Chief Information Security Officer

About Swap

Swap is the infrastructure behind modern agentic commerce. The only AI-native platform connecting backend operations with a forward-thinking storefront experience.

Built for brands that want to sell anything - anywhere, Swap centralises global operations, powers intelligent workflows, and unlocks margin-protecting decisions with real-time data and capability. Our products span cross-border, tax, returns, demand planning, and our next-generation agentic storefront, giving merchants full transparency and the ability to act with confidence.

At Swap, we’re building a culture that values clarity, creativity, and shared ownership as we redefine how global commerce works.

About The Role

We are seeking a highly experienced Chief Information Security Officer (CISO) to lead our global security, risk, and compliance strategy across the UK, Europe, and North America. This role is critical in ensuring we maintain best-in-class security standards while scaling rapidly and meeting enterprise customer expectations.

You will own our security posture end-to-end, including achieving and maintaining ISO/IEC certification, driving audit readiness, and embedding security into the fabric of the organisation.

Responsibilities

Security Strategy & Leadership

• Define and execute the global information security strategy aligned to business growth
• Serve as the executive owner of security risk management across all regions
• Report regularly to the executive team and board on security posture, risk, and compliance
  
  

• Own the end-to-end delivery and ongoing maintenance of ISO certification
• Lead all ISO audits, acting as primary interface with external auditors
• Manage ongoing surveillance audits and recertification cycles
• Build and maintain a scalable Information Security Management System (ISMS)
• Ensure audit readiness is continuous, not event-driven
• Drive remediation of audit findings and ensure closure of non-conformities within deadlines
  
  

• Ensure alignment with global compliance frameworks including:
• SOC 2
• GDPR
• NIST Cybersecurity Framework
• Lead internal audits and risk assessments across engineering, infrastructure, and corporate systems
• Partner with Legal, HR, and Engineering to embed security controls across all functions
  
  

• Oversee incident response planning and execution across global teams
• Define and enforce security policies, standards, and controls
• Ensure effective vulnerability management, penetration testing, and threat monitoring
  
  

• Partner with Engineering to embed security into architecture and SDLC
• Work closely with Product and GTM teams to meet enterprise customer security requirements
• Support sales and procurement processes for security reviews and questionnaires
  
  

• Proven track record as a CISO, Head of Security, or equivalent senior security leadership role in a high-growth technology company
• Extensive hands-on experience leading ISO/IEC 27001 certification programmes from gap assessment through to audit success
• Deep experience managing external ISO auditors, including successful Stage 1, Stage 2, and surveillance audits
• Strong understanding of ISMS design, governance, and operationalisation
• Experience scaling security and compliance across multi-region environments (UK, EU, North America)
• Familiarity with SOC 2, GDPR, and other enterprise security frameworks
  
  

• Experience in Series B–pre-IPO or high-growth SaaS environments
• Prior success preparing organisations for enterprise customer security requirements
• Cloud-native security experience (AWS, GCP, Azure)
• Experience building or scaling security teams from early stage to maturity
• Automation of compliance, audit readiness, and security reporting processes
  
  

• Achieves and maintains ISO 27001 certification with no major audit findings
• Builds a continuous compliance model, not reactive audit preparation
• Enables enterprise sales through strong security posture and trust
• Establishes a scalable, well-documented ISMS that supports rapid growth
• Reduces security risk while enabling speed of engineering delivery