Head of Operational Risk & Information Security (UK) (m/f/d)

About The Position

Requirements

• Bachelor’s or Master’s degree in Information Security, Risk Management, Computer Science, or a related field.
• 5+ years of experience in operational risk, ICT risk, or information security management within financial services, fintech, or EMI environments.
• In-depth understanding of FCA and PRA operational resilience, UK GDPR, and information security expectations.
• Proven experience implementing or managing ISO 27001, SOC 2, and PCI DSS frameworks.
• Strong leadership and stakeholder management skills, with experience managing a small risk/security team.
• Excellent written and verbal communication skills, capable of engaging senior management, regulators, and auditors.

Nice To Haves

• Professional certifications such as CISM, CISSP, CRISC, ISO 27001 Lead Implementer/Auditor.
• Familiarity with NCSC Cyber Essentials and DORA (EU).
• Working knowledge of another European language.

Responsibilities

• Lead the development and continuous enhancement of Pliant’s Operational Risk and Information Security Frameworks in line with FCA, PRA, and UK EMI expectations.
• Maintain governance, control, and reporting structures that meet SYSC 13A, Operational Resilience, and Risk Management requirements.
• Act as the 2nd Line of Defence lead, providing independent oversight, challenge, and assurance across all Pliant entities.
• Partner with Engineering, Compliance, and Operations teams to embed security by design into all products and processes.
• Advise senior management, the UK Board, and Group Risk Committee on risk trends, resilience, and information security posture.
• Own and maintain the enterprise-wide incident management framework, covering ICT and non-ICT incidents.
• Ensure consistent incident classification, escalation, root cause analysis, and reporting in line with FCA/PRA operational incident and major incident requirements.
• Lead post-incident reviews and ensure lessons learned are documented and integrated into ongoing risk management processes.
• Oversee compliance with UK incident notification obligations.
• Maintain and improve Pliant’s Information Security Management System (ISMS) in accordance with ISO 27001, SOC 2, and PCI DSS.
• Develop, implement, and enforce security policies and standards aligned with NCSC guidance and ICO data protection expectations.
• Oversee cyber incident detection, response, and recovery in coordination with the Group Technology team.
• Ensure business continuity and disaster recovery plans are regularly tested and compliant with FCA and PRA operational resilience principles.
• Coordinate Business Continuity Management (BCM) and Operational Resilience across the UK entity and the wider group.
• Conduct and maintain Business Impact Analyses (BIAs) and ensure Important Business Services (IBS) have tested impact tolerances.
• Oversee alignment of technical recovery objectives (RTOs/RPOs) with regulatory and business requirements.
• Collaborate with IT and Operations to ensure continuity arrangements remain fit for purpose and demonstrably resilient.
• Oversee the outsourcing and third-party risk management framework in compliance with FCA/PRA outsourcing rules and the EBA Outsourcing Guidelines.
• Conduct due diligence and ongoing monitoring of critical third parties and cloud providers.
• Ensure supplier contracts include clear provisions for risk management, data protection, and security obligations.
• Liaise with the Group Legal and Compliance teams to ensure consistent governance of material outsourcing arrangements.
• Serve as the primary point of contact for the FCA on operational risk, ICT risk, and information security matters.
• Represent Pliant Payments Ltd and the Group in regulatory reviews, audits, and assurance activities.
• Support audit readiness for FCA, ISO 27001, SOC 2, PCI DSS, and other relevant frameworks.
• Track audit findings, ensuring timely remediation and effective follow-up.
• Foster a strong risk and security culture throughout the organisation.
• Design and deliver regular training on cybersecurity, incident reporting, risk management, and operational resilience.
• Encourage continuous improvement, open communication, and proactive identification of risks.

Benefits

• The opportunity to work in a growing team with big responsibilities that thrives on a strong exchange of knowledge and excellence
• Attractive remuneration
• Flat hierarchy and transparent communication in a relaxed, professional atmosphere
• Opportunity to develop your talent in a dynamic team with ambitious goals
• Flexibility and possibility to work remotely
• Company card with a monthly allowance for lunches, coffee, etc. with co-workers