Information Security Director

Do you want to build and lead a high-performing product team in a rapidly-scaling fintech in the embedded payments space? Are you curious, always looking for a better way of doing things and motivated by collaborating cross-functionally to deliver outstanding results? If so, we would love to hear from you!

About Us

At Modulr, our vision is a world where all businesses are powered by embedded payments. Modulr enables thousands of businesses, from SMEs to Enterprises, across the UK and Europe to efficiently pay-in, collect and disburse funds instantly via a range of payment methods, accounts, and card products. We’ve created an industry-leading platform with comprehensive online tools and API access, to meet the demands of daily business payments.

The Role

The Director of Infosecurity is a crucial leadership role responsible for establishing and maintaining a robust information security program within the Modulr financial services environment. This individual will be instrumental in protecting the organization’s sensitive data, systems, and infrastructure from cyber threats while ensuring compliance with global regulations and industry standards.

• Key responsibilities
• Leadership and Strategy:

• Develop and implement a comprehensive information security strategy aligned with business objectives and UK regulatory requirements.
• Provide leadership and direction to the information security team.
• Stay abreast of industry best practices, emerging threats, and regulatory changes, specifically those relevant to the UK financial sector.

• Conduct regular risk assessments to identify and evaluate potential security threats, taking into account the specific risks faced by UK financial institutions.
• Develop and implement risk mitigation strategies to address identified vulnerabilities.
• Oversee incident response planning and execution, ensuring alignment with UK regulations and reporting requirements.

• Design and implement security architecture to protect critical assets, including on-premise and cloud-based systems (with a focus on AWS).
• Manage security technologies such as firewalls, intrusion detection systems, data loss prevention tools, and cloud security posture management (CSPM) solutions for AWS.
• Oversee security operations, including monitoring, incident response, and vulnerability management, with a focus on UK-specific threats and regulations.

• Develop and maintain information security policies, standards, and procedures in accordance with UK laws and regulations (GDPR, Data Protection Act 2018, FCA regulations).
• Ensure compliance with relevant industry standards (PCI DSS, ISO 27001) and UK-specific guidelines.
• Conduct security awareness training for employees, tailored to the UK financial services context.

• Assess and manage security risks associated with third-party vendors and service providers, ensuring compliance with UK data protection and outsourcing regulations.
• Ensure vendors comply with security requirements and contractual obligations, with particular attention to data residency and cross-border data transfer regulations.

• Develop and implement security controls and best practices for AWS cloud environments.
• Utilize AWS security services (Security Hub, GuardDuty, Config) to monitor and manage the organization’s security posture in AWS.
• Ensure compliance with AWS Well-Architected Framework security principles.

• Collaborate with other departments to integrate security into business processes, considering the specific requirements of the UK financial services industry.
• Report on security posture and key performance indicators to senior management, including UK-specific metrics and regulatory compliance updates.

The Ideal Candidate

• Substantial experience in information security including leadership experience.
• Proven track record of building and managing successful information security programs in compliance with financial regulations.
• Strong understanding of security frameworks, standards, and best practices.
• Extensive experience with cloud security and managing security posture in cloud environments.
• Strong analytical and problem-solving abilities.
• Deep understanding of security technologies and architecture, including cloud security and AWS-specific services.
• Knowledge of risk assessment methodologies and incident response procedures, tailored to the UK financial services context.
• Ability to develop and implement security policies and procedures in line with UK regulations.
• Experience with third-party risk management, with an understanding of UK-specific outsourcing and data protection requirements.

What can Modulr offer you

• You’ll be part of a cross-disciplinary team(s), with co-workers located in London, Edinburgh, Amsterdam and/or Mumbai.
• 33 days holiday (including bank holidays) + your birthday off - choose which days you take off to relax and/or spend time with loved ones.
• Learning Opportunities - on joining Modulr you will embark on our onboarding programme, called ModStart, to be equipped with the Modulr know-how and arm you with the tools you need to be successful from day 1!
• Great workspace - Modulr thrives on innovation which is best done through in-person collaboration.
• Bike to work scheme.
• ModInclusion - we actively encourage applications from anyone and everyone.