Security Governance Lead

The Zonal group are one of the UK’s largest technology providers to the hospitality industry.

Our products are used by over 16,000 pubs, restaurants and hotels.  Customers include national brands like Pizza Express, JD Wetherspoons and All Bar One. 


We provide our customers with the solutions they need to make their business a success. 

These solutions include mobile apps for ordering and web apps for engaging with consumers either through loyalty or reservations. By linking these solutions to Zonal’s EPoS (till) system, we help hospitality brands to understand their customers’ behaviour and preferences, enabling them to excel in an increasingly competitive market. 


We’re looking for dynamic individuals who share our passion for driving innovation and using technology to build better businesses. We’re going on an exciting journey, and we need more like-minded travellers to help us get there! 

What you’ll do

You will work within Zonal’s Security team delivering support and vulnerability remediation within the wider R&D/Dev space. The main focus of the role is to deliver quality security engagements, offer sound advice and support technical areas with Security and GDPR.


This role is ideal for an experienced I.T. professional who may have had exposure to Testing or Security disciplines who combines technical delivery with a strong ability to translate technical issues into clear business related impact. Ideally the individual will be working towards a network security qualification, Certified Ethical Hacker, CREST Certified Web Application Tester or CREST Certified Infrastructure Tester or equivalent (OSCP). Zonal are happy to support you on this journey.


We pride ourselves on our ability to engage the business and educate them; as such the candidate must have a decent level of I.T. technical ability and share our passion for information security. The individual will be experienced in the delivery of security assurance, vulnerability management and/or security issues and combined with their problem solving abilities, the output from a range of tools and their own knowledge of networking and systems.


The individual will also have the ability to understand the consequence and relative importance of findings within the context of the system under test. They will be able to understand the broader threat environment and using this knowledge articulate findings and key risks, clearly and concisely. The individual will be able to deliver key messages to different audiences, from technical development teams to senior non-technical management teams.


Passion for security is a key attribute; the team are security geeks and love what they do. We engage the business in CTFs, Red Team events and training. You will have the opportunity to attend conferences such as DEF CON.

Who you are


The role will to lead our compliance and security vulnerabilities remediation with agreed customer SLAs. Drive business processes and compliance monitoring.


R&D Specific:

  • Collects and maintains an inventory of key applications, processes, and infrastructure items and their impact to compliance risks. Additionally, maps applications, processes, and infrastructure items to appropriate security risks.
  • Facilitates/performs activities to map key controls (policy, procedure, practice, or organizational structure) that if implemented would provide reasonable assurance that compliance objectives will be achieved and undesired events will be prevented or detected and corrected.
  • Facilitates & performs activities to review, development and the implementation of joint R&D/ security and compliance plans, including training around Security issues.
  • Facilitates & performs activities to conduct technical R&D/security reviews and assessments of applications, processes, infrastructure and document within a Data Privacy Impact Assessment (DPIA) (Post GDPR requirements).
  • Responsible for identifying key potential compliance risks early in the Product design process through early engagement with R&D teams, assessing the design effectiveness of proposed security/compliance controls, clearly communicating risk treatment recommendations and decisions. (Post GDPR requirements).
  • We would like you to be open to learning penetration testing at some point during your career with us.
  • We would like you to have a solid I.T. and/or Testing background.

What we value

Passion, Teamwork, Innovation and Professionalism are the values we believe make us the company we are. We’re looking for someone who understands great culture and will help us shape it as it evolves.

About Zonal

If you’ve booked a table or hotel room, ordered and paid for food and drinks, received loyalty offers, or downloaded your favourite hang out’s app, you will likely have used a Zonal product.

We are a family business with Scottish roots. We operate from our modern head office in Edinburgh to our Marketing Technologies Division in Staffordshire, or our Innovation Centre in Abingdon and hotel management solutions base in Cardiff.

Click to read the full spec

Interested in this role? Want to know more?

Apply Now