Head of Information Security
London, England, United Kingdom
Applications have closed
Napier
Advanced Transaction Monitoring and Sanction Screening platform to combat evolving threats.Napier’s mission is to become the recognized leader in ‘Intelligent Compliance’ software for all regulated industries. We will achieve this through delivery of a best in class AML solution. Napier is currently Great Place To Work 2021 certified and has been ranked #15 Best Workplace in Tech (medium size organisations) 2021.
Napier is a holistic anti-money laundering (AML) compliance technology provider. Our products, trusted by the world’s leading data providers, transforms AML and trade compliance from mandatory duty to competitive edge. We use deep industry knowledge and cutting-edge technologies such as artificial intelligence and machine learning to help businesses detect suspicious behaviours and fight financial crime.
Napier currently holds both ISO 27001 and SOC2 (Type 2) certifications and is looking for a new Head of Information Security to both maintain those certifications through annual audits as well as enhance its overall Information Security posture. Napier offers on-prem and hosted AML software solutions to financial providers around the world meaning that Information Security is a critical discipline for us and one that our customers see as critical.
The Head of Information Security is responsible for the overall Information Security posture at Napier. This goes from policy definition and audit through ensuring teams across the business implement appropriate technical and organisational measures to ensuring customers feel safe entrusting us with their customers’ data.
The role reports into an Exco members and manages a team of InfoSec specialists. Key relationships are with the Risk and Compliance, Internal IT and Platform (managed service) and Engineering teams.
Responsibilities
- Maintain and improve Napier’s Information Security Management System, Policies and Certifications
- Overall responsibility for Napier’s InfoSec policies and ISMS
- Seek to define, improve and refine Napier’s policies based on industry-practice and customer demands in the financial sector.
- Work with Head of Risk and Compliance in ensuring all aspects of the business understand and comply with policies
- Work with Heads-of-lines-of-business to understand how policies are implemented operationally
- Develop internal security awareness and training programs
- Lead Information Security function
- Lead InfoSec team to maintain high levels of morale and engagement
- Work closely with all areas of the business to ensure InfoSec requirements are met
- Identify design and deliver a security program in line with business objectives
- Work with Internal IT on InfoSec-related controls (systems) deployment and monitoring
- Ensure audits are performed on existing systems
- Identify the need for additional IT controls to meet policies and work with IT on the implementation
- Maintain ISO27001 and SOC2 certifications
- Manage internal/external audits to identify opportunities for improvement
- Mature ISMS and develop existing policies and procedures
- Work with 3rd party who provides “friendly” 1/4ly audits
- Run the annual audit process for ISO27001 and SOC2, working with external bodies
- Represent the business to external bodies, customers and prospects
- Working with pre-sales and legal on the completion of RFP's and security questionnaires
- Where required, meet with customers to walk them through Napier’s policies and controls
- Liaise and advise with internal stakeholders to support the sales cycle
- Mature security incident response procedures
- Assess security incidents and manage response and forensics where required
- Develop, test and identify improvements to security incident responses
- Manage third-party SOC service (SEIM / Azure Sentinel)
- Investigate escalated alarms
- Improve service deliverables to enhance security posture
Requirements
- 5+ years information security experience, ideally some in a global organisation
- Experience of ISO27001 / SOC2 audits
- Identity and access management with an understanding of Zero Trust
- Experience with SIEM (Napier uses Microsoft Azure Sentinel) and vulnerability management
- Data Loss Prevention and best practices
- Microsoft Azure
- Understanding of Manged Service Provision + outsourcing requirements from customers (third party risk)
Benefits
- Pension scheme
- Life insurance
- Group income protection
- Health cover
- Birthday leave
- Many more standard and non-standard benefits
Tags: Artificial Intelligence Audits Azure Compliance Forensics IAM Incident response ISMS ISO 27001 Machine Learning Monitoring SIEM SOC SOC 2 Vulnerability management
Perks/benefits: Career development Health care
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Ethical hacker / Pentester H/F jobs
- Open Information Security Specialist jobs
- Open Manager Pentest H/F jobs
- Open Senior Cyber Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Cyber Security Specialist jobs
- Open Product Security Engineer jobs
- Open Principal Security Engineer jobs
- Open Staff Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Senior Information Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Chief Information Security Officer jobs
- Open IT Security Analyst jobs
- Open Consultant SOC / CERT H/F jobs
- Open Cybersecurity Consultant jobs
- Open Security Specialist jobs
- Open Senior Information Security Engineer jobs
- Open Cybersecurity Specialist jobs
- Open Senior Penetration Tester jobs
- Open Senior Security Architect jobs
- Open Security Researcher jobs
- Open Sr. Security Engineer jobs
- Open IT Security Engineer jobs
- Open Clearance-related jobs
- Open ISO 27001-related jobs
- Open Windows-related jobs
- Open Application security-related jobs
- Open Network security-related jobs
- Open Agile-related jobs
- Open Pentesting-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open Analytics-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Security assessment-related jobs
- Open Java-related jobs
- Open IDS-related jobs
- Open DevOps-related jobs
- Open Security Clearance-related jobs
- Open Malware-related jobs
- Open EDR-related jobs
- Open Kubernetes-related jobs
- Open CEH-related jobs
- Open IPS-related jobs