Information Security Assurance Manager

Our vision is a world where all businesses are powered by embedded payments. Modulr enables businesses, from SMEs to Enterprise, to grow their revenue, drive efficiencies and deliver fantastic customer experiences, by embedding payments into their products and operating systems. We do this by providing products and services which allow our clients to efficiently collect, reconcile and disburse funds instantly via a range of payment schemes, accounts, and card products, fully controllable via API.

What You'll Do

• Lead and complete information security assurance activities in support of internal audits, external audits, certifications, and regulatory reviews.
• Act as the primary information security point of contact for internal audit, external auditors, and regulators.
• Plan information security audit scope, timelines, and evidence requirements in collaboration with governance and delivery teams.
• Coordinate and run information security control walkthroughs, interviews, and technical deep dives with engineering, platform, and operations teams.
• Review, validate, and challenge information security control evidence to ensure it is accurate, complete, and auditable.
• Independently assess the design and operating effectiveness of information security controls against governance owned policies, standards, and regulatory expectations.
• Produce clear and information security assurance findings and audit reports for technical, executive, and regulatory audiences.
• Identify and communicate information security control observations and assurance outcomes to the security governance to inform governance led risk assessment and decision making.
• Track information security audit findings through to closure, validating remediation implementation without owning delivery.
• Identify recurring or systemic information security control observations and elevate them through agreed governance forums.
• Act as a pragmatic but independent assurance partner, ensuring information security assurance activity enables compliant, well controlled delivery.

Who You Are

• Significant experience in information security assurance, audit, or second line security roles within a regulated environment.
• Proven experience leading internal and external information security audits end to end, including direct interaction with auditors and regulators.
• Strong understanding of information security control design and operating effectiveness, particularly across cloud, SaaS, identity, and modern application environments.
• Experience assessing security controls against regulatory requirements and recognised frameworks such as PCI-DSS, ISO 27001, SOC 2, or equivalent.
• Ability to critically assess audit evidence, identify gaps or weaknesses, and challenge findings constructively using facts and documentation.
• Clear understanding of the separation between assurance, governance, and delivery, and the discipline to maintain independence.
• Strong written and verbal communication skills, with the ability to explain assurance findings clearly to both technical teams and senior stakeholders.
• Confidence operating autonomously, managing multiple audits or assurance activities in parallel without loss of quality.

Nice to haves

• Experience working in fintech, financial services, or similarly regulated environments.
• Direct experience supporting regulatory reviews, supervisory visits, or thematic inspections.
• Prior exposure to internal audit functions or working as a second line assurance partner to internal audit.
• Familiarity with multiple security and risk frameworks and how auditors interpret them in practice.
• Experience pushing back on auditors with evidence while maintaining constructive relationships.
• Professional certifications in information security, assurance, or audit (e.g. CISM, CISSP, CISA), without being framework driven.
• Experience operating in fast moving technology environments where assurance must be risk based and pragmatic, not checkbox led.

What We Offer You

• Share Options – We offer a Company Share Option Plan (CSOP), giving you the opportunity to benefit from any increase in share value in the event of a sale, merger, or flotation.
• Bonus – Our annual discretionary bonus, paid in May for the previous year, is based on both company and individual performance.
• Flexible benefits – £1000 to spend on benefits to suit you, including private medical insurance, gym membership, dental etc.
• Wellbeing app – confidential, on-demand access to therapy, coaching, counselling, management training or mindfulness sessions with accredited professionals, with company-funded hours and top-up options available.
• Holidays – 33 days annual leave (including bank holidays) plus your birthday off.
• Learning opportunities – Our two-day onboarding program, ModStart, helps equip you for success. Learning doesn’t stop there; we’ll continue to support your development through various channels.
• Company-Wide Events – Participate in collaborative and engaging events with colleagues across the business.
• Bike to work / E-bike scheme.

At Modulr, we’re committed to building a diverse, equitable and inclusive culture where everyone feels they belong and can bring their whole self to work. We welcome applications from candidates of all backgrounds as we believe it’s the right thing for our people, our business, and the community we operate in.