Information Security Governance Manager

Our vision is a world where all businesses are powered by embedded payments. Modulr enables businesses, from SMEs to Enterprise, to grow their revenue, drive efficiencies and deliver fantastic customer experiences, by embedding payments into their products and operating systems. We do this by providing products and services which allow our clients to efficiently collect, reconcile and disburse funds instantly via a range of payment schemes, accounts, and card products, fully controllable via API.

What You'll Do

• Own and operate the information security risk register, ensuring risks are clearly articulated, consistently assessed, actively managed, and accurately reflected in governance and executive reporting.
• Work with technology, product, and platform teams to identify, assess, and track information security risks, providing constructive challenge where risk assessments or remediation plans are weak, incomplete, or misaligned with risk appetite.
• Ensure security incidents, near misses, and material control failures result in appropriate updates to risk posture, governance reporting, and follow-up actions, rather than being treated as isolated operational issues.
• Own the lifecycle of information security policies and standards, ensuring they remain relevant, proportionate, and aligned with how the organisation builds and operates technology.
• Operate and govern the policy exception process, ensuring exceptions are risk assessed, time bound, and approved at the appropriate level, with clear visibility of residual risk.
• Develop and maintain clear, decision focused information security reporting for technical risk forums, executive committees, and board level audiences, including content for the CTO's board pack.
• Define, maintain, and continuously improve security management information, metrics, and KPIs, focusing on insight and decision support rather than volume or vanity measures.
• Translate complex or technical security issues into concise, business focused risk narratives that support informed decision making by senior and non-technical stakeholders.
• Prepare and support governance forums, including agenda setting, paper authorship, action tracking, and follow up to ensure decisions are implemented and risks are actively managed.
• Evolve the organisation's approach to information security governance and reporting as the business scales, technology changes, and regulatory expectations develop.
• Act as a trusted advisor on information security risk and governance matters, partnering closely with security engineering functions while remaining independent from delivery ownership.
• Work closely with risk, compliance, legal, and internal audit teams to ensure alignment, consistency, and effective use of governance effort.

Who You Are

What you'll need

• Significant experience in an information security governance, risk, or assurance role within fintech, financial services, or a similarly regulated environment.
• Demonstrable ownership of an information security risk register, including risk articulation, assessment, treatment tracking, and senior management reporting.
• Experience owning information security policies and standards end to end, including review, approval, exception handling, and ongoing relevance.
• Regular exposure to executive committees and board level reporting, with accountability for the quality, clarity, and narrative of content presented.
• Strong understanding of information security risk management principles and how they are applied in practice, not just defined in frameworks.
• Ability to distinguish between theoretical, perceived, and material security risk, and reflect that accurately in governance discussions and reporting.
• Confidence to challenge engineering and senior stakeholders constructively, using evidence and risk-based reasoning rather than policy citation.
• Excellent written communication skills, with the ability to translate technical security issues into clear, business focused risk narratives.
• Strong judgement and prioritisation skills, balancing regulatory expectations, security risk, and delivery realities.
• Ability to operate independently, manage multiple governance cycles in parallel, and take accountability for outcomes rather than activity.

Nice to haves

• Experience supporting regulatory interactions, supervisory reviews, or significant audit activity in a regulated environment.
• Professional certifications in information security, risk, or governance.
• Experience working in organisations undergoing rapid growth, technology change, or increasing regulatory scrutiny.
• Familiarity with modern, cloud-based technology environments and contemporary software delivery practices from a governance perspective.
• Experience improving or evolving governance, risk, or reporting models rather than simply operating established processes.

What We Offer You

• Share Options - We offer a Company Share Option Plan (CSOP), giving you the opportunity to benefit from any increase in share value in the event of a sale, merger, or flotation.
• Bonus - Our annual discretionary bonus, paid in May for the previous year, is based on both company and individual performance.
• Flexible benefits - £1000 to spend on benefits to suit you, including private medical insurance, gym membership, dental etc.
• Wellbeing app - confidential, on-demand access to therapy, coaching, counselling, management training or mindfulness sessions with accredited professionals, with company-funded hours and top-up options available.
• Holidays - 33 days annual leave (including bank holidays) plus your birthday off. In the UK, Christmas Day, Boxing Day, and New Year's Day are fixed holidays. You can choose the remaining days to suit your personal schedule.
• Learning opportunities - Our two-day onboarding program, ModStart, helps equip you for success. Learning doesn't stop there; we'll continue to support your development through various channels.
• Company-Wide Events - Participate in collaborative and engaging events with colleagues across the business.
• Bike to work / E-bike scheme.

At Modulr, we're committed to building a diverse, equitable and inclusive culture where everyone feels they belong and can bring their whole self to work. We welcome applications from candidates of all backgrounds as we believe it's the right thing for our people, our business, and the community we operate in.