156 Ciso jobs in London

Job Description

Job Title

Chief Security Office (CSO) UKI Regional Chief Information Security Officer (CISO)nAndnCSO Chief Technology Office (CTO) Identity & Access (I&A) Capability LeadnLocation

LondonnCorporate Title

DirectornYou will be accountable for overseeing Information Security (IS) within the UKI region to ensure cyber security risks and associated events are recognised at regional or legal entity level, and are in compliance with the needs of local regulators.nThe CTO I&A team within CSO is at the forefront of engineering global I&A technology, pushing boundaries with innovative solutions to equip the organisation for a hybrid-cloud future. In this transformative role, you will lead a pioneering technology platform, leveraging cloud-native services.nWhat we’ll offer younA healthy, engaged and well-supported workforce are better equipped to do their best work and, more importantly, enjoy their lives inside and outside the workplace. That’s why we are committed to providing an environment with your development and wellbeing at its centre.nYou can expect:nHybrid Working - we understand that employee expectations and preferences are changing. We have implemented a model that enables eligible employees to work remotely for a part of their working time and reach a working pattern that works for them

Competitive salary and non-contributory pension

30 days’ holiday plus bank holidays, with the option to purchase additional days

Life Assurance and Private Healthcare for you and your family

A range of flexible benefits including Retail Discounts, a Bike4Work scheme and Gym benefits

Your key responsibilitiesnUKI CISOnCoordinating regional CISO strategy, while ensuring alignment to Deutsche Bank Group and Group Security Strategy

Overseeing development and maintenance of local IS policies and contributing to the formulation of the Group Security strategy to ensure it meets regional legal/regulatory/risk requirements and drives its implementation in the region

Representing the IS organisation at the appropriate regional, control and governance fora to ensure IS risks and associated events are recognised at regional or legal entity level, and are in compliance with the needs of local regulators.

Drive local IS awareness campaigns to deliver behavioural change in the bank’s population in order to make the bank more secure.

CTO I&A Capability LeadnLead and orchestrate both global external and internal delivery teams to develop an advanced I&A capability utilising state-of-the-art technologies, seamlessly integrating with the existing hybrid-cloud I&A landscape.

Bring together cross-functional domains, translating visionary architectural concepts into the broader ecosystem and ensuring holistic alignment.

Architect the future-state organisation, building robust functions and operational frameworks that set new standards for excellence.

Your skills and experiencenIn depth understanding of information security control and governance frameworks

Experience with senior level presentations to regulators, legal entity boards and other senior management fora

Strong understanding of compliance, audit, and regulatory requirements related to information security in a financial institution

Experience with managing vendor partners and matrix organisation. Knowledge in organisational setup and transformation processes

Experience with AI-driven and SaaS solutions in Identity & Access Management

Proven project management expertise within large-scale, complex organisations, driving high-impact initiatives to successful delivery.

Hands-on experience with solutions in Identity & Access Management positioning you to front innovation in this critical domain.

How we’ll support younFlexible working to assist you balance your personal priorities

A range of flexible benefits that you can tailor to suit your needs

We value diversity and as an equal opportunities’ employer, we make reasonable adjustments for those with a disability such as the provision of assistive equipment if required (for example, screen readers, assistive hearing devices, adapted keyboards)

About usnDeutsche Bank is the leading German bank with strong European roots and a global network. Click here to see what we do.nDeutsche Bank in the UK is proud to have been named The Times Top 50 Employers for Gender Equality 2025 for six consecutive years. Additionally, we have been awarded a Gold Award from Stonewall and named in their Top 100 Employers 2024 for our work supporting LGBTQ+ inclusion.nWe strive for a culture in which we are empowered to excel together every day. This includes acting responsibly, thinking commercially, taking initiative and working collaboratively.nTogether we share and celebrate the successes of our people. Together we are Deutsche Bank Group.nWe welcome applications from all people and promote a positive, fair and inclusive work environment.

#J-18808-Ljbffrn

Information Security Manager

Location: London, Hybrid
Salary: Up to 75,000

Reports to: Head of Cyber Security

A well regarded Managed Service Provider is seeking an experienced Information Security Manager to join its team on a permanent basis. This role offers the opportunity to lead and deliver strategic security initiatives across a varied client base, with a strong focus on governance, risk, and compliance.

The successful candidate will have a proven background within an MSP or MSSP environment, hold CISSP certification, and demonstrate deep expertise in GRC frameworks, particularly ISO27001. Experience acting as a virtual Chief Information Security Officer (vCISO) is essential.

This business has made significant investment into its SOC-as-a-Service offering, positioning itself at the forefront of managed security solutions and enabling clients to benefit from cutting-edge threat detection and response capabilities.

Key Responsibilities:

• Serve as a vCISO for clients, providing strategic guidance on security posture and compliance
• Lead the development and implementation of security policies, procedures, and controls
• Manage ISO27001 compliance, including internal and external audits
• Conduct risk assessments and oversee incident response planning
• Collaborate with technical teams to ensure security is embedded across services
• Advise on regulatory requirements and emerging threats

Candidate Profile:

• Extensive experience in information security within an MSP or MSSP
• CISSP certified
• Strong working knowledge of GRC frameworks, including ISO27001
• Demonstrated experience in a vCISO capacity
• Excellent stakeholder engagement and communication skills
• Ability to lead complex security programmes across multiple environments

This role offers flexible working arrangements (hybrid), exposure to a wide range of industries and technologies, and the chance to join a collaborative team within a forward-thinking MSP committed to professional development.

Only candidates with the right to work in the UK will be considered .

London - Hybrid

Paying up to 75,000, depending on experience.

Information Security Manager

Location: London, Hybrid
Salary: Up to 75,000

Reports to: Head of Cyber Security

A well regarded Managed Service Provider is seeking an experienced Information Security Manager to join its team on a permanent basis. This role offers the opportunity to lead and deliver strategic security initiatives across a varied client base, with a strong focus on governance, risk, and compliance.

The successful candidate will have a proven background within an MSP or MSSP environment, hold CISSP certification, and demonstrate deep expertise in GRC frameworks, particularly ISO27001. Experience acting as a virtual Chief Information Security Officer (vCISO) is essential.

This business has made significant investment into its SOC-as-a-Service offering, positioning itself at the forefront of managed security solutions and enabling clients to benefit from cutting-edge threat detection and response capabilities.

Key Responsibilities:

• Serve as a vCISO for clients, providing strategic guidance on security posture and compliance
• Lead the development and implementation of security policies, procedures, and controls
• Manage ISO27001 compliance, including internal and external audits
• Conduct risk assessments and oversee incident response planning
• Collaborate with technical teams to ensure security is embedded across services
• Advise on regulatory requirements and emerging threats

Candidate Profile:

• Extensive experience in information security within an MSP or MSSP
• CISSP certified
• Strong working knowledge of GRC frameworks, including ISO27001
• Demonstrated experience in a vCISO capacity
• Excellent stakeholder engagement and communication skills
• Ability to lead complex security programmes across multiple environments

This role offers flexible working arrangements (hybrid), exposure to a wide range of industries and technologies, and the chance to join a collaborative team within a forward-thinking MSP committed to professional development.

Only candidates with the right to work in the UK will be considered .

London - Hybrid

Paying up to 75,000, depending on experience.

We are looking for a highly skilled Information Security Consultant to join our Operational Risk Management (ORM) team at the European Bank for Reconstruction and Development (EBRD). This is a unique opportunity to play a vital role in protecting the EBRD's Information Assets and IT Facilities, supporting the delivery of critical projects, and shaping our security and risk governance across the Bank; with a focus on providing Information Security consultancy to the business and performing supplier assurance assessments.

Your Role and Purpose

As an Information Security Consultant, you will support the Head of Information Security in managing Information Security (IS) risks across the Bank. You will be responsible for:

• Providing technical security consultancy and managing risk assessments, including third-party and cybersecurity risks.
• Identifying and assessing AI risks and devising remediation programmes.
• Working on key Information and Cybersecurity remediation projects such as Data Leakage Prevention (DLP) and Supplier Assurance Security Reviews.
• Assess and advise on technical risk mitigation measures, review identified risks, analyse security incidents and communicate risk mitigation actions, plans and activities to management and peers for strategic decision-making.
• Ensuring regulatory compliance and supporting internal/external reviews.
• Work closely with the IT Department on technical aspects of information security in the Bank.

Key Responsibilities

• Conduct Information Security and Cybersecurity assessments and technical risk evaluations.
• Design remediation projects, in particular around Data Leakage, Supplier Security Assurance and AI.
• Liaise with IT and MSSP teams to identify and remediate security risks/incidents.
• Draft reports, risk register updates, and maintain documentation aligned with best practice (ISO 27001, NIST CSF).
• Track and advise on industry security trends and their implications.
• Contribute to social engineering assessments, BAU risk mitigation, and business process evaluations.
• Influence and support change by aligning policy updates with new regulations and business needs.

What We're Looking For

• A Bachelor's or Master's degree (preferably in IT, Security, or Risk).
• At least one recognised IS qualification (CISM, CISA, CISSM, ISO 27001 Lead Auditor/Implementer, CIPP/E).
• Proven experience in delivering project and supplier assurance activities in the IS domain.
• Strong written and verbal communication skills, especially the ability to translate technical details into business-friendly language.
• Effective project management and stakeholder engagement abilities.
• Ability to work independently, manage multiple priorities, and maintain high attention to detail.
• A collaborative mindset with strong influencing and problem-solving capabilities.

What is it like to work at the EBRD?

Our agile and innovative approach is what makes life at the EBRD a unique experience! You will be part of a pioneering and diverse international organisation, and use your talents to make a real difference to people's lives and help shape the future of the regions we invest in.

The EBRD environment provides you with:

• Varied, stimulating and engaging work that gives you an opportunity to interact with a wide range of experts in the financial, political, public and private sectors across the regions we invest in;
• A working culture that embraces inclusion and celebrates diversity;
• An environment that places sustainability, equality and digital transformation at the heart of what we do.

Diversity is one of the Bank's core values which are at the heart of everything it does. A diverse workforce with the right knowledge and skills enables connection with our clients, brings pioneering ideas, energy and innovation. The EBRD staff is characterised by its rich diversity of nationalities, cultures and opinions and we aim to sustain and build on this strength. As such, the EBRD seeks to ensure that everyone is treated with respect and given equal opportunities and works in an inclusive environment. The EBRD encourages all qualified candidates who are nationals of the EBRD member countries to apply regardless of their racial, ethnic, religious and cultural background, gender, sexual orientation or disabilities. As an inclusive employer, we promote flexible working and expecting our employee to attend the office 50% of their working time.

Please note, that due to the high volume of applications received, we regret to inform you that we are unable to provide detailed feedback to candidates who have not been shortlisted (for further consideration).

Job Segment: Information Security, Risk Management, Compliance, Law, Sustainability, Technology, Finance, Legal, Energy

OverviewnThe Information Security Specialist will play a key role in strengthening the organization’s security posture. This role covers a broad range of responsibilities, including enhancing security controls, conducting security assessments, overseeing patch management, and supporting the implementation of information security solutions and related projects.

Responsibilities

Oversee the implementation, audit, and assurance of information security policies, standards, guidelines, and procedures to maintain strong security practices.

Ensure all business processes are aligned with the Group’s information security policies and standards, driving consistency across operations.

Contribute to the development and delivery of information security awareness, training, and education programs to strengthen staff knowledge and practices.

Collaborate with internal and external stakeholders to assess the effectiveness of security controls and ensure compliance with regulatory and organizational requirements.

Assist in performing information security risk assessments, identifying vulnerabilities, and recommending preventive measures to mitigate risks.

Support and participate in information security projects, contributing to the continuous enhancement of security measures across the organization.

Provide support in handling and resolving security incidents, minimizing impact and ensuring timely remediation.

Qualifications

8 years of experience in information security management

Certified with CISSP or related qualifications are strongly preferred

In-depth understanding of ISO 27001 standards and practical experience with their implementation

Strong knowledge of risk management frameworks and methodologies

Hands-on experience with security technologies such as EDR, SIEM, IAM, Vulnerability Management Systems, Anti-Virus, APT, DLP, Threat Protection, Web Proxy, and Access Control solutions

Prior experience in the broadcast media or digital industries is highly desirable

Have the right to work in the UK (Mandatory)

About the job

Contract Type: Permanent

Focus: Information Security

Workplace Type: On-site

Experience Level: Associate

Location: London

Industry: Media

Salary: £50,000 - £80,000 per annum + bonus

This job posting is listed by Robert Walters Operations Limited, an employment business and employment agency. Applications from all candidates are welcome.

#J-18808-Ljbffrn

This job is brought to you by Jobs/Redefined, the UK's leading over-50s age inclusive jobs board.nLocation:

London, UK (Hybrid: 2 days per week in the office)nCompany:

Navro - Pioneering the Future of PaymentsnArchitecting Trust: Information Security ManagernThis isn't just another Information Security role. No legacy systems. No corporate red tape. No coasting. This is about building something from the ground up. Fast.nWe're Navro, a rapidly scaling B2B payments startup, and we're looking for a bold, proactive, and hands-on

Information Security Manager

to help safeguard our platform and operations. This is your chance to shape our security posture, instill a security first-mindset, ensure compliance with international standards, and make decisions that impact the entire business.nYou won't have layers of approval slowing you down. You will have the freedom to make real, impactful decisions from day one. This isn't a passenger role. We're bringing you in for your expertise and your relentless drive. You will be responsible for understanding our information assets, identifying emerging threats, and implementing robust security measures that protect Navro and our clients.nWho We ArenWe are transforming payments for global platforms and e-commerce businesses. As the world's first payments curation platform, we simplify cross-border transactions by uniting best-in-class infrastructure into a seamless ecosystem, enabling businesses to scale and operate effortlessly across borders. Cross-border workforce payments are slow, expensive, and outdated. We can't be. Businesses rely on us to pay their people accurately and on time - contractors, freelancers, and employees across the globe. When we say we'll deliver, failure isn't an option. If we don't do what we said we would, people don't get paid - not just a transaction delayed, but real workers left without wages. That means a developer in Argentina missing their paycheck, a freelancer in the Philippines unable to pay rent, or a contractor in Poland unable to get to work. No excuses. No passengers. No tolerance for politics or mediocrity.nWhat This Role Demands:nYou Own It

- You're responsible and proactive, you take the lead and make things happen.nYou Ask Questions

- You don't just gather requirements; you challenge assumptions, to make us better. Why this control, why not another way?nYou Fix What's Broken

- No waiting for permission. If it's clunky or output is inconsistent, you dive in, solve, and fix it.nYou're Hands-On

- One hour you're leading on an external audit, the next assessing a critical vendor's security posture, the next you're deep in the vulnerability rating details with DevOps.nYou Thrive in Chaos

- Startups are messy. Deadlines change, priorities shift, and ambiguity is constant. You bring clarity to define workable security policies and procedures.nYou Handle the Pressure

- Fast-paced. High stakes. You balance multiple projects, manage tight timelines, and keep moving forward.nYou're Here for the Journey

- This is career-defining. It's hard, rewarding, and not for the faint-hearted. If you're ready to grow alongside Navro, let's build something amazing together.nWhat You'll Be Doing:nDay-to-day responsibility for security GRC, help build version 2.0 of Navro's Information Security Management System. Ensure compliance to international standards and regional regulatory requirements.nOwn security GRC automation tooling (Vanta) and work across the business to maintain security compliance posture.nSuccessfully lead internal and external security audits - ISO 27001 / SOC2 Type II / PCI-DSS.nChampion a company-wide culture of security awareness and operational resilience by playing a key role in defining, maintaining, and managing security incident response and threat intelligence procedures.nLead, curate, and report on Navro's on-going and persistent security awareness programme including frequent phishing testing campaigns, secure development, etc.nWork with IT, SRE, and other key stakeholders on implementing and maintaining security policies and standards including disaster recovery and business continuity testing.nWork with Sales and Operations on business critical procedures for onboarding/offboarding clients and vendors. Act as primary contact for security due diligence and assessments.nProject manage initiatives with product and engineering teams to embed "security by design" into products, services, and processes.nHelp make Navro's security posture a value proposition - develop a Trust Centre to easily present and provide security information. Work with Marketing to position excellent posture, certifications, and regulatory compliance as a product differentiator.nWhat We're Looking For:nGRC Experience - You're the go-to person for security governance, risk, and compliance. With a degree in a computer or security discipline and numerous years' GRC experience under your belt.nStart-up - Preferably have worked in a start-up or scale-up environment before where ambiguity and chaos do not faze you.nTool Ninja - You're familiar with various tools and systems and have hands-on experience with market leading security tools including Vanta, KnowBe4, Google Workspace, Microsoft Entra, and Wiz.nDetail-Obsessed - You don't miss a thing. Your attention to detail and decision-making capabilities are top-notch. You're able to horizon scan and research effectively to find the missing details.nISO 27001 et al - You have built and maintained an ISO 27001 certified ISMS before and led other important security audit assessments (SOC2, PCI, etc.). You may have also gained ISO 27001 Lead Auditor or alike certifications (a plus).nCollaborator Extraordinaire - Strong communications skills with the ability to explain technical and security concepts, risks, controls in business terms.nRegulation Machine - You have knowledge of payments and various related regulatory environments including FCA, EMI, DORA, PSD2 (a plus).nYou may not possess every single required skill listed, and that's perfectly fine. If you have most of them, along with grit, passion, a desire to learn quickly, and the willingness to get stuck in, we encourage you to apply.nWhy Navro?nLead and Shape the Future: This is your chance to build and grow a market from zero to one.nMake Real Impact: Your decisions will directly shape Navro's growth journey.nInnovative Environment: Be at the forefront of Fintech innovation and payments disruption.nCareer-Defining Role: This isn't just another job. It's a legacy.nReady to Build Something Big?nThis is your chance to leave your mark. If you're ready to lead, build, and grow with the intensity that only startups offer, we want to hear from you.nApply now

and be part of Navro's journey to revolutionise payments with us.nBenefitsnAs part of this role you will receive the following:nYou will enjoy 26 days of annual leave (excluding Bank holidays)nVolunteering & Compassionate leavesnMaternity and Paternity leavesnPrivate HealthcarenCompany Options SchemenTeam socialsnComprehensive, interactive & engaging Training - Leadership, Communication and Presentation Skills, Behavioural Profiling, Conflict Management, etcnCareer frameworksnFlexibility surrounding other commitments; within your team we will work around child-care или other appointments you have. We just ask for advance notice!nFor those London Based 2-3 days per week in officenWorking in a diverse and inclusive environment where we ensure that our people thrivenNavro does not accept unsolicited resumes from search firms/recruiters. Navro will not pay any fees to search firms/recruiters if a candidate is submitted by a search firm/recruiter unless an agreement has been entered into with respect to specific open position(s). Search firms/recruiters submitting resumes on an unsolicited basis shall be deemed to accept this condition, regardless of any other provision to the contrary.

#J-18808-Ljbffrn

Overview

We specialise in delivering cutting-edge IT and cybersecurity solutions to our diverse client base. We provide expert-managed services to help clients protect their data, comply with regulations, and manage evolving cyber threats. We are looking for a skilled Information Security Manager to join our team and be billed out to a key client to enhance their information security posture. We are seeking an experienced Information Security Manager to play a critical role in ensuring the security and resilience of our client's IT systems and data. As a client-facing professional, you will act as the pivotal point of contact for all matters relating to information and cybersecurity. You will collaborate closely with multiple teams to develop, implement, and manage robust information security frameworks, policies, and protocols. This role combines both strategic leadership and technical expertise, enabling you to influence decision-making, advise on best practices, and ensure continuous improvement in the security posture. You will lead efforts in risk management, regulatory compliance, incident response, and security awareness training, while ensuring the client remains aligned with industry standards and legal requirements (e.g., ISO 27001, GDPR, Cyber Essentials). Your expertise will help mitigate risks, defend against cyber threats, and maintain the highest level of security across the client's infrastructure, all while maintaining a clear focus on delivering outstanding service and value. Key to your success will be your ability to manage complex security challenges, foster strong relationships with teams, and drive a proactive security culture within their organisation.nResponsibilities

Act as the primary information security point of contact for relevant teams, developing a trusted relationship and advising on all aspects of cybersecurity.nDevelop, implement, and maintain information security policies, procedures, and frameworks, ensuring alignment with industry standards (e.g., ISO 27001, NIST) and legal requirements (e.g., GDPR, Cyber Essentials).nConduct security risk assessments and vulnerability management for the client, providing actionable recommendations to mitigate risks.nLead incident detection, investigation, and response efforts, ensuring minimal impact to the client's business operations.nCollaborate with the client's IT and business teams to integrate security solutions and processes that align with their goals.nDeliver regular reporting to the client on security status, incidents, risks, and compliance with agreed SLAs and KPIs.nProvide guidance and support for the client in meeting their regulatory obligations (e.g., GDPR compliance, data protection).nOversee and lead security audits, penetration testing, and vulnerability assessments for the client.nManage security awareness training programs for the client's staff, fostering a culture of cybersecurity awareness.nProvide ongoing advice on emerging threats, vulnerabilities, and security best practices, helping the client stay ahead of the curve.nEnsure that the client's information security posture is continuously improved through proactive security measures, monitoring, and reporting.nQualifications

Proven experience (typically 5+ years) in information security management or a related role, preferably within an MSP or client-facing environment.nStrong understanding of UK and international cybersecurity regulations, including GDPR, Cyber Essentials, and ISO 27001.nExperience managing and leading security operations, incident response, and risk assessments.nUnderstanding and knowledge of security technologies (SIEM, firewalls, endpoint protection, encryption, etc.) and practices (vulnerability management, penetration testing).nExperience working in a service delivery or consultancy capacity with external clients.nExcellent communication skills, able to convey technical security information to non-technical stakeholders at all levels.nRelevant certifications such as CISSP, CISM, CISA, or equivalent are highly desirable.nStrong stakeholder engagement experiences.nAbility to work independently, take initiative, and work in a dynamic environment.nProactive approach to identifying and solving problems before they escalate.nStrong leadership and mentoring skills to support junior staff and teams.nAbility to translate business needs into security solutions.nBenefits

We offer a range of tailored benefits that support your physical, emotional, and financial wellbeing. Our Learning and Development team ensure that there are continuous growth and development opportunities for our people. We also offer the opportunity to have flexible work options.nWe are an equal opportunities employer. We believe in the fair treatment of all our employees and commit to promoting equity and diversity in our employment practices. We are also a proud Disability Confident Committed Employer - we are committed to creating a diverse and inclusive workforce. We actively collaborate with individuals who have disabilities and long-term health conditions which have an effect on their ability to do normal daily activities, ensuring that barriers are eliminated when it comes to employment opportunities. In line with our commitment, we guarantee an interview to applicants who declare to us, during the application process, that they have a disability and meet the minimum requirements for the role. If you require any reasonable adjustments during the recruitment process, please let us know. Join us in building a truly diverse and empowered team.nProven experience (typically 5+ years) in information security management or a related role, preferably within an MSP or client-facing environment.nNTT Data is a leading Managed Service Provider (MSP) with a global reach empowering local team, undertaking hugely exciting work and is genuinely changing the world. We are a business with a global reach that empowers local teams, and we undertake hugely exciting work that is genuinely changing the world. Our advanced portfolio of consulting, applications, business process, cloud, and infrastructure services will allow you to achieve great things by working with brilliant colleagues, and clients, on exciting projects.nOur inclusive work environment prioritises mutual respect, accountability, and continuous learning for all our people. This approach fosters collaboration, well-being, growth, and agility, leading to a more diverse, innovative, and competitive organisation. We are also proud to share that we have a range of Inclusion Networks such as: the Women's Business Network, Cultural and Ethnicity Network, LGBTQ+ & Allies Network, Neurodiversity Network and the Parent Network.nUpon joining the NTT DATA UK family, you will experience a culturally diverse organisation living our values of Clients First, Teamwork and Foresight as we partner with our customers every day. At NTT DATA UK, we are proud to support and invest in our people. We offer a variety of rewarding career paths and opportunities to develop professionally - with access to cutting edge innovation.

#J-18808-Ljbffrn

Location: London, UK (Hybrid: 2 days per week in the office)
Company: Navro – Pioneering the Future of Payments

Architecting Trust: Information Security Manager

This isn’t just another Information Security role. No legacy systems. No corporate red tape. No coasting. This is about building something from the ground up. Fast.

We’re Navro, a rapidly scaling B2B payments startup, and we’re looking for a bold, proactive, and hands-on Information Security Manager to help safeguard our platform and operations. This is your chance to shape our security posture, instill a security first-mindset, ensure compliance with international standards, and make decisions that impact the entire business.

You won’t have layers of approval slowing you down. You will have the freedom to make real, impactful decisions from day one. This isn’t a passenger role. We’re bringing you in for your expertise and your relentless drive. You will be responsible for understanding our information assets, identifying emerging threats, and implementing robust security measures that protect Navro and our clients.

Who We Are 

We are transforming payments for global platforms and e-commerce businesses. As the world’s first payments curation platform, we simplify cross-border transactions by uniting best-in-class infrastructure into a seamless ecosystem, enabling businesses to scale and operate effortlessly across borders. Cross-border workforce payments are slow, expensive, and outdated. We can’t be. Businesses rely on us to pay their people accurately and on time - contractors, freelancers, and employees across the globe. When we say we’ll deliver, failure isn’t an option. If we don’t do what we said we would, people don’t get paid - not just a transaction delayed, but real workers left without wages. That means a developer in Argentina missing their paycheck, a freelancer in the Philippines unable to pay rent, or a contractor in Poland unable to get to work. No excuses. No passengers. No tolerance for politics or mediocrity.

Requirements

What This Role Demands:

You Own It – You’re responsible and proactive, you take the lead and make things happen.

You Ask Questions – You don’t just gather requirements; you challenge assumptions, to make us better. Why this control, why not another way?

You Fix What’s Broken – No waiting for permission. If it’s clunky or output is inconsistent, you dive in, solve, and fix it.

You’re Hands-On – One hour you’re leading on an external audit, the next assessing a critical vendor’s security posture, the next you’re deep in the vulnerability rating details with DevOps.

You Thrive in Chaos – Startups are messy. Deadlines change, priorities shift, and ambiguity is constant. You bring clarity to define workable security policies and procedures.

You Handle the Pressure – Fast-paced. High stakes. You balance multiple projects, manage tight timelines, and keep moving forward.

You’re Here for the Journey – This is career-defining. It’s hard, rewarding, and not for the faint-hearted. If you’re ready to grow alongside Navro, let’s build something amazing together.

What You’ll Be Doing:

• Day-to-day responsibility for security GRC, help build version 2.0 of Navro’s Information Security Management System. Ensure compliance to international standards and regional regulatory requirements.
• Own security GRC automation tooling (Vanta) and work across the business to maintain security compliance posture.
• Successfully lead internal and external security audits - ISO 27001 / SOC2 Type II / PCI-DSS.
• Champion a company-wide culture of security awareness and operational resilience by playing a key role in defining, maintaining, and managing security incident response and threat intelligence procedures.
• Lead, curate, and report on Navro’s on-going and persistent security awareness programme including frequent phishing testing campaigns, secure development, etc.
• Work with IT, SRE, and other key stakeholders on implementing and maintaining security policies and standards including disaster recovery and business continuity testing.
• Work with Sales and Operations on business critical procedures for onboarding/offboarding clients and vendors. Act as primary contact for security due diligence and assessments.
• Project manage initiatives with product and engineering teams to embed “security by design” into products, services, and processes.
• Help make Navro’s security posture a value proposition - develop a Trust Centre to easily present and provide security information. Work with Marketing to position excellent posture, certifications, and regulatory compliance as a product differentiator.

What We’re Looking For:

GRC Experience – You’re the go-to person for security governance, risk, and compliance. With a degree in a computer or security discipline and numerous years’ GRC experience under your belt.

Start-up – Preferably have worked in a start-up or scale-up environment before where ambiguity and chaos do not faze you.

Tool Ninja – You’re familiar with various tools and systems and have hands-on experience with market leading security tools including Vanta, KnowBe4, Google Workspace, Microsoft Entra, and Wiz.

Detail-Obsessed – You don’t miss a thing. Your attention to detail and decision-making capabilities are top-notch. You’re able to horizon scan and research effectively to find the missing details.

ISO 27001 et al – You have built and maintained an ISO 27001 certified ISMS before and led other important security audit assessments (SOC2, PCI, etc.). You may have also gained ISO 27001 Lead Auditor or alike certifications (a plus).

Collaborator Extraordinaire – Strong communications skills with the ability to explain technical and security concepts, risks, controls in business terms.

Regulation Machine – You have knowledge of payments and various related regulatory environments including FCA, EMI, DORA, PSD2 (a plus).

You may not possess every single required skill listed, and that's perfectly fine. If you have most of them, along with grit, passion, a desire to learn quickly, and the willingness to get stuck in, we encourage you to apply.

Why Navro?

• Lead and Shape the Future: This is your chance to build and grow a market from zero to one.
• Make Real Impact: Your decisions will directly shape Navro’s growth journey.
• Innovative Environment: Be at the forefront of Fintech innovation and payments disruption.
• Career-Defining Role: This isn’t just another job. It’s a legacy.

Ready to Build Something Big?

This is your chance to leave your mark. If you’re ready to lead, build, and grow with the intensity that only startups offer, we want to hear from you.

Apply now and be part of Navro’s journey to revolutionise payments with us.

Benefits

As part of this role you will receive the following:

• You will enjoy 26 days of annual leave (excluding Bank holidays)
• Volunteering & Compassionate leaves
• Maternity and Paternity leaves
• Private Healthcare 
• Company Options Scheme
• Team socials 
• Comprehensive, interactive & engaging Training - Leadership, Communication and Presentation Skills, Behavioural Profiling, Conflict Management, etc
• Career frameworks
• Flexibility surrounding other commitments; within your team we will work around child-care or other appointments you have. We just ask for advance notice!
• For those London Based 2-3 days per week in office 
• Working in a diverse and inclusive environment where we ensure that our people thrive

Navro does not accept unsolicited resumes from search firms/recruiters. Navro will not pay any fees to search firms/recruiters if a candidate is submitted by a search firm/recruiter unless an agreement has been entered into with respect to specific open position(s).  Search firms/recruiters submitting resumes on an unsolicited basis shall be deemed to accept this condition, regardless of any other provision to the contrary.

ConSol Partners are seeking a Information Security Business Lead for an exciting raw materials & chemical manufacturer - in its London office!

This role will design, implement, and oversee a comprehensive cyber-security strategy tailored to industrial operations. This role is critical to safeguarding IT and OT environments, intellectual property, and ensuring compliance with global standards.

Key Responsibilities:

• Develop and execute the company’s information security strategy in line with business goals and industry regulations.
• Lead the creation and enforcement of security policies across IT and OT environments.
• Conduct risk assessments and implement proactive threat mitigation measures.
• Oversee Microsoft 365 security, endpoint protection, email security, and other key cybersecurity tools.
• Manage incident response plans and investigations, coordinating with internal teams and external partners.
• Ensure compliance with standards like ISO 27001, GDPR, and NIST frameworks.
• Promote security awareness and training across departments.

Requirements:

• Degree in Cybersecurity, Information Security, or related field.
• Proven experience in manufacturing, energy, chemicals, or similar sectors.
• 15 years of experience in a deeply-technical hands on role, and high level stakeholder engagement.
• Strong knowledge of cybersecurity frameworks, ICS/OT security, and risk management.
• Hands-on experience with Microsoft 365 security tools, EDR, and related technologies.
• Demonstrated leadership in incident response and cross-functional security initiatives.