Head of Information & Cyber Security

Head of Information & Cyber Security

Reporting to: General Counsel

Location: Scale Space Building, 58 Wood Lane, London W12 7RZ.

We’ve been pioneering embedded finance since 2007 and over the years, we’ve worked in partnership with banks, SaaS providers, payment processors, checkout providers, and even the UK government – providing all they need to offer easy and frictionless revenue-based finance solutions to their SME customers through our API-powered funding platform.

We are in a very exciting period of growth, both within the UK and internationally, with teams based in London, Nottingham, USA and Scandinavia. As we continue to grow we are looking for talented and ambitious individuals to join us to reshape business finance.

We are proud to have been included in The Sunday Times Hiscox Tech Track 100 as one of the 100 fastest growing FinTechs in the UK for two years running.

Who are we?

Our company goal is to close the $5tn funding gap for small businesses and to do that, security needs to be a first class citizen in our development and operational practices. We are a fast moving business and need to shift security 'left' in our processes to help us quickly respond to new product, geographical, regulatory and operational challenges that may arise.

Who are you? 

The Head of Information Cyber Security will be responsible for overseeing a range of technical and process security controls and leading a programme of continuous improvement in response to changing security threats and risk. The role requires a thorough understanding of the technologies that underpin our systems and a broad, up-to-date knowledge of information security frameworks, pertinent regulation and legislation, vulnerability management, incident management and response, secure development techniques and approaches, Cyber Security engineering and operations and management and governance of Cyber risk and Cyber Security.

You will be managing a small team initially and you will be comfortable in a hands-on capacity coaching and mentoring the team as well as leading the way.  You will have a solid Cyber Security background. You will be used to “doing” as well as delegating and who has been instrumental in building an information security function.

This role requires you to be capable of viewing the risks of the business through a security lens, providing expert support and advice. This requires a collaborative approach providing guidance as required and supporting new business development and partner onboarding as well as providing comfort around our robust information security infrastructure to these strategic partners.

You’ll be comfortable with ISO27001, PCI-DSS – NIST CSF and be driven to find suitable frameworks to ensure the business operates to the highest level of security compliance.  You will have experience of managing and advising senior/leadership teams on the security roadmap for the business and be comfortable in both leading your own team as well as influencing others to achieve our high standards. You will be ensure that the information security team’s goals are aligned with the wider business strategy and be highly aware of the standards of security expected from our strategic partners which include regulated financial institutions.

Responsibilities

• Define, develop and maintain a business-aligned Information and Cyber Security strategy and operating model
• Ensure ongoing compliance with ISO 27001 and PCI-DSS
• Define and embed an Information Security Policy Framework and accompanying processes, in line with relevant legislation and industry standards (ISMS)
• Provide advice and direction to the Executive and Senior Leadership Team in the integration of security practices into their strategic and operational processes
• Establish and maintain clear and measurable Information and Cyber Security strategic plans, budgets and targets as well as robust and fit-for-purpose operational procedure service improvements and ensure that all elements of the service represent the best value for money
• Work closely with internal stakeholders and business units to keep abreast of planned changes to technologies, working practices and business activities that could have an impact on our Security or risk profile
• Define active monitoring for cyber threats and attacks and take pro-active and re-active action to any cyber incident (e.g. new vulnerability identified that requires urgent patching)
• Ensuring the security posture of the business meets the needs of our customers and partners. Build a proactive approach to security, developing reusable documentation and assets that lead the way in demonstrating our approach to security.
• Working alongside the Legal and Compliance teams on our Privacy and Compliance Hub to ensure effective standards for Data security, GDPR, Compliance etc
• Working with our clients to ensure compliance against agreed standards, policies, processes and functionality
• You’ll be an integral part of the team which determines which tools to use, how to implement them and how the outputs of those tools should be consumed
• You’ll ensure that devices and services are monitored from a security/Infosec standpoint
• You’ll work closely with 3rd party services to ensure our infrastructure is managed to service levels and compliance standards.

We think you'll need

• • Significant experience of ISO27001 standards – both the ISMS itself and how to practically apply those standards across the business effectively as well as PCI-DSS
  • Experience in security controls within infrastructure/services through Microsoft/Azure
  • Experience working with securing web applications on cloud environment
  • Experience of working with SaaS technologies and experience managing information security risks in a public cloud environment like Microsoft Azure
  • Experience in creating Infosec strategies to support the business throughout its growth, including strategy justification, board approval and roll-out of improvement programmes
  • Experience working in an IT/Infosec leadership role, preferably within a high growth technology driven environment
  • Exceptional project, change management and time management skills
  • Experience working alongside Legal, Compliance to manage Infosec and GDPR and DORA risks across the business and presenting these risks to the Executive Leadership Team.
  • Experience of internal/external audits, for both ISMS, corporate and external facing infrastructure and policy compliance
  • A strong grasp of data security.

It would advantageous if you have:

• A Professional qualification such as CISM / CISSP
• ISO 27001 Lead Implementer/Auditor certification
• A broad knowledge of IT systems, processes and the challenges of B2B environments

What happens next?

A lot of businesses talk about the importance of diversity and inclusion, at Liberis we want to make sure that we’re genuinely fostering a highly inclusive culture that not only welcomes diversity, but celebrates it. Our commitment is not just surface level. We’re on a mission to create a safe space where everyone and anyone, regardless of their background, can thrive. 

It’s not just the right thing to do. We also recognise that diverse teams perform better because we have so much to learn from one another. We think that’s pretty cool, and if you do to then you’re in the right place.  

We have a hive of activity happening around the business to make sure we’re always pushing for more. Everyone is encouraged to get involved to help us to continue to build an excellent culture at Liberis.  

Think this sounds like the right next move for you? If you’re not completely confident that you fit our exact criteria, get in touch! Humility is a wonderful thing and we are interested in hearing about what you can add to Liberis. You can reach us at [email protected] - we look forward to chatting with you! 

#LI-CG1