Director of Information Security

**Director of Information Security**

**Based: London or hybrid/home working**

**Salary: to c£90,000 + benefits**

One of the fastest growing fintech companies with a mission to democratise investments and payments for people and companies worldwide. They have more than 3 million customers in over 150 countries and continue to grow fast. Their systems enable people tobuy, exchange and send more than 100 cryptocurrencies, precious metals, equities, and currencies instantly. An engineering-led company, they offer a stimulating and challenging home for the brightest and best tech-talent.

They are hiring a Director of Information Security in Governance, Risk and Compliance to join their Information Security team. This is an incredibly exciting opportunity to help assess Information Security risks and guide and support the design of securityand privacy controls within the context of global regulatory frameworks. The position will also help manage these risks and compile these controls in supporting documentation and explain them to internal and external stakeholders. This role requires a mixof broad business and technical know-how along with a strong ability to communicate with members of the team and their cross functional partners.

**Responsibilities**:

- Drive, guide, and facilitate the implementation and remediation of technical security controls required by the Federal Trade Commission, Sarbanes-Oxley, ISO27001, SOC2, Payment Card Industry Data Security Standard (PCI DSS), regulations governing personallyidentifiable information (PII), other applicable regulatory compliance frameworks.
- Drive the development, implementation, and mapping of security controls to standard.
- Ensure requirements and controls are correctly identified, mapped, tracked, and reported.
- Develop and formalise the Internal Information Security and control assessment processes.
- Develop and maintain system security documentation, including drafting, reviewing, editing and recommending guidance.
- Develop system security authorisation documentation such as security plans, risk assessments, and security control test reports.
- Assist in the development and implementation of risk management activities across the business to ensure risks are identified and monitored.
- Understand technical implementation details necessary to assess security controls.
- Participate in the development and oversight of required corrective action plans relating to security compliance issues.
- Partner with team members to ensure successful security programs align with compliance and auditing requirements.

**Required Qualifications**:

- 7+ years of relevant experience.
- Strong degree level education preferred.
- Knowledge of industry authoritative sources such as ISO, PCI, SOC2, NIST, GDPR, CCPA and COBIT standards.
- Prior experience implementing ISO27001 and SOC2 frameworks.
- Ability to develop security standards and guidelines based on best practices and industry standards.
- Passion for Information Security Governance and Risk.
- Experience with analysing data to surface meaningful information.
- Experience with project management.
- Demonstrated leadership skills including the ability to identify and manage your own work and interface effectively with individuals across various levels to get that work done.

**A Bonus if you have**:

- Industry recognized security certifications strongly preferred (e.g. CISSP, CISA, CISM, CEH, etc.)
- Experience in the financial services sector.
- Knowledge of blockchain technology
- Experience auditing and working with cloud infrastructure.

Ref: DLO/DIS/MH