Head of IT & Information Security

GoHenry is a UK-based fintech company created by parents to pioneer financial education. More recently, GoHenry moved into Europe and the US by joining forces with French fintech company PixPay and US investing app, Acorns. 

Together, Acorns, PixPay, and GoHenry have over 6 million members across 5 countries. GoHenry offers a debit card and app for kids and teens and companion apps for the family, with in-app tools for sending money, automating allowance, managing chores, setting savings goals, giving to charity, and in-app financial education lessons where kids can watch videos, take quizzes and earn points & badges. This is all designed to help kids and teens build good money habits that will last a lifetime.

The Role

As GoHenry Head of IT & Information Security, you'll own all elements of GoHenry's global information security program and be accountable for the security and protection of all information entrusted to us by our customers, partners, and employees. Ultimately, you'll be responsible for creating an organisational culture where information security is ingrained into the fabric of GoHenry standard business operations.

Reporting to the company Chief Product & Technology Officer, the Head of IT & Information Security will be responsible for proactively communicating to the executive team and board on the progress of the cyber security vision, strategy, roadmap and key performance indicators.

This position will closely work with Acorns CISO and be accountable to both Acorns CISO and GoHenry CPTO.

Responsibilities

Leadership & Team Management

• Lead, motivate, and manage a small team of IT & Security professionals
• Set clear performance expectations, objectives, and goals for team members.
• Conduct regular one-on-one meetings, performance reviews, and provide constructive feedback to the team.
• Foster a positive and inclusive team culture, encouraging professional and personal development and growth.
• Develop and implement a strategic security plan aligned with the organisation’s goals and objectives.
• Help manage the department budget

Security Operations

• Design, develop and maintain an information security management system and supporting roadmap to align and scale with the company growth
• Manage security assessment and testing processes, including but not limited to penetration testing, vulnerability management, and secure software development at a global level
• Implement and manage industry security standards including SOC 2 and be inline with ISO-27001, NIST800-53 as well as card payment industry standards (PCI-DSS) 
• Develop and extend security tooling and automation efforts across the company

Risk Management

• Conduct comprehensive risk assessments to identify potential security threats and vulnerabilities.
• Develop and implement risk mitigation strategies to protect the organisation’s assets and reputation.

Compliance & Standards

• Proactively identify security issues and potential threats and continuously build processes and design systems to watch for and protect against them
• Improve risk posture to support and inform business stances and security investments

Incident Management

• Plan for and manage cyber incident response plans while minimising effect on the business
• Develop and conduct regular security drills and training programs.

Collaboration & Communication

• Educate the company about security threats and implement threat protection measures at a global level
• Advocate for secure application and infrastructure best practices, ensuring a security presence at all stages of the software development lifecycle
• Manage relationships with external information security technology vendors and specialised information security professional services firms

IT Operations

• Work closely with Acorns Team to ensure IT Operations are merging practices
• Ensuring processes are as efficient as possible
• Ensuring services provided are up to the agreed standard

What we’re looking for

• At least 10 years experience in the information security space.  We would love it if that had been spent with high growth Fintech companies
• Expert experience with cloud security, platforms and services, including understanding of current security offerings from cloud service providers (ideally GCP) applied to microservice infrastructures
• Experience in developing and embedding an information security management system
• Experience in the evaluation, implementation and management of industry standard enterprise wide information security technologies and concepts, including but not limited to Network/Application/Cloud Security, Data Security, Threat and Vulnerability Management, runtime protection and Identity & Access Management
• Clear understanding of relevant information security governance, technical and security standards and regulations
• Hands on familiarity and experience implementing industry security standards like NIST 800-53, SOC-2, PCI-DSS, Digital Operational Resilience Act (DORA), Prudential Regulation Authority (PRA) and NIS-2 as well as current data privacy regulations, including GDPR and regional standards
• Deep knowledge of networking and network security
• Strong understanding and experience with Secure SDLC and DevSecOps or security automation
• Ability to work under pressure across multiple stakeholders
• Excellent written and communication skills and ability to communicate across all levels of an organisation.
• Relevant certifications (e.g., CISM, CISMP, CISSP, CCNA, SSCP) are highly desirable.

Benefits

• Flexible working
• BUPA Private Medical or BUPA Cash Plan
• 25 days annual leave, plus public holidays
• An additional day off on the week of your birthday
• Flexible public holidays
• Family friendly leave policies
• Death In Service Benefit - X4 your annual salary
• Mental Health Platform - OpenUp
• Nursery/ Childcare Benefits
• Cycle to work scheme
• Gym Discounts
• Training budget.

We're proud to say...

• We ranked #38 in Newsweek's Top 100 Most Loved Workplaces in the UK in 2023 
• We’re one of Tech Track’s top 50 fastest-growing UK companies. 
• We won Finders Kid’s Cards Customer Satisfaction Awards in 2022 and 2023. 
• We won the Tech for Good award at the Better Society Awards 2023 
• Our kids and parents have donated over £500,000 of their own money to NSPCC via their GoHenry accounts

GoHenry is an equal-opportunity employer, and we’re on a mission to foster a diverse & inclusive workplace. Individuals seeking employment at GoHenry are considered without regard to race, religion, national origin, age, sex, gender, gender identity, gender expression, sexual orientation, marital status, medical condition, ancestry, physical or mental disability, military or veteran status, or any other characteristic protected by applicable law. 

Want to join our mission? 

If GoHenry sounds like a place you’d like to be, please apply using the link below