At FrankieOne, where we revolutionise identity verification and onboarding to be swift, seamless, and scalable, your role as Head of Information Security is crucial. You will ensure that our platform and supporting infrastructure is well protected against external threats, is secure by design and that a strong general security awareness is maintained throughout the organisation. You will provide and execute on a range of security and compliance matters, and further develop FrankieOne’s highly regarded and trusted platform. 

We are seeking an experienced InfoSec leader to take over and lead the security, risk and compliance posture of our organisation. The ideal candidate will have a strong technical background in cybersecurity ideally in cloud-based SaaS businesses, a proactive and commercial approach to identifying and mitigating risks, with the ability to collaborate effectively with cross-functional teams. This role offers an exciting opportunity to play a key role in shaping the security strategy of a growing startup. 

Reporting to the CFO, the Head of Information Security will be responsible for maintaining and further developing our cyber security and resilience strategy and supporting programmes. You will also ensure we maintain our ISO 27001 compliance and SOC 2 audits, building upon these foundations to take FrankieOne’s security posture into the future. 

Your Ticket to Success: Be an advocate. 

For FrankieOne, for the product, for our people, and for our values. 

You must possess exceptional technical expertise in cybersecurity, coupled with strong leadership, strategic and commercial thinking skills. You should be adept at risk management, incident response, and regulatory compliance, particularly within the context of ISO 27001, SOC 2 and both Australian and international data privacy regulations. Effective communication skills are essential, as the Head of InfoSec must liaise with other senior management, stakeholders, and regulatory bodies. Additionally, a deep understanding of the latest cybersecurity threats and trends, as well as the ability to implement robust security frameworks and policies, is crucial. 

Key Responsibilities 

• Develop and implement a comprehensive information security strategy. 
• Manage and monitor cybersecurity systems and tools with the support of your team. 
• Lead review and ensure compliance with financial and privacy regulations and standards. 
• Lead and ensure the appropriate response to security incidents and breaches, including forensic investigations. 
• Conduct regular security audits and assessments to identify vulnerabilities.
• Collaborate with People, Product, Engineering, IT and other departments to ensure security is integrated into all business processes. 
• Provide a pragmatic and commercial lens when reviewing security and product decisions. 
• Evaluate and manage vendors, suppliers and service partners to maintain high standards of security, including contracts and SLAs include appropriate security terms. 
• Provide regular updates to senior management on security status and risks.
• Manage the information security budget and resources effectively. 
• Train and educate employees on cybersecurity best practices. 
• Establish and maintain relationships with regulatory bodies and industry organisations. 

In a Previous Life You Have

• Extensive experience in information security management, preferably in the banking / finance or identity verification industry in a SaaS growth business. 
• Proven track record of developing and implementing security policies and procedures. 
• Deep knowledge of Australian cybersecurity regulations and financial industry standards. 
• Experience with risk management, incident response, and forensic investigations.
• Strong leadership experience with the ability to manage and develop a security team. 
• Familiarity with the latest cybersecurity threats, technologies, and trends.
• Experience with compliance frameworks such as ISO 27001, SOC 2, NIST, and PCI-DSS. 
• Demonstrated ability to communicate complex security concepts to non-technical stakeholders. 
• Proven ability to manage security budgets and resources efficiently. 
• A relevant certification such as CISSP, CISM, or CISA is highly desirable.
• Experience working in a startup or agile product environment is highly desirable.