- Senior
- Office in London
Imagine catching criminals before they strike—that’s exactly what Napier’s AI-powered platform does! By analysing transactions and customers in real time, Napier AI’s technology empowers financial institutions to spot suspicious activity, like money laundering, and stops it in its tracks.
Napier AI’s technology works like a digital detective, combining AI with smart analytics to outthink criminals and protect people’s money from becoming criminal proceeds. It’s not just about stopping crime—it’s about making the financial world safer and more trustworthy for everyone.
Collaboration, innovation and wonderful people are just some of the reasons to bring your career to Napier. Our culture is shaped by our core values that promote equality, creativity, and opportunity in everything we do.
Overview of the role:
Napier currently holds both ISO 27001 and SOC2 (Type 2) certifications and is looking for a new Head of Information Security to both maintain those certifications through annual audits as well as enhance its overall Information Security posture. Napier offers on-prem and hosted AML software solutions to financial providers around the world meaning that Information Security is a critical discipline for us and one that our customers see as critical.
Overview of the role:
Napier currently holds both ISO 27001 and SOC2 (Type 2) certifications and is looking for a new Head of Information Security to both maintain those certifications through annual audits as well as enhance its overall Information Security posture. Napier offers on-prem and hosted AML software solutions to financial providers around the world meaning that Information Security is a critical discipline for us and one that our customers see as critical.
The Head of Information Security is responsible for the overall Information Security posture at Napier. This goes from policy definition and audit through ensuring teams across the business implement appropriate technical and organisational measures to ensuring customers feel safe entrusting us with their customers’ data.
The role reports directly into our CTO and manages a team of InfoSec specialists. Key relationships are with the Risk and Compliance, Internal IT, Platform (managed service) and Engineering teams.
Your day to day: Head of Information Security
- Maintain and improve Napier’s Information Security Management System, Policies and Certifications
- Overall responsibility for Napier’s InfoSec policies and ISMS
- Seek to define, improve and refine Napier’s policies based on industry-practice and customer demands in the financial sector.
- Work with Head of Risk and Compliance in ensuring all aspects of the business understand and comply with policies
- Work with Heads-of-lines-of-business to understand how policies are implemented operationally
- Develop internal security awareness and training programs
- Lead Information Security function
- Lead InfoSec team to maintain high levels of morale and engagement
- Work closely with all areas of the business to ensure InfoSec requirements are met
- Identify design and deliver a security program in line with business objectives
- Work with Internal IT on InfoSec-related controls (systems) deployment and monitoring
- Ensure audits are performed on existing systems
- Identify the need for additional IT controls to meet policies and work with IT on the implementation
- Maintain ISO27001 and SOC2 certifications
- Manage internal/external audits to identify opportunities for improvement
- Mature ISMS and develop existing policies and procedures
- Work with 3rd party who provides “friendly” 1/4ly audits
- Run the annual audit process for ISO27001 and SOC2, working with external bodies
- Represent the business to external bodies, customers and prospects
- Working with pre-sales and legal on the completion of RFP's and security questionnaires
- Where required, meet with customers to walk them through Napier’s policies and controls
- Liaise and advise with internal stakeholders to support the sales cycle
- Mature security incident response procedures
- Assess security incidents and manage response and forensics where required
- Develop, test and identify improvements to security incident responses
- Manage third-party SOC service (SIEM / Azure Sentinel)
- Investigate escalated alarms
- Improve service deliverables to enhance security posture
Do you have what it takes?
- 5+ years information security experience, ideally some in a global organisation
- Experience of ISO27001 / SOC2 audits
- Identity and access management with an understanding of Zero Trust
- Experience with SIEM (Napier uses Microsoft Azure Sentinel) and vulnerability management
- Data Loss Prevention and best practices
- Microsoft Azure
- Understanding of Managed Service Provision + outsourcing requirements from customers (third party risk)
Why Napier?
- Comprehensive private healthcare through AXA covering optical, audio & dental.
- 25 days of annual leave + bank holidays + your birthday and a wellness day
- Dedicated pension plan through Aviva.
- Life Insurance 4x your annual salary.
- Enhanced Maternity & Paternity leave.
- Income protections policy.
- Work from anywhere for up to 1 month.
- Access to our employee wellbeing programme.
- Gym membership discounts.
- Flexibility in work schedules and locations, ensuring a work-life balance.
- This role can be fulfilled either with a hybrid approach or fully in-office – depending on your preference.
- An open and flexible culture that allows you to work in the best way for you.
Please note applicants must have the right to work in the United Kingdom. We are unable to offer sponsorship or take over sponsorship of employment visas at this time.
