Head of Security (Founding)

Panamorphix is building CongregationDB — deterministic-first context graph infrastructure that provides a provable truth layer for enterprise AI decision systems. Our deployment model is on-premises only. Our customers are regulated financial institutions, reinsurance groups, healthcare organisations and government bodies. Our architecture is air-gap compatible by design.

Security is not a compliance checkbox at Panamorphix. It is a core product property and a primary commercial enabler. Enterprise customers in our target sectors will not deploy infrastructure they cannot independently verify is secure. This role exists to make that verification possible — and to ensure that everything we build, ship and deploy meets the standard our customers require before they ask.

This is a founding role. You will be the first security hire. You will build the function from zero, own it entirely, and shape the next three security hires that follow immediately post-seed.

The founder is actively building. CongDB alpha is running against canary data from five mid-cap private equity portfolio companies. CongSynth — the context synthesis engine — is in active development alongside the deterministic lane. This is not a concept. It is a system in motion.

The deployment model is on-premises only. No SaaS, no multi-tenant cloud. Every deployment is a sovereign instance inside a customer's controlled infrastructure. The security model is fundamentally different from a cloud-native product — there is no shared responsibility model, no cloud provider security layer to lean on. You need to be comfortable in this environment and to have worked in it before.

Target sectors are reinsurance, insurance, private equity, banking, healthcare, and government. Each brings its own regulatory and procurement security requirements — BMA, FCA, PRA, NHS DSPT, NCSC Cyber Essentials, and security classification frameworks at the more sensitive end. You do not need deep expertise in all of them, but you need to understand what each one means for a deployment architecture and a due diligence process.

You have worked in security inside or alongside regulated financial services, government, defence, or healthcare infrastructure. You understand what it means to deploy software into an air-gapped or highly restricted environment. You have built or significantly contributed to a security function rather than just operated within one. You are comfortable being the most senior security voice in a room and making calls without a committee.

You are not looking for a Head of Security role at a scaled company with an existing team and a mature programme. You are looking for the role where you build the programme — and where the decisions you make in the first twelve months define the security posture of a company that will operate inside some of the most sensitive data environments in the market.

This role opens when pre-seed funding closes. The founding team joins on EMI options at pre-seed valuation. For a Head of Security hire at this stage that is the material part of the compensation — you are not taking a job, you are taking a position in a company at the point where it is cheapest to do so.

Base salary will be competitive for a senior security hire at a well-funded early-stage company. We will not ask you to take a significant cash compromise in exchange for equity — both need to work.