Cybersecurity Lead

Title:   Cybersecurity Lead
Location:  UK Remote
Salary: £90,000- £120,000 + 10 % Bonus

About PetLabCo.

PetLabCo. is the world leader in the DTC pet supplement market with 50%+ market share, 9-figure revenue, and rapidly growing globally. Our team is vibrant, fast-moving, and customer-driven where high-performers are valued and rewarded. It’s the ideal place for an ambitious, security-minded professional who wants to have outsized impact, fast.

The Role
This is a business-critical role. As Cybersecurity Lead, you will be the owner and enforcer of PetLabCo’s security policies, standards, and practices. You will be fully responsible for protecting our systems, data, and people from cyber threats. That means not only designing the roadmap, but ensuring compliance, enforcing policy adoption, and driving accountability across the business.

You’ll run annual security audits, penetration testing, and board-level reporting, while continuously improving controls and resilience. You will also play a strategic role: acting as a key advisor to senior leadership, aligning security priorities with business objectives, and ensuring governance, compliance, and regulatory requirements are met. Put simply, you will be the central authority on security at PetLabCo — the final word on how we keep the company secure.

A Day in the Life…
Reporting to the Director of Engineering, you’ll be our first dedicated Cybersecurity Lead. You’ll partner closely with IT, DevOps, Data, Backend, and Frontend teams while also engaging with senior leadership to ensure visibility, alignment, and accountability.

Your day to day will look a little bit like this…

• Own and deliver the company-wide cybersecurity roadmap aligned to frameworks (e.g., NIST/ISO 27001). • Act as the policy owner and enforcer, ensuring compliance across all teams and functions.
• Standardize SSO/MFA and improve identity and access management, including privileged account controls. • Strengthen endpoint and device security through hardening, patching, and mobile/USB controls.
• Lead adoption of MDR/EDR and a SIEM for detection, monitoring, and response. • Improve network and cloud security with segmentation, Zero Trust, firewall reviews, and AWS/M365 hardening.
• Embed data protection and DLP policies, with clear retention and external sharing controls. • Ensure backup, recovery, and DR plans are tested and resilient to ransomware.
• Lead annual audits, penetration tests, and tabletop exercises, with reporting to Board and Exec teams. • Build strong relationships across the business to ensure security alignment, efficiency, and accountability.
• Establish governance processes for change management, asset visibility, and vendor security reviews.

What You Need…

• 10+ years of experience in cybersecurity or information security roles.
• Strong knowledge of security frameworks (e.g., ISO 27001, NIST, GDPR compliance).
• Professional certification such as CISSP (required); additional certifications (CISM, CCSP) desirable.
• Hands-on experience with IAM, PAM, EDR/MDR, SIEM, device management, and cloud security.
• Track record of enforcing policies, driving compliance, and leading audits/penetration testing.
• Proven ability to work effectively with senior leadership and provide clear security reporting at Board level. • Excellent communication skills with the ability to engage both technical and nontechnical stakeholders.

• Proactive self-starter who thrives in a fast-paced, high-growth environment.

Core Competencies.

• Security and Risk Management
• Asset Security
• Security Architecture and Engineering
• Communications and Network Security
• Identity and Access Management
• Security Assessment and Testing
• Security Operations

Desirable

• Experience securing eCommerce and customer-facing digital platforms.
• Familiarity with DevSecOps practices and secure software development lifecycle.
• Experience leading global security programs and cross-functional teams.
• Prior leadership of incident response, tabletop exercises, and DR tests.
• Knowledge of compliance requirements in payments and data protection (e.g., PCI DSS, CCPA).