The Role

At Cognism, the security of our data, our systems and our clients’ systems is a business priority. Information security is embedded in the way we work, and we are driving a culture where the fastest path is the securest path. As the function continues to mature, we are now hiring for a Director of Security Engineering & Operations to report directly to our CISO. In this role you will own and drive the technical security strategy for Cognism’s web and data products, as well as our corporate environment. You will be responsible for designing a security programme that protects our most sensitive assets: our data, our data fusion engine and the logic that powers it. As a trusted partner to our R&D leadership team you will help to define and drive the long-term security engineering maturity roadmap, driving alignment across engineering leaders, product leadership and IT. If you’re energised by the idea of shaping measurable security processes and controls, from the ground up, aligning engineering around secure-by-design principles, and elevating operational excellence, then this is the role for you. This is a rare opportunity to define the technical security vision for a dataintensive product at a moment where AI, scale, and engineering velocity are creating new and exciting challenges. You will shape how Cognism builds securely for the next decade.

What success looks like

Within 12 months, you will have:

• Delivered a unified security engineering roadmap aligned with engineering leadership.
• Matured secure SDLC adoption across Web and Data engineering.
• Improved MTTD/MTTR through stronger SOC operations.
• Invested in and mentored a team with clear ownership, KPIs, and engineering trust.
• Reduced engineering friction by creating pragmatic, developerfriendly guardrails

What You'll Own

Security Strategy & Engineering Integration

• Define and own Cognism's technical security strategy that seeks to embed security-by-design within our web and data products, our data fusion engine and pipelines, and our corporate landscape. You will drive a strategy that is pragmatic, risk-ranked, and aligned to engineering velocity.
• Work directly with product and technology leadership as a strategic partner. You will drive ownership and accountability, clearly agreeing ways of working between your team and product and technology teams.
• Set and direct a secure SDLC strategy that engineers engage with, coaching and mentoring our application security engineer with running our threat modelling program, embedding security in CI/CD, and iteratively improving our vulnerability management processes.
• Partner with engineering leadership to ensure risk-driven supply chain management across our product, ensuring what we bring in doesn't undermine what we protect.
• Work directly with our Director of IT operations to ensure our corporate security posture is mitigating risk and empowering our employees to be as secure as possible, through guardrails that protect unacceptable risk but don’t stifle innovation.

Data & AI Security

• Partner with our VP of Data Engineering to strengthen the security of our enrichment engine, data pipelines, and warehouse ecosystems.
• Direct a strategy that considers security across the full data stack - from ingestion through to the warehouse - with a focus on access governance, data classification, and secrets management as non-negotiables.
• Define how Cognism embeds AI securely as LLMs and agentic workflows move deeper into the product and our technology teams’ operations.
• Partner with our CISO to shape and implement an AI security posture that is embedded in strong security foundations, helping us stay ahead of the threat landscape rather than reacting to it.

Detection, Response & SOC Partnership

• Own the strategic relationship with our 24/7 outsourced SOC holding them to a high standard on threat hunting, threat intelligence utilisation, and automated response, not just SLA compliance.
• Ensure Cognism has a holistic, well-maintained SIEM that reflects how we operate and improves continuously as the threat landscape evolves.
• Build the internal team into a trusted escalation layer, with clear incident response playbooks, rehearsed escalation paths, and a feedback loop that sharpens detection over time.

Team & Culture

• Lead a team of application and infrastructure security engineers, setting the standard for technical excellence and deep partnership with their engineering counterparts.
• Build a security culture where developers raise security questions early, understand threat models, and own remediations, not because policy requires it, but because the culture makes it natural.
• Be the security leader Cognism's engineers want in the room: credible enough to be trusted, collaborative enough to be included, and strategic enough to make it count.

What We Need

Leadership & influence

• Demonstrated experience building security programmes from scratch or transforming them significantly in a product-led, engineering-first company.
• A track record of influencing engineering culture and earning trust, not enforcing it.
• Experience managing external security partners, (e.g 24/7 Security Operations Centre, penetration testing 3rd parties) and raising their performance through clear accountability, not just contract reviews.
• Able to communicate risk in business terms to exec and board audiences, and technical terms to engineers, without losing precision in either direction.

Technical foundation

• Strong AppSec expertise (OWASP, API security, SAST/DAST, SDLC) with practical threat modelling experience – enough to challenge and coach our most senior application security engineers.
• Handson understanding of data security, cloud data warehouses, and pipeline integrity – enough to ensure we are driving the right programme of work across our technology department.
• Cloud security fluency with working knowledge of container and Kubernetes security, IAM design, and cloud-native security tooling – enough to clearly identify, prioritise and challenge solutions for implementing security in our cloud environment.
• Working knowledge of AI/LLM security risks: enough depth to assess integrations, define guardrails, and evolve the programme as the technology does.

Mindset

• Risk-based by instinct: prioritises based on both technical and business impact
• Builder mentality: energised by creating structure where there isn't any, pragmatic about sequencing, and focused on outcomes over coverage.
• Genuinely curious about AI, not just its security risks, but its potential to improve how security is done.