Information Security Manager
London, Cardiff, Remote in the UK
At Monzo we’re aiming to build the best bank in the world. We are always keen to hear from capable, creative people who want to help us accomplish that goal. We want our bank to be safe and secure for our customers, so security is very important to us.
Security at Monzo
We are looking for a proactive, technically-minded and organised Information Security Manager to join our Information Security team in the bank’s 1st line of defence which has the ownership, responsibility and accountability for directly assessing, controlling and managing risk. The team is part of Monzo’s Security team which has a wide range of responsibilities, from infrastructure security to application and information security. You will be working directly with the engineers who are building our Platform (rather than in a stand-alone compliance team), and you will have the opportunity to directly make a big impact on the way that the business keeps our information secure. As a bank, we are solving diverse, novel problems to ensure that our customers and their data are secure.
One of the guiding principles of security at Monzo is that security at the expense of user experience is a last resort. We aim to move mountains in the background such that we can build world-class features without compromising on security.
As a member of our security team you will be responsible for constantly improving the security of Monzo. You will work closely with security engineers, as well as lots of teams across the company.
You'll be involved in a variety of work, all aimed at keeping our customer data secure and should expect to:
- Manage the end-to-end audit cycle, including answering requests and working with auditors to deliver internal cyber audits and PCI DSS assessments;
- Ensure that identified gaps from audit reports and assessments are delivered and embedded (as required) in change and continuous improvement processes;
- Work with Risk and Compliance and across the business to ensure that sufficient controls are in place to mitigate known security risks;
- Draft security policies, standards, guidelines and procedures and answer ad-hoc security governance queries;`
- Manage the third party risk management life-cycle, including pre and post-contract assessment of vendors;
- Work on the development and delivery of in-house Monzonaut security training programmes;
- Provide Information Security advice to stakeholders;
- Own and manage Information Security projects and initiatives;
- Work with Risk and Compliance to deliver management information for monthly security risk reporting to the Board and as required.
You should apply if:
- What we’re doing in the Security team excites you and you want to make a real difference to the way in which we deliver Information Security at Monzo;
- You're technically minded with the ability to think laterally and enjoy providing solutions to problems;
- You have experience managing multiple projects simultaneously, and are comfortable with regular context-switching;
- You’re comfortable reading and interpreting technical requirements, regulation and procedures;
- You love taking the initiative, prioritising and driving things forward, without being told what to do;
- You’re comfortable interacting with technical and non-technical stakeholders;
- You are an excellent communicator, both verbally and in writing;
- Ideally you have experience working in an Information Security team or you may have worked in a technical or compliance role and are interested in making a career in Information Security;
- You have CompTIA Security+, CISM, CISSP or are working towards one (or more) of these qualifications and are keen to develop your skills and experience further;
- You are familiar with ISO 27001 and ISO 27002.
- This role is at Level 4 of our progression framework, with a salary of £65k - £100k.
- We can sponsor Visas.
- This can be based in our new London office or remote.
- We support flexible working arrangements.
Equal Opportunity Statement
At Monzo, embracing diversity in all of its forms and fostering an inclusive environment for all people to do the best work of their lives with us. This is integral to our mission of making money work for everyone.
We're an equal opportunity employer. All applicants will be considered for employment without attention to ethnicity, religion, sexual orientation, gender identity, family or parental status, national origin, veteran, neurodiversity status or disability status.