Head of IT & Security
Role details
Job location
Tech stack
Job description
As Head of IT & Security, you are accountable for how Motorway manages technology risk, cyber security, and operational IT as the business scales. This is not a compliance-first or tool-driven role. It is a senior leadership role focused on reducing real business risk while enabling speed, productivity, and profitability.
You will own Motorway's security posture end-to-end, spanning software and cloud risk, monitoring, and incident response, while also leading the core IT capabilities that underpin how teams work every day. This includes identity and access, internal platforms, service tooling, and the reliability of systems and tooling that support customer operations (across seller and dealer teams) and corporate functions.
You will work closely with Engineering, Product, Legal, Finance, People, and the executive team to make clear, proportionate decisions about risk, reliability, and investment, ensuring security and IT scale in step with the business. This role exists because Motorway is growing quickly, and security and operational IT must evolve without slowing the business down.
The Head of IT & Security reports directly to the Chief Operating Officer, James Wilson, reflecting the importance of security and IT as core business enablers at Motorway., This role is responsible for reducing technology and security risk while keeping Motorway fast, productive, and scalable. You will lead through influence, make explicit trade-offs, and ensure security and IT decisions are grounded in real business impact.
Security, Risk & Resilience
- Own Motorway's security strategy and execution, acting as the accountable owner for cyber, fraud, and data risk
- Clearly articulate risk, impact, and trade-offs to senior leadership, prioritising effort where it materially reduces business impact
- Operate a unified incident response and resilience model, ensuring fast triage, clear ownership, effective communication, and continuous improvement through post-incident learning
Secure Engineering & Software Risk
- Partner closely with Engineering to embed security into development workflows
- Drive adoption of security tooling and patterns within pipelines, infrastructure templates, and application standards
- Ensure software and API security risks are understood, prioritised, and addressed in proportion to risk
Monitoring, Detection & Response
- Own security monitoring and detection across cloud, applications, and identity, with a focus on signal quality and measurable outcomes
- Use automation and AI-assisted approaches to scale visibility, reporting, and response without scaling headcount
IT & Platform Foundations
- Lead core IT and platform capabilities that underpin secure access, identity, endpoints, and employee productivity
- Ensure controls are reliable, proportionate, and support secure defaults while maintaining a strong employee experience
IT Service Delivery & Support
- Own the reliability and effectiveness of IT service delivery, including end-user support, incident handling, and request fulfilment
- Ensure IT support is responsive, well-prioritised, and aligned to business impact
- Ensure clear ownership, escalation paths, and service standards so issues are resolved quickly without unnecessary process
- Continuously improve IT operations and tooling to reduce friction for teams as Motorway scales
Operational tooling & business systems
- Work closely with operational teams to improve tooling and workflows
- Ensure systems are well integrated, appropriately controlled, and resilient as the business scales
- Set clear expectations for access, data handling, and vendor assurance across operational systems
Leadership & collaboration
- Lead and develop a high-impact IT & Security team, setting clear priorities
- Build strong working relationships with Engineering, Product, Legal, Finance, and People to align security decisions with business goals
- Manage key security, IT, and operational tooling vendors, ensuring value is extracted from existing investments and risks are well understood
- Own and manage the IT & Security budget, making explicit trade-offs and maximising return on spend
Requirements
Do you have experience in Leadership?, This role requires a senior leader who combines strong security and IT judgement with exceptional communication and influence. You should be comfortable operating in a fast-moving environment, making pragmatic decisions, and aligning diverse stakeholders around clear priorities and outcomes.
- Strategy: Ability to set and communicate a clear security and IT strategy aligned to business goals, translating risk, growth plans, and constraints into a prioritised roadmap over multiple horizons
- Leadership: Proven experience leading security and/or IT functions in a high-growth, technology-driven environment
- Judgement: A pragmatic, outcome-driven mindset with a strong sense of ownership and high business judgement
- Decision-making: Experience leading security and technology in a scaling, product-led environment, making clear risk-based trade-offs between speed, impact, and investment
- Expertise: Strong understanding of modern security challenges across cloud platforms, software and API security, identity, monitoring, and incident response
- Composure: Comfortable leading through incidents and ambiguity, with the judgement to act decisively when risk is high
- Influence: Able to influence engineering teams and senior stakeholders, driving decisions and trade-offs through trust, credibility, and shared outcomes rather than authority
- Communication: Exceptional communicator who can translate complex technical risk into clear, relevant decisions for executives, engineers, and non-technical teams, adapting depth and language to the audience
