Information Security Governance Manager

Information Security Governance Manager
London
Full-time
In office 4 days/week

Our vision is a world where all businesses are powered by embedded payments. Modulr enables businesses, from SMEs to Enterprise, to grow their revenue, drive efficiencies and deliver fantastic customer experiences, by embedding payments into their products and operating systems. We do this by providing products and services which allow our clients to efficiently collect, reconcile and disburse funds instantly via a range of payment schemes, accounts, and card products, fully controllable via API.

Find out more about us on our website and careers site.

• Own and operate the information security risk register, ensuring risks are clearly articulated, consistently assessed, actively managed, and accurately reflected in governance and executive reporting.
• Work with technology, product, and platform teams to identify, assess, and track information security risks, providing constructive challenge where risk assessments or remediation plans are weak, incomplete, or misaligned with risk appetite.
• Ensure security incidents, near misses, and material control failures result in appropriate updates to risk posture, governance reporting, and follow-up actions, rather than being treated as isolated operational issues.
• Own the lifecycle of information security policies and standards, ensuring they remain relevant, proportionate, and aligned with how the organisation builds and operates technology.
• Operate and govern the policy exception process, ensuring exceptions are risk assessed, time bound, and approved at the appropriate level, with clear visibility of residual risk.
• Develop and maintain clear, decision focused information security reporting for technical risk forums, executive committees, and board level audiences, including content for the CTO's board pack.
• Define, maintain, and continuously improve security management information, metrics, and KPIs, focusing on insight and decision support rather than volume or vanity measures.
• Translate complex or technical security issues into concise, business focused risk narratives that support informed decision making by senior and non-technical stakeholders.
• Prepare and support governance forums, including agenda setting, paper authorship, action tracking, and follow up to ensure decisions are implemented and risks are actively managed.
• Evolve the organisation's approach to information security governance and reporting as the business scales, technology changes, and regulatory expectations develop.
• Act as a trusted advisor on information security risk and governance matters, partnering closely with security engineering functions while remaining independent from delivery ownership.
• Work closely with risk, compliance, legal, and internal audit teams to ensure alignment, consistency, and effective use of governance effort.

What you'll need

• Significant experience in an information security governance, risk, or assurance role within fintech, financial services, or a similarly regulated environment.
• Demonstrable ownership of an information security risk register, including risk articulation, assessment, treatment tracking, and senior management reporting.
• Experience owning information security policies and standards end to end, including review, approval, exception handling, and ongoing relevance.
• Regular exposure to executive committees and board level reporting, with accountability for the quality, clarity, and narrative of content presented.
• Strong understanding of information security risk management principles and how they are applied in practice, not just defined in frameworks.
• Ability to distinguish between theoretical, perceived, and material security risk, and reflect that accurately in governance discussions and reporting.
• Confidence to challenge engineering and senior stakeholders constructively, using evidence and risk-based reasoning rather than policy citation.
• Excellent written communication skills, with the ability to translate technical security issues into clear, business focused risk narratives.
• Strong judgement and prioritisation skills, balancing regulatory expectations, security risk, and delivery realities.
• Ability to operate independently, manage multiple governance cycles in parallel, and take accountability for outcomes rather than activity.

• Experience supporting regulatory interactions, supervisory reviews, or significant audit activity in a regulated environment.
• Professional certifications in information security, risk, or governance.
• Experience working in organisations undergoing rapid growth, technology change, or increasing regulatory scrutiny.
• Familiarity with modern, cloud-based technology environments and contemporary software delivery practices from a governance perspective.
• Experience improving or evolving governance, risk, or reporting models rather than simply operating established processes.

• Share Options - We offer a Company…