Chief Information Security Officer

The Chief Information Security Officer (CISO) will play a pivotal role in shaping and executing our information security strategy. Reporting directly to the Director, Technical Operations and with specific audit reporting lines to the board of Executives and the Risk Committee , you will lead a dedicated team of security professionals and work closely with various stakeholders to ensure the confidentiality, integrity, and availability of our information and technology systems. You will be responsible for establishing and maintaining a robust cybersecurity framework, staying ahead of emerging threats, and fostering a culture of security awareness throughout the organization. You will spend 50% of your time focused on our UK and Europe operations and 50% of your time focused on our U.S. operations.

Requirements

Governance: Risk / Compliance / Assurance:

• Strategic Leadership: Develop, implement, and oversee the company's information security strategy, aligning it with business goals and industry best practices.
• Policies & Standards: Own and develop security policy and associated standards.
• Risk Management: Identify, assess, and prioritize information security risks, and establish mitigation plans to safeguard critical assets.
• Security Architecture: Design and maintain a secure technology infrastructure, including networks, systems, applications, and cloud services.
• Compliance: Ensure compliance with relevant regulations, standards, and frameworks, such as GDPR, ISO 27001, New York Department of Financial Services cybersecurity requirements etc.
• Incident Response: Develop and implement an effective incident response plan to manage and mitigate cybersecurity incidents and breaches.
• Security Awareness: Educate and train employees at all levels to promote a security-conscious culture and empower them to recognize and respond to security threats.
• Vendor Management: Evaluate third-party vendors and partners for security risks and enforce appropriate security controls.
• Due Diligence: Assist with security-related due diligence activities.
• Security Testing: Coordinate regular security assessments, penetration testing, and vulnerability assessments in co-operation with the Risk and Compliance Assurance (RCA) function to identify and address weaknesses in the environment.
• Advice: Act as security advisory to other areas of the business.
• Audits and Accreditation: Co-ordinate and assist with third-party testing, audits and accreditations (e.g. penetration testing, ISO27001 accreditation).
• Collaboration: Work collaboratively with IT, legal, compliance, and other teams to ensure a holistic approach to information security.
• Reporting: Provide regular reports to executive leadership and the board of directors on the state of information security including all current security metrics, potential risks, and ongoing initiatives.
• Monitoring: Receive alerts around security events and act on them, including false positives, escalation and reporting.
• Security incident lead: Help to resolve security incidents and provide a practical response where necessary.

Sec Ops:

• Monitoring: Receive alerts around security events and act on them, including false positives, escalation and reporting.
• Security incident lead: Help to resolve security incidents and provide a practical response where necessary.

What do you need to succeed?

• Proven progressive experience in information security, including leadership roles.
• Industry-recognized certifications such as CISSP, CISM, CISA, or other relevant certifications are highly desirable.
• Strong understanding of cybersecurity technologies, practices, and trends, including network security, encryption, identity and access management, intrusion detection/prevention systems, etc.
• Excellent communication and interpersonal skills, with the ability to articulate complex technical concepts to non-technical stakeholders.
• Proven experience in leading and managing a team of security professionals.
• Demonstrated ability to think strategically and translate security requirements into business objectives.
• Familiarity with financial industry regulations and compliance requirements is a plus.
• Strong communication and interpersonal skills, capable of effectively conveying complex regulatory information to both technical and non-technical audiences.
• Detail-oriented mindset with the ability to manage multiple tasks simultaneously and prioritize effectively.
• Sound judgment and decision-making abilities, especially in high-pressure situations requiring quick and accurate assessments.
• Ability to work collaboratively with cross-functional teams and regulatory authorities.
• High ethical standards and a commitment to maintaining confidentiality.

Benefits

• 25 days Holiday per year + Bank Holidays 
• Hybrid working arrangements. 
• Contributory pension scheme 
• Enhanced Parental leave.  

• Cycle to Work Scheme 
• Private Medical Insurance through Vitality 
• Access to Oliva our Mental Health Therapy partners
• Discounted Gym membership  
• Financial Coaching with Octopus Wealth 

• 2 days of volunteering leave per year 
• Sabbatical after 5 years’ service  
• Ongoing Learning and Development to support you reach your career goals. 

We understand that everyone has their own work rhythm, and we believe in a flexible working schedule that supports a healthy work/life balance. We offer a hybrid work approach with 2/3 days in the office.

About us

We are Vitesse – the treasury & payment provider of choice for the insurance market.

Formed in 2014 by a team of proven FinTech entrepreneurs, we are an FCA regulated payments business that is driven to be the payment partner of choice for the insurance market, by providing global payment services and treasury optimisation.  Operating one of the largest domestic banking and payment settlement networks in the world, we give our customers direct access to more than 170 countries and territories, covering over 110 currencies. Through a single integration, insurers can use this network to pay claims in as fast as 45 seconds, delivering a better customer experience to their claimants.  Our market-leading treasury optimisation service brings complete control and transparency to insurers and allows them to have their money in the right place, at the right time, to make that all important payment - fast, and when their customers need it most. 

With now over 150 employees across Europe and our London headquarters, $26m series B funding in 2022 in the bag and approaching £8bn in processed transactions, we are only just getting started. 

Partnering with some of the biggest insurance leaders including Lloyd’s of London and Many Pets, we take huge pride in our company culture, ensuring that everyone has a part to play, an opportunity to be heard, be involved, and the ability to make a real difference. 

As we continue to scale up, we want like-minded humans to join us on this exciting journey. 

Are you ready?

WE ARE AN EQUAL OPPORTUNITY EMPLOYER

We are committed to creating an inclusive environment that enables everyone to perform at their best, where we recognise the rights of all individuals to mutual respect and where there is an 

unbiased acceptance of others. Our policies and practices aim to promote an environment that is free from all forms of Unfair discrimination and values the diversity of all people. At the heart of our policy, we seek to treat people fairly and with dignity and respect.