Head of IT & Information Security

Salary not available. View on company website.

gohenry Ltd, City of Westminster

Full time
Permanent
Onsite working

Posted today, 20 Oct | Get your application in now to be one of the first to apply.

Closing date: Closing date not specified

job Ref: 4eb755e0b84f42a392a5d1ca808962f6

gohenry Ltd

Full Job Description

As GoHenry Head of IT & Information Security, you'll own all elements of GoHenry's global information security program and be accountable for the security and protection of all information entrusted to us by our customers, partners, and employees. Ultimately, you'll be responsible for creating an organisational culture where information security is ingrained into the fabric of GoHenry standard business operations. Reporting to the company Chief Product & Technology Officer, the Head of IT & Information Security will be responsible for proactively communicating to the executive team and board on the progress of the cyber security vision, strategy, roadmap and key performance indicators. This position will closely work with Acorns CISO and be accountable to both Acorns CISO and GoHenry CPTO. Responsibilities Leadership & Team Management

Lead, motivate, and manage a small team of IT & Security professionals
Set clear performance expectations, objectives, and goals for team members.
Conduct regular one-on-one meetings, performance reviews, and provide constructive feedback to the team.
Foster a positive and inclusive team culture, encouraging professional and personal development and growth.
Develop and implement a strategic security plan aligned with the organisation's goals and objectives.
Help manage the department budget
Design, develop and maintain an information security management system and supporting roadmap to align and scale with the company growth
Manage security assessment and testing processes, including but not limited to penetration testing, vulnerability management, and secure software development at a global level
Implement and manage industry security standards including SOC 2 and be inline with ISO-27001, NIST800-53 as well as card payment industry standards (PCI-DSS)
Develop and extend security tooling and automation efforts across the company
Conduct comprehensive risk assessments to identify potential security threats and vulnerabilities.
Develop and implement risk mitigation strategies to protect the organisation's assets and reputation.
Proactively identify security issues and potential threats and continuously build processes and design systems to watch for and protect against them
Improve risk posture to support and inform business stances and security investments
Plan for and manage cyber incident response plans while minimising effect on the business
Develop and conduct regular security drills and training programs.
Educate the company about security threats and implement threat protection measures at a global level
Advocate for secure application and infrastructure best practices, ensuring a security presence at all stages of the software development lifecycle
Manage relationships with external information security technology vendors and specialised information security professional services firms
Work closely with Acorns Team to ensure IT Operations are merging practices
Ensuring processes are as efficient as possible
Ensuring services provided are up to the agreed standard

At least 10 years experience in the information security space. We would love it if that had been spent with high growth Fintech companies
Expert experience with cloud security, platforms and services, including understanding of current security offerings from cloud service providers (ideally GCP) applied to microservice infrastructures
Experience in developing and embedding an information security management system
Experience in the evaluation, implementation and management of industry standard enterprise wide information security technologies and concepts, including but not limited to Network/Application/Cloud Security, Data Security, Threat and Vulnerability Management, runtime protection and Identity & Access Management
Clear understanding of relevant information security governance, technical and security standards and regulations
Hands on familiarity and experience implementing industry security standards like NIST 800-53, SOC-2, PCI-DSS, Digital Operational Resilience Act (DORA), Prudential Regulation Authority (PRA) and NIS-2 as well as current data privacy regulations, including GDPR and regional standards
Deep knowledge of networking and network security
Strong understanding and experience with Secure SDLC and DevSecOps or security automation
Ability to work under pressure across multiple stakeholders
Excellent written and communication skills and ability to communicate across all levels of an organisation.
Relevant certifications (e.g., CISM, CISMP, CISSP, CCNA, SSCP) are highly desirable.

GoHenry is a UK-based fintech company created by parents to pioneer financial education. More recently, GoHenry moved into Europe and the US by joining forces with French fintech company PixPay and US investing app, Acorns.

Flexible working
BUPA Private Medical or BUPA Cash Plan
25 days annual leave, plus public holidays
An additional day off on the week of your birthday
Flexible public holidays
Family friendly leave policies
Death In Service Benefit - X4 your annual salary
Mental Health Platform - OpenUp
Nursery/ Childcare Benefits
Cycle to work scheme
Gym Discounts
Training budget.
We ranked #38 in Newsweek's Top 100 Most Loved Workplaces in the UK in 2023
We're one of Tech Track's top 50 fastest-growing UK companies.
We won Finders Kid's Cards Customer Satisfaction Awards in 2022 and 2023.
We won the Tech for Good award at the Better Society Awards 2023
Our kids and parents have donated over £500,000 of their own money to NSPCC via their GoHenry accounts