Information Security Governance Manager

Information Security Governance Manager
London
Full-time
In office 4 days/week

Who We Are

Our vision is a world where all businesses are powered by embedded payments. Modulr enables businesses from SMEs to Enterprise to grow their revenue drive efficiencies and deliver fantastic customer experiences by embedding payments into their products and operating systems. We do this by providing products and services which allow our clients to efficiently collect reconcile and disburse funds instantly via a range of payment schemes accounts and card products fully controllable via API.

Find out more about us on our website and careers site.

What Youll Do

• Own and operate the information security risk register ensuring risks are clearly articulated consistently assessed actively managed and accurately reflected in governance and executive reporting.
• Work with technology product and platform teams to identify assess and track information security risks providing constructive challenge where risk assessments or remediation plans are weak incomplete or misaligned with risk appetite.
• Ensure security incidents near misses and material control failures result in appropriate updates to risk posture governance reporting and follow-up actions rather than being treated as isolated operational issues.
• Own the lifecycle of information security policies and standards ensuring they remain relevant proportionate and aligned with how the organisation builds and operates technology.
• Operate and govern the policy exception process ensuring exceptions are risk assessed time bound and approved at the appropriate level with clear visibility of residual risk.
• Develop and maintain clear decision focused information security reporting for technical risk forums executive committees and board level audiences including content for the CTOs board pack.
• Define maintain and continuously improve security management information metrics and KPIs focusing on insight and decision support rather than volume or vanity measures.
• Translate complex or technical security issues into concise business focused risk narratives that support informed decision making by senior and non-technical stakeholders.
• Prepare and support governance forums including agenda setting paper authorship action tracking and follow up to ensure decisions are implemented and risks are actively managed.
• Evolve the organisations approach to information security governance and reporting as the business scales technology changes and regulatory expectations develop.
• Act as a trusted advisor on information security risk and governance matters partnering closely with security engineering functions while remaining independent from delivery ownership.
• Work closely with risk compliance legal and internal audit teams to ensure alignment consistency and effective use of governance effort.

Who You Are

What youll need

• Significant experience in an information security governance risk or assurance role within fintech financial services or a similarly regulated environment.
• Demonstrable ownership of an information security risk register including risk articulation assessment treatment tracking and senior management reporting.
• Experience owning information security policies and standards end to end including review approval exception handling and ongoing relevance.
• Regular exposure to executive committees and board level reporting with accountability for the quality clarity and narrative of content presented.
• Strong understanding of information security risk management principles and how they are applied in practice not just defined in frameworks.
• Ability to distinguish between theoretical perceived and material security risk and reflect that accurately in governance discussions and reporting.
• Confidence to challenge engineering and senior stakeholders constructively using evidence and risk-based reasoning rather than policy citation.
• Excellent written communication skills with the ability to translate technical security issues into clear business focused risk narratives.
• Strong judgement and prioritisation skills balancing regulatory expectations security risk and delivery realities.
• Ability to operate independently manage multiple governance cycles in parallel and take accountability for outcomes rather than activity.

Nice to haves

• Experience supporting regulatory interactions supervisory reviews or significant audit activity in a regulated environment.
• Professional certifications in information security risk or governance.
• Experience working in organisations undergoing rapid growth technology change or increasing regulatory scrutiny.
• Familiarity with modern cloud-based technology environments and contemporary software delivery practices from a governance perspective.
• Experience improving or evolving governance risk or reporting models rather than simply operating established processes.

What We Offer You

• Share Options We offer a Company Share Option Plan (CSOP) giving you the opportunity to benefit from any increase in share value in the event of a sale merger or flotation.
• Bonus Our annual discretionary bonus paid in May for the previous year is based on both company and individual performance.
• Flexible benefits - 1000 to spend on benefits to suit you including private medical insurance gym membership dental etc.
• Wellbeing app confidential on-demand access to therapy coaching counselling management training or mindfulness sessions with accredited professionals with company-funded hours and top-up options available.
• Holidays -33 days annual leave (including bank holidays) plus your birthday the UK Christmas Day Boxing Day and New Years Day are fixed holidays. You can choose the remaining days to suit your personal schedule.
• Learning opportunities- Our two-day onboarding program ModStart helps equip you for success. Learning doesnt stop there; well continue to support your development through various channels.
• Company-Wide Events- Participate in collaborative and engaging events with colleagues across the business.
• Bike to work / E-bike scheme

ModInclusion

At Modulr were committed to building a diverse equitable and inclusive culture where everyone feels they belong and can bring their whole self to work. We welcome applications from candidates of all backgrounds as we believe its the right thing for our people our business and the community we operate in.

By submitting your CV you consent to us using your personal data to assess your application contact you or share your CV with relevant hiring managers. You can request removal of your data at any time by emailing - though this will withdraw you from consideration for the role.