Administrative Business Partner supporting leaders within Security function at Palantir Technologies. Managing diverse responsibilities to enhance productivity and support leadership teams.
PC
Hybrid Head of Operational Risk, Information Security
Posted 3 months ago
About the role
- Head of Operational Risk & Information Security at Pliant managing compliance and risk frameworks. Overseeing information security across UK, Germany, and US operations in fintech environment.
Responsibilities
- Lead the development and continuous enhancement of Pliant’s Operational Risk and Information Security Frameworks in line with FCA, PRA, and UK EMI expectations
- Maintain governance, control, and reporting structures that meet SYSC 13A, Operational Resilience, and Risk Management requirements
- Act as the 2nd Line of Defence lead, providing independent oversight, challenge, and assurance across all Pliant entities
- Partner with Engineering, Compliance, and Operations teams to embed security by design into all products and processes
- Advise senior management, the UK Board, and Group Risk Committee on risk trends, resilience, and information security posture
- Own and maintain the enterprise-wide incident management framework, covering ICT and non-ICT incidents
- Ensure consistent incident classification, escalation, root cause analysis, and reporting in line with FCA/PRA operational incident and major incident requirements
- Lead post-incident reviews and ensure lessons learned are documented and integrated into ongoing risk management processes
- Oversee compliance with UK incident notification obligations
- Maintain and improve Pliant’s Information Security Management System (ISMS) in accordance with ISO 27001, SOC 2, and PCI DSS
- Develop, implement, and enforce security policies and standards aligned with NCSC guidance and ICO data protection expectations
- Oversee cyber incident detection, response, and recovery in coordination with the Group Technology team
- Ensure business continuity and disaster recovery plans are regularly tested and compliant with FCA and PRA operational resilience principles
- Coordinate Business Continuity Management (BCM) and Operational Resilience across the UK entity and the wider group
- Conduct and maintain Business Impact Analyses (BIAs) and ensure Important Business Services (IBS) have tested impact tolerances
- Oversee alignment of technical recovery objectives (RTOs/RPOs) with regulatory and business requirements
- Collaborate with IT and Operations to ensure continuity arrangements remain fit for purpose and demonstrably resilient
- Oversee the outsourcing and third-party risk management framework in compliance with FCA/PRA outsourcing rules and the EBA Outsourcing Guidelines
- Conduct due diligence and ongoing monitoring of critical third parties and cloud providers
- Ensure supplier contracts include clear provisions for risk management, data protection, and security obligations
- Liaise with the Group Legal and Compliance teams to ensure consistent governance of material outsourcing arrangements
- Serve as the primary point of contact for the FCA on operational risk, ICT risk, and information security matters
- Represent Pliant Payments Ltd and the Group in regulatory reviews, audits, and assurance activities
- Support audit readiness for FCA, ISO 27001, SOC 2, PCI DSS, and other relevant frameworks
- Track audit findings, ensuring timely remediation and effective follow-up
- Foster a strong risk and security culture throughout the organisation
- Design and deliver regular training on cybersecurity, incident reporting, risk management, and operational resilience
- Encourage continuous improvement, open communication, and proactive identification of risks
Requirements
- Bachelor’s or Master’s degree in Information Security, Risk Management, Computer Science, or a related field
- 5+ years of experience in operational risk, ICT risk, or information security management within financial services, fintech, or EMI environments
- In-depth understanding of FCA and PRA operational resilience, UK GDPR, and information security expectations
- Proven experience implementing or managing ISO 27001, SOC 2, and PCI DSS frameworks
- Strong leadership and stakeholder management skills, with experience managing a small risk/security team
- Excellent written and verbal communication skills, capable of engaging senior management, regulators, and auditors.
Benefits
- The opportunity to work in a growing team with big responsibilities that thrives on a strong exchange of knowledge and excellence
- Attractive remuneration
- Flat hierarchy and transparent communication in a relaxed, professional atmosphere
- Opportunity to develop your talent in a dynamic team with ambitious goals
- Flexibility and possibility to work remotely
- Company card with a monthly allowance for lunches, coffee, etc. with co-workers
Job title
Job type
Experience level
Salary
Not specified
Degree requirement
Tech skills
Location requirements
Administrative Business Partner supporting leadership within Palantir’s Security function. Providing comprehensive administrative support while handling confidential matters in a fast - paced environment.
Providing security consultancy to technical and business stakeholders at Trendyol Tech. Driving improvements in security practices while assessing new projects and establishing security standards.
Entra ID Security Specialist developing identity and access management solutions focused on Microsoft Entra ID at cyberunity AG. Responsible for strategic development and compliance in security architecture.
Red Team Security Engineer at Xcel Energy performing authorized testing to expose security weaknesses. Collaborating with internal teams and external vendors for effective security technology implementation.
Manager I overseeing Cyber Security engineering functions at NFCU. Leading and supporting the Cybersecurity Technology Engineering team in implementing security protocols.
Security Officer responsible for maintaining safety and security at Hilton in Harrisburg, PA. Conducting patrols, responding to emergencies, and supervising housekeeping staff.
Information Security Engineer managing incident detection and response for Safe - Guard Products. Involves vulnerability management, data protection, and security engineering activities.
Work Student, Product Security at TeamViewer supporting security initiatives for product safety. Opportunity to gain hands - on experience in an international environment with a focus on cybersecurity.
Cyber Security Detection Engineer focusing on threat detection capabilities and security telemetry within complex environments. Collaborating across Security Operations, Cloud Engineering, and Compliance disciplines.