Virtual CISO

Our Story

Hello there. We’re Zopa.

We started our journey back in 2005, building the first ever peer-to-peer lending company. Fast forward to 2020 and we launched Zopa Bank. A bank that listens to what our customers don’t like about finance and does the opposite. We’re redefining what it feels like to work in finance. Our vision for a new era of banking puts people front and centre — we’ve built a business that empowers everyone to aim high, every day, to move finance forward. Find out more about our fantastic offerings at Zopa.com !

We’re incredibly proud of our achievements and none of it would be possible without the amazing team here. It’s not just industry awards we’re winning, we’ve also been named in the top three UK’s Most Loved Workplaces.

If you embrace unconventional challenges, are unafraid to think differently and are driven to make an outsized impact, you’ll thrive here at Zopa, so join us, and make it count. Want to see us in action? Follow us on Instagram @zopalife

We’re looking for a Virtual Chief Information Security Officer (vCISO) to partner with us over the next 6–12 months.

You will provide strategic leadership, independent oversight, and expert guidance on Zopa’s information security posture. You will help us evolve and mature our security strategy, controls, and operating model, ensuring we remain secure, compliant, and able to move at pace.

You will work closely with our existing leadership, advising and challenging them to enabling them to deliver a best-in-class security function.

We're looking for a pragmatic leader to helping us balance speed and innovation with strong security and regulatory expectations.

Ideally this individual will partner with us 1-2 days per week, initially with a commitment of 6-months, but this could extend and evolve.

What you'll be doing

Shape and Evolve Security Strategy

• Advise on Zopa’s information security strategy, ensuring alignment with business goals and regulatory expectations

• Advise on the security roadmap to mature capabilities over the next 12–24 months

• Advise on prioritisation of security investments and initiatives

Provide Independent Oversight and Challenge

• Assess current controls, identify gaps, and recommend pragmatic improvements

• Support governance forums with clear, actionable reporting and insight

Strengthen Security Operations & Resilience

• Review existing security operations, incident response, and vulnerability management capabilities

• Advise on improvements to detection, response, and recovery processes

• Support readiness for high-impact incidents, including tabletop exercises and crisis simulations

Enable Secure Product Development

• Provide guidance on application security, threat modelling, and secure development lifecycles

• Advisory on balancing security requirements with product velocity

Regulatory & Compliance Advisory

• Provide guidance on regulatory expectations and industry best practices (e.g. ISO 27001, PCI DSS, GDPR)

• Ensure a proportionate, risk-based approach to compliance

Security Governance & Risk Management

• Review and enhance risk management frameworks and processes

About you

• Proven experience as a vCISO, or factional senior security leader in a product-led or tech-led environment.

• Strong track record of advising on cyber risk and security strategy

• Deep knowledge of security frameworks and standards (e.g. NIST, ISO 27001, PCI DSS, GDPR)

• Experience assessing and maturing security functions in scaling organisations

• Experience supporting regulatory engagement, audits, and incident response at senior level

• Excellent communication with the ability to challenge and advise constructively

• Pragmatic and balanced in view and approach

• Comfortable operating in a hands-on advisory role without ownership of execution and delivery

At Zopa we value flexible ways of working.

We value face-to-face collaboration and a good work-life balance. This hybrid role requires you to come to our London office 2-3 days a week.

You'll also have the option of working from abroad for up to 120 days a year!* But no matter where you are, we’ll make sure you’ve got everything you need to thrive, both in your work and home life, from day one.

*Subject to having the right to work in the country of choice

Diversity Statement

Zopa is proud to offer a workplace free from discrimination. Diversity of experience, perspectives, and backgrounds leads to better products for our customers and a unique company culture for our people. We are made up of nearly 50 nationalities, have a DE & I forum made up of Zopians wanting to make a difference and we are proud of our culture where everyone can bring their full self to work. Our approach to DE & I is reflected in our hiring process so please let us know if you require any reasonable adjustments.

Key responsibilities

• Advising on Zopa’s information security strategy, ensuring alignment with business goals and regulatory expectations.
• Assessing current controls, identifying gaps, and recommending pragmatic improvements to enhance security posture.
• Reviewing existing security operations, incident response, and vulnerability management capabilities, and advising on improvements.