Head of Information Security

About Diesta:

Diesta is building the next-generation payment processor for the global insurance industry. We are a fast-growing startup solving complex data challenges for top-tier insurers and brokers across the UK, EU, and soon the US. Our platform transforms how insurance payments are managed, making them faster, smarter, and more transparent.

The Role:

The Head of Information Security & Compliance is responsible for maintaining and advancing Diesta's global security and compliance posture. The role oversees all activities related to information security, regulatory compliance, and risk management, ensuring Diesta operates securely, ethically, and in line with evolving international standards.

This role will lead the company's compliance frameworks (ISO 27001, SOC 2, etc.), manage operational security activities, and serve as a bridge between technology, governance, and commercial teams. The position may evolve into or report alongside a formal Chief Information Security Officer (CISO) function as Diesta expands internationally.

Key Responsibilities:

Information Security Leadership

• Own and develop Diesta's information security strategy and frameworks (ISO 27001, SOC 2, GDPR security controls).
• Lead incident response and vulnerability management, ensuring rapid detection, containment, and resolution of security events.
• Oversee DevSecOps operations, ensuring secure development practices, infrastructure monitoring, and ongoing compliance with security standards.
• Manage customer and partner security due diligence, including completion of security questionnaires and audits.
• Maintain Diesta's Trust Vault and public security documentation.

Compliance & Governance

• Lead all internal and external audits for ISO 27001 and SOC 2 certifications.
• Oversee risk management processes, maintaining Diesta's enterprise risk register and ensuring mitigation plans are tracked and completed.
• Implement continuous compliance monitoring using tools such as Scrut or similar platforms.
• Coordinate annual reviews of vendor and third-party compliance.
• Deliver compliance and security awareness training across the company.

Regulatory & Operational Compliance

• Manage compliance with key regulatory frameworks (PSD2, FCA readiness, etc.) and liaise with relevant regulators or external consultants.
• Support the future evolution of the MLRO and financial crime function, ensuring consistent standards.
• Oversee creation and maintenance of policies, procedures, and governance documents supporting compliance readiness.

Collaboration & Leadership

• Work closely with the Head of Legal & Data Protection to ensure alignment across privacy, legal, and security domains.
• Advise executive leadership on risk trends, upcoming regulations, and investment priorities.
• Support customers, partners, and auditors with evidence, reports, and responses.

Requirements:

• 7+ years' experience in information security, compliance, or risk management roles.
• Demonstrated experience maintaining ISO 27001 or SOC 2 Type II certifications.
• Knowledge of GDPR, PSD2, and general SaaS compliance frameworks.
• Familiarity with DevSecOps and cloud infrastructure security (AWS, Azure, or GCP).
• Excellent communication and stakeholder management skills.
• Relevant certifications desirable (CISM, CISSP, ISO 27001 Lead Implementer, etc.).

Why join Diesta?

• Be part of a venture-backed fintech rethinking how $10 trillion in insurance payments move globally
• Join a fast-paced environment that allows you to fully commit yourself to a meaningful challenge
• Competitive salary, meaningful equity, and the chance to shape the culture and direction of our engineering organization from the ground up
• A culture of high trust, low ego: we value
  competence

,
commitment

, and
transparency

.

Benefits:

• Hybrid work model with a central London office (London Bridge / Monument)
• Private healthcare insurance
• Regular team lunches and international offsites
• State-of-the-art technical equipment
• 22 days annual leave (excluding bank holidays)

Interview Process:

1. Intro Call

with our Chief of Staff to explore your background and aspirations.
2. Technical Interview
3. Onsite Workshop

at our London office, collaborate with the team and experience our culture first-hand.

Interested in solving real-world data problems and shaping the future of insurance payments?

Apply now to join Diesta