Head of Information Security

Head of Information Security

Location: London / New York (Flexible)
Type: Full-time
Reports to: CEO

About Cornspring

Cornspring is redefining data solutions for Family Offices, Asset Owners, and UHNW clients. Our AI-powered platform integrates, validates, and secures private financial data, allowing intelligent insights via Gen-AI and LLM-based conversations.

Security and privacy are non-negotiable for our clientele, and we are committed to the highest level of security on our platform, our client data, and our internal systems.

We are looking for an exceptional Head of Information Security to design, implement, and oversee our security strategy. This is a critical hire to ensure that our systems, internal networks, employee devices, and cloud infrastructure remain resilient against threats while aligning with stringent regulatory and client security expectations.

Key Responsibilities

• Security Strategy & Leadership
• Define and execute a security strategy that aligns with Cornspring’s business and regulatory requirements.
• Ensure security is embedded into all aspects of our data platform and Gen-AI website.
• Advocate for security at the leadership level, influencing key technology decisions.
• Cloud & Infrastructure Security
• Oversee security architecture for our AWS-native environment, including Bedrock AI, Lambda, RDS, and networking.
• Implement best practices in identity and access management (IAM), encryption, logging, and monitoring.
• Lead security reviews of our Gen-AI models and APIs to prevent misuse or data leakage.
• Application & Data Security
• Secure our API's, Excel add-in, Gen-AI interfaces, and client data pipelines.
• Conduct regular penetration testing, code reviews, and threat modelling for all applications.
• Implement robust data governance, DLP (Data Loss Prevention), and encryption policies to safeguard sensitive client data.
• Threat Intelligence & Incident Response
• Build and run a 24/7 security monitoring and incident response process.
• Develop playbooks for responding to zero-day vulnerabilities, ransomware, phishing, insider threats, and AI-based attacks.
• Engage with security researchers and forums to stay ahead of emerging threats.
• Regulatory & Client Compliance
• Ensure compliance with ISO 27001, SOC 2, GDPR, UK/EU regulations, and US data laws.
• Develop security documentation, due diligence support and audits required by Family Offices and institutional investors.
• Work closely with legal, compliance, and operations to ensure security controls meet client expectations.
• Internal Security & Employee Training
• Secure internal networks, personal employee devices, and access policies.
• Implement zero-trust security principles across the organization.
• Develop internal policies and conduct regular security awareness training for all employees, ensuring best practices in handling sensitive data.

What We’re Looking For

• Experience:
• 10+ years in cybersecurity, cloud security, and risk management.
• Proven track record leading security for AI, SaaS, or data-heavy financial platforms.
• Deep expertise in AWS security services, including GuardDuty, KMS, WAF, IAM, and AWS Organizations.
• Experience securing APIs, and AI data pipelines.
• Technical Skills:
• Expertise in offensive and defensive security strategies, including ethical hacking, red teaming, and forensic investigations.
• Strong understanding of encryption, key management, zero-trust architectures, and multi-cloud security.
• Hands-on experience with SIEM, SOAR, EDR, and cloud-native security tools.
• Familiarity with regulatory frameworks (SOC 2, GDPR, UK DPA, US SEC/CFTC regulations).
• Mindset & Attributes:
• Security-first mentality with a paranoia-driven approach to protecting high-value data.
• Ability to communicate complex security issues to non-technical stakeholders (clients, leadership, regulators).
• Strategic thinker who can balance business needs with security priorities.
• Comfortable in a high-performance, fast-scaling start-up environment where agility is key.

Nice-to-Haves

• Certifications: CISSP, CISM, CISA, OSCP, AWS Security Specialty, or similar.
• Experience working with Family Offices, Asset Owners, UHNW clientele, or financial institutions.
• Understanding of AI security threats, including adversarial attacks on LLMs and model hallucinations.

Why Join Cornspring?

• Work at the cutting edge of AI-driven financial data security.
• Join a fast-growing, high-impact company with a security-first culture.
• Directly influence the security posture of a high-stakes financial technology platform.
• Competitive compensation, including equity options, performance bonuses, and a leadership role in shaping the company’s future.