Information Security Director

Do you want to build and lead a high-performing product team in a rapidly-scaling fintech in the embedded payments space? Are you curious, always looking for a better way of doing things and motivated by collaborating cross-functionally to deliver outstanding results? If so, we would love to hear from you!

About Us

At Modulr, our vision is a world where all businesses are powered by embedded payments. Modulr enables thousands of businesses, from SMEs to Enterprises, across the UK and Europe to efficiently pay-in, collect and disburse funds instantly via a range of payment methods, accounts, and card products. We’ve created an industry-leading platform with comprehensive online tools and API access, to meet the demands of daily business payments. We are connected to an expanding network of accounting and payroll platforms, including Sage, Xero, BrightPay and IRIS. Our payments expertise and extensive product capability also enables us to build tailored solutions to solve complex payment problems for hundreds of clients in a range of industries, including Travel, Merchant Payments, Lending, Wage Advance and Investment & Wealth. We are deeply integrated into the payments ecosystem. In the UK, we are direct participants of Faster Payments and Bacs, and hold settlement accounts at the Bank of England. Our payment network connectivity includes CHAPS, Open Banking, SEPA and SWIFT. We are principal issuing members of Visa and Mastercard across the UK and Europe. Our regulatory permissions and governance structure underpin our business. We are regulated as an Electronic Money Institution (EMI) in the UK by the Financial Conduct Authority and in the Netherlands by De Nederlandsche Bank. Modulr now has over 400 employees globally across offices in London, Edinburgh, Amsterdam and Mumbai.

Modulr values:

• Build the extraordinary and go that extra mile.
• Own the opportunity: be passionate and proud of the time you invest.
• Move at pace: reach your goals faster with us supporting you each step of the way.
• Achieve it together: work as a team, collaborating with other Modulites.

The Role

The Director of Infosecurity is a crucial leadership role responsible for establishing and maintaining a robust information security program within the Modulr financial services environment. This individual will be instrumental in protecting the organization's sensitive data, systems, and infrastructure from cyber threats while ensuring compliance with global regulations and industry standards.

Key responsibilities

• Leadership and Strategy: Develop and implement a comprehensive information security strategy aligned with business objectives and UK regulatory requirements. Provide leadership and direction to the information security team. Stay abreast of industry best practices, emerging threats, and regulatory changes, specifically those relevant to the UK financial sector. Conduct regular risk assessments to identify and evaluate potential security threats, taking into account the specific risks faced by UK financial institutions. Develop and implement risk mitigation strategies to address identified vulnerabilities. Oversee incident response planning and execution, ensuring alignment with UK regulations and reporting requirements.
• Security Architecture and Operations: Design and implement security architecture to protect critical assets, including on-premise and cloud-based systems (with a focus on AWS). Manage security technologies such as firewalls, intrusion detection systems, data loss prevention tools, and cloud security posture management (CSPM) solutions for AWS. Oversee security operations, including monitoring, incident response, and vulnerability management, with a focus on UK-specific threats and regulations.
• Policy and Compliance: Develop and maintain information security policies, standards, and procedures in accordance with UK laws and regulations (e.g., GDPR, Data Protection Act 2018, FCA regulations). Ensure compliance with relevant industry standards (e.g., PCI DSS, ISO 27001) and UK-specific guidelines. Conduct security awareness training for employees, tailored to the UK financial services context.
• Third-Party Risk Management: Assess and manage security risks associated with third-party vendors and service providers, ensuring compliance with UK data protection and outsourcing regulations. Ensure vendors comply with security requirements and contractual obligations, with particular attention to data residency and cross-border data transfer regulations.
• Cloud Security (AWS): Develop and implement security controls and best practices for AWS cloud environments. Utilize AWS security services (e.g., Security Hub, GuardDuty, Config) to monitor and manage the organization's security posture in AWS. Ensure compliance with AWS Well-Architected Framework security principles.
• Collaboration and Communication: Collaborate with other departments to integrate security into business processes, considering the specific requirements of the UK financial services industry. Communicate effectively with stakeholders regarding security risks and mitigation efforts, tailoring communication to the UK audience. Report on security posture and key performance indicators to senior management, including UK-specific metrics and regulatory compliance updates.

The Ideal Candidate

• Substantial experience in information security including leadership experience.
• Proven track record of building and managing successful information security programs in compliance with financial regulations.
• Strong understanding of security frameworks, standards, and best practices.
• Extensive experience with cloud security and managing security posture in cloud environments.
• Strong analytical and problem-solving abilities.
• Deep understanding of security technologies and architecture, including cloud security and AWS-specific services.
• Knowledge of risk assessment methodologies and incident response procedures, tailored to the UK financial services context.
• Ability to develop and implement security policies and procedures in line with UK regulations.
• Experience with third-party risk management, with an understanding of UK-specific outsourcing and data protection requirements.

What can Modulr offer you

• You’ll be part of a cross-disciplinary team(s), with co-workers located in London, Edinburgh, Amsterdam and/or Mumbai.
• We are friendly and sociable, challenging but rewarding. We want you to push yourself and for us to support you in your future as we scale.
• Our culture and values put you first and are about investing in your future.
• Share Options Incentive Scheme
• Company Bonus - the more successful we are together, the more company bonus we offer.
• Benefits pot - £1000 towards a variety of benefits for you to choose (including healthcare, dental etc), Perkbox (freebies and discounts!), plus access to season ticket loans.
• 33 days holiday (including bank holidays) + your birthday off - choose which days you take off to relax and/or spend time with loved ones.
• Learning Opportunities – on joining Modulr you will embark on our onboarding programme, called ModStart, to be equipped with the Modulr know-how and arm you with the tools you need to be successful from day 1! But, we don’t want your learning to stop there so we will continue to provide you with the tools and capabilities through our learning channels, platforms and buddy allocation to allow you to grow and develop in Modulr.
• Modulr All hands - join your colleagues for our company-wide events throughout the year.
• Great workspace - Modulr thrives on innovation which is best done through in-person collaboration. This approach enables us to work together closely, exchange ideas, and create innovative solutions that drive our success. We ask our team members to be based in the office 4 or more days a week. We have state-of-the-art offices located in all four locations – London, Edinburgh, Amsterdam and Mumbai.
• Bike to work scheme
• ModInclusion - We believe that by seeing Modulr, and the world, from all sorts of angles, we can make life better for all. We want you to know that the things that make you, you — like your identity, age, ability, and background — are things that we will always celebrate and support with open arms. As such, we are keen to maximise the diversity of our workforce and actively encourage applications from anyone and everyone.