Head of Information Security

Napier’s mission is to become the recognized leader in ‘Intelligent Compliance’ software for all regulated industries. We will achieve this through delivery of a best in class AML solution. Napier is currently Great Place To Work 2021 certified and has been ranked #15 Best Workplace in Tech (medium size organisations) 2021.

Napier is a holistic anti-money laundering (AML) compliance technology provider. Our products, trusted by the world’s leading data providers, transforms AML and trade compliance from mandatory duty to competitive edge. We use deep industry knowledge and cutting-edge technologies such as artificial intelligence and machine learning to help businesses detect suspicious behaviours and fight financial crime.

Napier currently holds both ISO 27001 and SOC2 (Type 2) certifications and is looking for a new Head of Information Security to both maintain those certifications through annual audits as well as enhance its overall Information Security posture. Napier offers on-prem and hosted AML software solutions to financial providers around the world meaning that Information Security is a critical discipline for us and one that our customers see as critical.

The Head of Information Security is responsible for the overall Information Security posture at Napier. This goes from policy definition and audit through ensuring teams across the business implement appropriate technical and organisational measures to ensuring customers feel safe entrusting us with their customers’ data.

The role reports into an Exco members and manages a team of InfoSec specialists. Key relationships are with the Risk and Compliance, Internal IT and Platform (managed service) and Engineering teams.

Responsibilities

• Maintain and improve Napier’s Information Security Management System, Policies and Certifications
  • Overall responsibility for Napier’s InfoSec policies and ISMS
  • Seek to define, improve and refine Napier’s policies based on industry-practice and customer demands in the financial sector.
  • Work with Head of Risk and Compliance in ensuring all aspects of the business understand and comply with policies
  • Work with Heads-of-lines-of-business to understand how policies are implemented operationally
  • Develop internal security awareness and training programs
• Lead Information Security function
  • Lead InfoSec team to maintain high levels of morale and engagement
  • Work closely with all areas of the business to ensure InfoSec requirements are met
  • Identify design and deliver a security program in line with business objectives
• Work with Internal IT on InfoSec-related controls (systems) deployment and monitoring
  • Ensure audits are performed on existing systems
  • Identify the need for additional IT controls to meet policies and work with IT on the implementation
• Maintain ISO27001 and SOC2 certifications
  • Manage internal/external audits to identify opportunities for improvement
  • Mature ISMS and develop existing policies and procedures
  • Work with 3rd party who provides “friendly” 1/4ly audits
  • Run the annual audit process for ISO27001 and SOC2, working with external bodies
• Represent the business to external bodies, customers and prospects
  • Working with pre-sales and legal on the completion of RFP's and security questionnaires
  • Where required, meet with customers to walk them through Napier’s policies and controls
  • Liaise and advise with internal stakeholders to support the sales cycle
• Mature security incident response procedures
  • Assess security incidents and manage response and forensics where required
  • Develop, test and identify improvements to security incident responses
• Manage third-party SOC service (SEIM / Azure Sentinel)
  • Investigate escalated alarms
  • Improve service deliverables to enhance security posture

Requirements

• 5+ years information security experience, ideally some in a global organisation
• Experience of ISO27001 / SOC2 audits
• Identity and access management with an understanding of Zero Trust
• Experience with SIEM (Napier uses Microsoft Azure Sentinel) and vulnerability management
• Data Loss Prevention and best practices
• Microsoft Azure
• Understanding of Manged Service Provision + outsourcing requirements from customers (third party risk)

Benefits

• Pension scheme
• Life insurance
• Group income protection
• Health cover
• Birthday leave
• Many more standard and non-standard benefits