training scenarios.
  • Conduct routine threat modeling, enhanced by AI-driven analysis of designs, code, and infrastructure changes.
  • Monitor emerging threats, particularly those involving large language models, such as prompt injection, model misuse, and AI-powered attacks.
  • Anticipate future threats to avoid being caught off guard by evolving attack trends within the next year.
  • Inform strategic planning with forward-looking insights and translate them into specific, actionable roadmap items.
  • Develop and maintain security training content, including phishing exercises, secure coding, incident response drills, and role-specific modules for sensitive data handlers.
  • Partner with Compliance on training delivery and scheduling, ensuring content remains technically accurate and threat-informed.
  • Ensure training delivers real value, equipping participants with practical knowledge beyond mere completion metrics.
  • Evaluate repetitive security tasks to identify automation opportunities in triage, alert processing, vulnerability assessment, and response workflows.
  • Maximize existing tools and bridge gaps with custom scripts, automated workflows, or AI where appropriate.
  • Leverage large language models responsibly for drafting, analysis, and automation while managing associated risks.

Work Arrangement

On-site — London

Other

  • This role requires working in person at the London office located at The Bower, 207-122, Old Street, London EC1V 9NR, five days a week, in a dog-friendly workplace designed to support collaboration.
  • All applicants will be considered fairly, without regard to race, color, religion, sex, sexual orientation, age, marital status, gender identity, national origin, disability, or other legally protected characteristics in the relevant jurisdiction.
  • Candidates with accessibility needs during the hiring process or upon joining are encouraged to inform the company so appropriate support can be provided.
About company
Fresha

Fresha is a platform that enables users to instantly book appointments at salons and spas nearby. The service connects customers with top-rated salons, barbers, medspas, wellness studios, and beauty experts worldwide.

For businesses, Fresha offers booking software and management tools to streamline operations, including appointment scheduling, customer relationship management (CRM), and point-of-sale systems. It supports salons and spas in managing their bookings, staff, and client interactions efficiently.

Fresha is trusted by millions globally and provides a free app for both customers and businesses to enhance the selfcare experience.

All jobs at Fresha Visit website
Job Details
Department Engineering – Security
Category other
Posted 2 months ago