Head of Information Security

United Fintech is building a global platform that connects financial institutions with modern, scalable technology solutions. Through acquisitions and partnerships, we bring together market‑leading fintech products that serve banks, exchange groups, brokerages, and investment firms worldwide.

As Head of Information Security at United Fintech, you will play a key role in defining and executing the organisation’s security strategy, governance, and resilience. Working closely with Product, Engineering, IT, and leadership teams, you will drive security initiatives, manage risk, and support compliance across the group and its product entities.

Key responsibilities include:

• Strategic Roadmap: Design and execute a multi‑year security roadmap that aligns with the overall corporate strategy at group level across all products to achieve the desired state for security, privacy, and compliance.
• Executive Reporting: Define and report key security metrics and program maturity indicators to the Executive Board regularly. Educate & inform on evolving cyber risks.
• Governance & Compliance: Facilitate group‑wide security governance across centralized services and acquired companies by supporting the definition and maintenance of security policies and controls. Provide guidance on the ISO 27001 and SOC2 programs and assist the organization in meeting applicable cybersecurity and privacy regulations.
• M&A Due Diligence: Lead security assessments during M&A and design post‑acquisition security uplift plans as part of integration.
• SOC 2 / ISO certification: Own the delivery and maintenance of SOC 2 and ISO 27001 certifications across the Group and its product entities, including integration of newly acquired companies.
• Technical Risk & Operations
• IT Collaboration: Partner with Product IT departments to establish and maintain a high level of cybersecurity maturity across the organization.
• Vulnerability Management: Head the vulnerability management and penetration testing programs, ensuring effective oversight of treatment and remediation efforts.
• Application Security: Partner with product and engineering teams to embed security and privacy into the design process, supporting a ‘security‑as‑a‑feature’ approach that adds value for our regulated clients.
• AI Security: Define and oversee data governance policies, ensuring safe deployment and regulatory compliance of AI capabilities across the platform.
• Resilience Strategy: Assist the business in ensuring the overall defense strategy is "fit for purpose," including Cyber Security Incident Response, Business Continuity Planning (BCP), and Disaster Recovery (DR).
• Incident Response: Drive the development and implementation of a security incident response plan in accordance with applicable legislation and industry standards.
• Culture & Enablement
• Security Awareness: Organize and deliver targeted security training to improve the security awareness of all internal teams.
• Risk Management: Liaise and collaborate with internal stakeholders to identify, monitor, manage, and report on security risks associated with technology, people, and processes.
• Third‑Party Management: Ensure robust security compliance due diligence and ongoing monitoring of all third‑party vendors. Build and execute an operational & cost effective strategy on cross‑product vendor choice and management.
• Customer Assurance: Coordinate the response to customer security assessments and questionnaires; represent the company’s security function at customer meetings, industry events, and online.

You will bring:

• Experience: 10+ years of experience in information technology or security, with at least 5 years in a senior leadership position (e.g., Head of, VP, Director, or CISO).
• Technical Acumen: Highly technical background with a deep understanding of modern security architectures.
• Communication: Excellent presentation and interpersonal skills; able to communicate effectively at all levels, from technical teams to executive leadership.
• SaaS & Agile: Demonstrated experience embedding "Agile Security" principles within a SaaS product environment.
• Frameworks: Proven knowledge and experience with ISO 27001 and SOC2 compliance; experience within a regulated environment is required.
• Certifications: Professional information security certifications such as CISSP, CISM, or ISO 27001 Lead Implementer.
• Industry Knowledge: Prior experience or knowledge of commercial lending and/or capital markets is a distinct advantage.

Location & Working Arrangements

This role is based in London. The position is full‑time and will be reporting to the Chief Operations Officer (COO).

What We offer

• Competitive salary and benefits aligned with local market standards.
• Opportunity to work within a global organisation alongside experienced professionals, contributing to the delivery and evolution of technology solutions for financial institutions.
• Enjoy the flexibility to balance your professional goals with personal ambitions, while contributing to a supportive, inclusive, and values‑driven workplace culture.
• Innovative, dynamic and friendly work environment.

We encourage candidates of all backgrounds to apply and are committed to fostering a diverse, inclusive, and supportive working environment.