Head of IT & Security
Acorns
Description
GoHenry is a UK-based fintech company created by parents to pioneer financial education. More recently, GoHenry moved into Europe and the US by joining forces with French fintech company PixPay and US investing app, Acorns.
Together, Acorns, PixPay, and GoHenry have over 6 million members across 5 countries. GoHenry offers a debit card and app for kids and teens and companion apps for the family, with in-app tools for sending money, automating allowance, managing chores, setting savings goals, giving to charity, and in-app financial education lessons where kids can watch videos, take quizzes and earn points & badges. This is all designed to help kids and teens build good money habits that will last a lifetime.
The Role
As GoHenry Head of IT & Information Security, you'll own all elements of GoHenry's global information security program and be accountable for the security and protection of all information entrusted to us by our customers, partners, and employees. Ultimately, you'll be responsible for creating an organisational culture where information security is ingrained into the fabric of GoHenry standard business operations.
Reporting to the company Chief Product & Technology Officer, the Head of IT & Information Security will be responsible for proactively communicating to the executive team and board on the progress of the cyber security vision, strategy, roadmap and key performance indicators.
This position will closely work with Acorns CISO and be accountable to both Acorns CISO and GoHenry CPTO.
Responsibilities
Leadership & Team Management
Lead, motivate, and manage a small team of IT & Security professionals
Set clear performance expectations, objectives, and goals for team members.
Conduct regular one-on-one meetings, performance reviews, and provide constructive feedback to the team.
Foster a positive and inclusive team culture, encouraging professional and personal development and growth.
Develop and implement a strategic security plan aligned with the organisation’s goals and objectives.
Help manage the department budget
Security Operations
Design, develop and maintain an information security management system and supporting roadmap to align and scale with the company growth
Manage security assessment and testing processes, including but not limited to penetration testing, vulnerability management, and secure software development at a global level
Implement and manage industry security standards including SOC 2 and be inline with ISO-27001, NIST800-53 as well as card payment industry standards (PCI-DSS)
Develop and extend security tooling and automation efforts across the company
Risk Management
Conduct comprehensive risk assessments to identify potential security threats and vulnerabilities.
Develop and implement risk mitigation strategies to protect the organisation’s assets and reputation.
Compliance & Standards
Proactively identify security issues and potential threats and continuously build processes and design systems to watch for and protect against them
Improve risk posture to support and inform business stances and security investments
Incident Management
Plan for and manage cyber incident response plans while minimising effect on the business
Develop and conduct regular security drills and training programs.
Collaboration & Communication
Educate the company about security threats and implement threat protection measures at a global level
Advocate for secure application and infrastructure best practices, ensuring a security presence at all stages of the software development lifecycle
Manage relationships with external information security technology vendors and specialised information security professional services firms
IT Operations
Work closely with Acorns Team to ensure IT Operations are merging practices
Ensuring processes are as efficient as possible
Ensuring services provided are up to the agreed standard
What we’re looking for
At least 10 years experience in the information security space. We would love it if that had been spent with high growth Fintech companies
Expert experience with cloud security, platforms and services, including understanding of current security offerings from cloud service providers (ideally GCP) applied to microservice infrastructures
Experience in developing and embedding an information security management system
Experience in the evaluation, implementation and management of industry standard enterprise wide information security technologies and concepts, including but not limited to Network/Application/Cloud Security, Data Security, Threat and Vulnerability Management, runtime protection and Identity & Access Management
Clear understanding of relevant information security governance, technical and security standards and regulations
Hands on familiarity and experience implementing industry security standards like NIST 800-53, SOC-2, PCI-DSS, Digital Operational Resilience Act (DORA), Prudential Regulation Authority (PRA) and NIS-2 as well as current data privacy regulations, including GDPR and regional standards
Deep knowledge of networking and network security
Strong understanding and experience with Secure SDLC and DevSecOps or security automation
Ability to work under pressure across multiple stakeholders
Excellent written and communication skills and ability to communicate across all levels of an organisation.
Relevant certifications (e.g., CISM, CISMP, CISSP, CCNA, SSCP) are highly desirable.
Benefits
Flexible working
BUPA Private Medical or BUPA Cash Plan
25 days annual leave, plus public holidays
An additional day off on the week of your birthday
Flexible public holidays
Family friendly leave policies
Death In Service Benefit - X4 your annual salary
Mental Health Platform - OpenUp
Nursery/ Childcare Benefits
Cycle to work scheme
Gym Discounts
Training budget.
We're proud to say...
We ranked #38 in Newsweek's Top 100 Most Loved Workplaces in the UK in 2023
We’re one of Tech Track’s top 50 fastest-growing UK companies.
We won Finders Kid’s Cards Customer Satisfaction Awards in 2022 and 2023.
We won the Tech for Good award at the Better Society Awards 2023
Our kids and parents have donated over £500,000 of their own money to NSPCC via their GoHenry accounts
GoHenry is an equal-opportunity employer, and we’re on a mission to foster a diverse & inclusive workplace. Individuals seeking employment at GoHenry are considered without regard to race, religion, national origin, age, sex, gender, gender identity, gender expression, sexual orientation, marital status, medical condition, ancestry, physical or mental disability, military or veteran status, or any other characteristic protected by applicable law.
Want to join our mission?
If GoHenry sounds like a place you’d like to be, please apply using the link below