Head of Cyber Security

Hi, we're PEXA

We know you'll Google us before applying, so let's keep this brief. PEXA revolutionised the way that property is settled in Australia, turning a paper-based process into a digital one. Our solution is a world-first, with over 500 people across Australia and an expanding international team, we're helping 20,000+ families into their homes each week.

We're passionate about solving problems for our customers – always striving to set the standard for how property is bought and sold. Being awarded as one of the best places to work in Australia is a recognition of our culture and commitment to innovation, customers and our community.

We're growing fast, that is where you come in.

We believe our success in Australia is worth sharing and that our proven technology will advance how the UK buys and sells homes.

Establishing ourselves within the UK in late 2020, we are committed to collaborating with lawyers, conveyancers, lenders, government and the property industry, to set the new standard for both remortgages and buying and selling property.

Why become a PEXArian?

Great question Being a PEXArian is so much more than just a job. We're a passionate, motivated and unashamedly enthusiastic bunch at PEXA – we love what we do and we're proud to admit it Creating brilliant experiences for our members and their clients wouldn't be possible without ensuring we deliver an exceptional employee experience.

Here's a snapshot of what your life at PEXA could look like:

Your growth:

We encourage you to hit your personal and professional learning and development goals with our tailored programs and tools.

Your wellness:

We care about your holistic wellbeing

Your work/life blend:

We know that work is just one aspect of your life – we want to help you create your ideal work/life blend, rather than squeezing in life around work.

As the Head of Cyber Security at PEXA UK, you'll play a key role in protecting the digital backbone of our business. Working closely with the UK CTO, Group CISO in Australia, and the PEXA UK leadership team, you'll define and drive the security strategy, standards, and posture across our three UK brands: PEXA UK, Smoove, and Optima Legal.

You'll lead our Security Operations (SOC), Security Engineering, and Information Security and Governance functions, covering everything from incident response and secure architecture to audits, lender assurance, and compliance with ISO 27001 and FCA requirements.

This is a senior leadership role offering the opportunity to define security strategy, strengthen governance, and protect critical systems, data, and operations. You'll shape how we manage threats, embed secure-by-design principles, and foster a culture of security awareness across the organisation.

You'll also collaborate closely with technology, legal, risk, and operations teams, as well as external partners, to ensure alignment and resilience, making cyber security a trusted enabler for our customers and colleagues

Our Ethos

We believe cyber security should be understood, embraced, and loved, not feared. Our job is to make it simple and part of how everyone works.

Key Responsibilities

Leadership and Strategy

• Define and deliver the UK cyber security strategy and roadmap aligned with business and group objectives
• Act as the senior security authority for PEXA UK, Smoove, and Optima Legal
• Partner with the Group CISO, UK CTO, and Risk functions to align frameworks and initiatives
• Lead and mentor a multi-disciplinary team across SOC, engineering, and information security
• Represent UK security priorities in leadership forums, lender assurance discussions, and governance reviews

Security Operations and Governance

• Oversee SOC operations ensuring timely threat detection, response, and resolution
• Continuously improve detection and response capabilities using Cortex XDR, Abnormal Security, Splunk, and Nucleus
• Manage vulnerability management end-to-end, from scanning and prioritisation to remediation tracking
• Coordinate with third-party partners such as Blazeguard and CCX to ensure effective service delivery
• Oversee secure configuration, endpoint management, and patch compliance across hybrid environments including Azure and AWS
• Own the UK information security framework and assurance programs including ISO 27001, FCA standards, SOC audits, and lender assurances
• Maintain and evolve security policies, standards, and control frameworks
• Lead audit preparation, evidence collection, and control testing for certifications and partner reviews

Collaboration and Culture

• Build strong partnerships across engineering, IT, legal, HR, and operations to embed security in everyday practices
• Provide input on vendor assessments and third-party risk management
• Promote a culture of security awareness through training, phishing simulations, and education programs
• Report on cyber risk, maturity, and incidents to senior leadership with transparency and continuous improvement

Key Skills

Key Skills

• Proven experience leading cyber security operations in a regulated or financial services environment (FCA exposure preferred).
• Strong understanding of security governance, assurance frameworks, and audit processes (ISO 27001, NIST, GDPR, Cyber Essentials Plus).
• Experience with modern security tooling such as:

o   Cortex XDR / Palo Alto Networks o   Splunk (SIEM and dashboarding) o   Abnormal Security (email security) o   Prisma Cloud (cloud security posture management) o   Airlock (application and API security) o   Nucleus (vulnerability management and reporting)

• Deep knowledge of incident response, threat hunting, and vulnerability management.
• Excellent stakeholder management and communication skills — able to explain complex risks in simple terms.
• Experience building and mentoring high-performing teams across technical and governance functions.
• Confident working in partnership with global teams and external partners to deliver consistent, secure outcomes.

£90,000 - £110,000 a year

Sounds like you?

We at PEXA are ready so if this role sounds like you apply today.

To be conducted as part of post offer employment checks:

The personal information we have collected from you will be shared with Cifas who will use it to prevent fraud, other unlawful or dishonest conduct, malpractice, and other seriously improper conduct. If any of these are detected, you could be refused certain services or employment. Your personal information will also be used to verify your identity. Further details of how your information will be used by us and Cifas, and your data protection rights, can be found at [Cifas].

GDPR Compliance

Digital Completion UK Limited (trading name "PEXA"), Optima Legal Services Limited (trading name "Optima Legal") and Smoove Limited (a holding company which comprises of the following wholly owned trading Subsidiary companies: United Legal Services Limited, United Home Services Limited, Legal-Eye Limited, and Amity Law Limited) are all owned directly by DigCom UK Holdings Limited, which is a wholly owned Subsidiary of PEXA Group Limited in Australia (ACN ; ASX: PXA) (referred to collectively as "PEXA Group").

When we process your applicant personal data for recruitment purposes, we do so as a controller. If as part of the recruitment process, we share your personal data with another company within the PEXA Group, that company may process your personal data as either an independent controller or, in certain circumstances, a joint controller. By applying for this role, you consent to us processing your personal data in accordance with the UK General Data Protection Regulation ("UK GDPR") and the Data Protection Act 2018, and further information can be found in our privacy notice

#PEXAUK

---