Head of Information Security (HoIS)

At Kroo Bank, we’re building a better bank from the ground up. One that puts customers first, treats money responsibly, and uses technology to make everyday banking simpler, fairer and more transparent. We’re a fully regulated UK bank, backed by long-term investors, with a growing customer base and big ambitions. We move fast, think carefully, and hold ourselves to the highest standards, whether that’s how we engage with our customers, build products, manage risk, or look after our people.

Job Overview:

Drive our IT security strategy and implementation forward whilst protecting the business from security threats against unauthorised, disruption or destruction of digital data . Direct strategy, operations and product development for the protection of the enterprise information assets and manage the program of delivery. The scope of responsibility will encompass security awareness, security operations and applications and infrastructure, including the policies and procedures which apply.

Responsibilities:

• Managing the daily operation and implementation of the  information security strategy
• Developing and maintaining a forward looking security roadmap covering cloud, mobile, AI, and software platforms.
• Collaborating with the technology leadership to deliver new security technology approaches and implementing next generation solutions and controls
• Ensuring secure configuration and continuous compliance across IaaS, PaaS, and SaaS environments.
• Conducting a continuous assessment of current security practices and systems and identifying areas for improvement
• Performing security audits and risk assessments and reporting on ways to minimise threats and security exposure
• Owning the Information Security Management System (ISMS) and maintain ISO 27001 certification certification maintenance 
• Ensuring compliance and governance with applicable regulations
• Collaborating with operational teams to develop, implement and test  business continuity plans to ensure service is continuous when a change programme is introduced, or a security breach occurs or in the event that the disaster recovery plan needs to be triggered
• Protecting the intellectual property of the organisation at all times
• Monitoring security vulnerabilities and hacking threats in network and host systems
• Leading security operations (including  Managed SOC), threat intelligence, detection, and response capabilities.ns
• Defining KPIs and KRIs to measure security maturity and providing regular security reporting to Executive and Board level stakeholders.
• Managing and developing the  information security team 
• Championing and educating the organisation about the latest security strategies and technologies
• Managing the IT security budget and communicating this with the appropriate parties

Requirements

• Significant senior leadership experience in information security within a FCA and PRA regulated UK bank, fintech, or other regulated financial services organisation, with demonstrated engagement on CBEST matters (including oversight of threat led penetration testing) at Board Risk Committee level.
• Demonstrable experience achieving and maintaining ISO/IEC 27001 certification.
• Strong background in software application security and mobile security.
• Experience implementing and improving DevSecOps processes in cloud native (AWS or GCP) environments.
• Knowledge of AI/ML security risks and governance frameworks like ISO 42001 or NIST AI RMF.
• Experience leading security operations, incident response, and threat management.
• Ability to work collaboratively with the 2nd line of defence to ensure the Bank remains within risk appetite
• Ability to work with team members at all levels from Software Engineers & IT through to board level.

Benefits

What we offer:

At our cutting-edge fintech company, we know that attracting and retaining the best talent means offering top-notch benefits that help our employees thrive both in and outside of work. Check out what we currently offer:

• Generous holiday time: 25 days annual leave, 8 bank holidays, 1 Kroo bank holiday (June 24th), and 1 day off during the week of your birthday.
• Personal days: We know that life can be unpredictable, so we offer 3 personal days to use as needed.
• Employer-sponsored volunteer program: We're passionate about giving back to our community, and we support our employees in doing the same with up to 4 hours per month of employer-sponsored volunteer time.
• Mental health support: We care about the mental health of our team members and offer access to Spill, our mental health support partner.
• Workplace pension: We want you to feel secure about your future, so we offer a workplace pension with a 5% employee contribution and a 3% employer top-up.
• Top-notch equipment: We provide top-of-the-line equipment necessary for smooth hybrid work, including a MacBook laptop. Additionally, we also offer support in establishing your home office by contributing towards your setup if required.
• Modern office: When you're in the office, you'll enjoy access to our modern, bustling workspace in Farringdon (Central London).
• Cycle to Work scheme: We encourage sustainable transportation with our Cycle to Work scheme.
• Electric Car scheme: We're committed to reducing our carbon footprint, and our Electric Car scheme makes it easy for our employees to do the same.
• Enhanced parental leave: We know that family comes first, and we offer an enhanced parental leave policy to support our employees in starting and growing their families.
• Room for growth: As a fast-paced, high-growth start-up, we're dedicated to providing our employees with room to grow and excel.
• You get full healthcare for you and your nuclear family via Vitality.

Hybrid Working:

At Kroo Bank, we have a hybrid policy that gives both individuals and teams a lot of freedom when it comes to using the office space to boost productivity. Our London office is a great resource when used effectively. So, employees who can occasionally come to the office are a good fit for how we work right now. Keep in mind that this job involves working from Monday to Friday, with a mix of remote and office work, so you won't need to be on-site all the time.

Diversity and Inclusion:

We wholeheartedly uphold our commitment to fostering a diverse and inclusive workplace. Every employee is highly regarded, respected, and supported without any form of judgement or prejudice. We consider Diversity, Equality, and Inclusion as fundamental pillars guiding our path in all aspects of our bank. We also ensure that reasonable adjustments are made available to all candidates throughout the recruitment process.

To all Recruitment Agencies:

At Kroo Bank, agency resumes are strictly prohibited. Do not submit agency resumes or forward them to our job advertisements or Kroo Bank employees. Be aware that Kroo Bank will not assume any responsibility for fees incurred due to unsolicited resumes.

To ensure a fair and efficient application process, all candidates are kindly requested to submit their applications directly through the advertised platform. We kindly ask that you refrain from reaching out to the company or its employees via email, LinkedIn, or any other communication channels for inquiries or updates. Please note that any attempts to contact us through these channels will not receive a response. Thank you for your understanding and cooperation.