Skip to main content

IT Security Lead

IT Operations Full Time London

About us

We’re a bunch of techies, creatives and friendly finance folk, who’ve run our own businesses and side gigs – and helped others do the same. So we’ve come together, with Santander’s backing, to shake things up.

What if doing expenses from paper receipts was as simple as snapping a selfie? And you could get a clear view of your finances with a simple heads-up?

We’re here to save you time. Cut headaches. Smooth hassles. To make repetitive admin, endless paperwork, and tedious typing into spreadsheets, a thing of the past.

So we’ve created a place – for quick answers and inspiration. Business owner to business owner. A growing resource from people who go through the same as you.

And we’re making an app – your pocket business helper. Always on hand to make working life simpler.

The Role

Lead for information security defining the IT security architecture and standards, ensuring that all security components are integrated into the overall technology architecture and roadmaps, evaluating the security implications and provide design review and approval for new products and services.

Key Responsibilities

Specifically this role will focus on the following themes:

  • Act as the Security champion across the organisation, providing a focal point for governance and leadership
  • Provide security metrics and KPIs to the Leadership Team on a regular basis
  • Ensure that security is input into operational risk, compliance and regulatory functions
  • Input into, implement and manage the IT Security strategy, roadmap and programme
  • Own and manage the development of the Information Security Management System to define, develop, socialise, agree and publish global IT security policies and standards to protect the business from security threats
  • Provide security assessment of 3rd party suppliers from a technical and risk standpoint
  • Design and develop enterprise security architecture through people, process and technologies
  • Liaise with the Product Design and Engineering teams to provide security design review and approval for new services and products in line with agreed standards and policies
  • Develop major incident response capability through and outsourced SOC.

Experience

  • Advanced experience in IT security, threats and control strategies to cope with them, particularly within a mobile and cloud-based environment
  • Experience of Risk Assessments and Risk Management projects utilising recognised frameworks
  • Demonstrable experience of leading the design and development of a security programme or security maturity roadmap against a recognised frame-work (NIST, 27001, CIS20)
  • Experience of integrating legal and regulatory requirements into the solution ecosystem, e.g. GDPR

Personal Skills

  • Ability to determine security requirements by evaluating business strategies, and making credible recommendations that are both technically safe but also commercially minded and that won’t damage the customer experience
  • You are able to articulate highly technical problems to non-technical stakeholders and talk to their customer driven objectives

Qualifications

  • CISSP/CISM
  • ISO27001 Lead Implementer
  • TOGAF/SABSA