Head of Information Security
At Freetrade, we believe investing should be open to everyone. It’s one of the best ways to grow your savings, but for a lot of people, investing seems complicated, expensive and remote. We want to change all that.
We're a technology company that brings simple, free stock investing to everyone. We’ve built a beautiful investing app to trade in real shares, with zero commissions or fees in a fluid, mobile-first experience. And behind the app, we’re building all the technology and infrastructure from the ground up.
As the first challenger stockbroker to disrupt the £1.2 trillion UK retail investment market, we’re poised to expand into Europe in 2020. Our recent Series A investment from leading tech-focused VC Draper Esprit takes our total funding to over $20m, following some record-breaking crowdfunding rounds on Crowdcube.
We are looking for a Head of Information Security. You will own the development and implementation of the Cyber and Information Security Strategy and Risk Framework and associated policies to enable us to scale rapidly but safely. This role will report to the VP of Risk & Compliance, but will also work very closely with the CTO.
Using GCP's serverless offerings like Firestore, Cloud Composer & Stackdriver, we're able to quickly build a reliable and performant platform. We use Swift and Kotlin to write performant and reliable native applications leading to a frictionless investment experience. We're language-agnostic, as we're focused on finding amazing software engineers who want to build something exciting with us.
Your responsibilities will include:
- Building out a cyber and information security risk framework, aligned to NIST
- Operational monitoring of all critical and important systems, both internal and external
- Ownership of customer data security governance
- Enhancement of our security awareness programme
- Cyber and operational resilience disaster recovery and business continuity planning
In the first 12 months you will:
- Build out our information security risk frameworks
- Conduct gap analyses and risk assessments
- Enhance and maintain our policy and process library
- Work closely with our Engineering team to embed technology risk identification, measurement and controls disciplines
- Be a driving force in the recruitment of SREs and security engineers
- Oversee and enforce access control across the company
- Develop in-house incident security monitoring and response procedures
- Evaluate third party providers for risks to operational resilience and data protection
- Evaluate and develop security tools
- Demonstrate and promote security best practices
- Report regularly to risk committees and Board with KPIs and status reports summarising new and ongoing security risks
- You’re an excellent communicator and thrive working cross-functionally with disciplines from engineering and product to operations and finance
- You are comfortable with presenting to senior management, and with both providing and receiving constructive challenge in these forums
- You have deep technical knowledge and experience in information security (in a cloud-hosted infrastructure)
- You have strong knowledge and experience of technology and operational risk management, and the ability to put theory into practice
- You are resourceful and take a practical and prioritised approach to challenges
- You love to learn new skills and want to develop your existing ones to maximise your potential
- You care about impact, love a challenge, and take ownership of your work
In light of the continued Covid-19 risks, all interviews are expected to take place by phone or video call for this role. The interview process will begin with a short phone or video interview. The next stage will be a longer technical and competency-based interview with key role stakeholders. The final interview will be with members of the Executive team.
We offer a competitive base salary plus stock options and lots of other benefits.
We are an Equal Opportunity employer committed to a diverse and representative team. Whatever your race, religion, colour, national origin, gender, sexual orientation, age, marital status, or disability - we want to hear from you. We're very open about what we're working on, and the best places to learn more are our buzzing community forum and our blog.
Please note that we are not accepting agency CVs.