Head of Information Security (m/f/d)
1 = fulltime - unlimited
At Infront, we are committed to fostering an inclusive workplace, recognizing our diverse team as one of our most valuable assets.
For 25 years, Infront has been empowering financial market experts to make faster, smarter, compliant decisions. Over time, we have expanded our foundation by bringing together companies with more than 75 years of combined market experience and trust. All these years on, we're still building. Opening our new Madrid office this summer marks an exciting next chapter, and we're growing our team in order to write it.
Our strength lies in market data, delivering reliable, accurate information through a powerful suite of tools, spanning Data Intelligence, Wealth Management solutions, and Trading & Investor solutions, that our users depend on every day. Today, we are one of Europe’s leading providers of market data and financial software, helping professionals navigate markets with confidence and speed.
We are looking for an ambitious, hands-on Head of Information Security to lead the next stage of Infront's cyber security journey.
This is an opportunity to build and mature an enterprise information security capability within a growing international financial technology business. Working closely with Executive Management, Technology and Product leadership, you will define security strategy, establish governance, strengthen technical security capabilities and embed security across the organisation.
This is not a role for someone looking to inherit a large security team. You will lead a small central security function and work directly with engineering teams, business stakeholders and external partners to deliver practical improvements. The role is ideally suited to an experienced Head of Information Security, Senior Cyber Security Manager or similar leader looking to take the next step towards a CISO-level role. This role is the organisation's senior Information Security leadership position and may be designated as the CISO for regulatory, customer and external assurance purposes.
Responsibilities
-
Lead the development and delivery of Infront's Information Security strategy, operating model and security roadmap.
-
Act as the senior Information Security adviser to Executive Management and key business stakeholders.
-
Build and mature security governance, policies, standards and security metrics across the organisation.
-
Partner with Engineering and Product teams to embed security by design and secure software development practices.
-
Improve security capabilities across cloud security, identity and access management, vulnerability management, endpoint security, monitoring and incident response.
-
Lead Information Security risk management in partnership with the Enterprise Risk function.
-
Establish effective security architecture and secure design governance for new technology and products.
-
Lead ISO 27001 implementation and ongoing maintenance of the Information Security Management System.
-
Support compliance with DORA, NIS2, the Cyber Resilience Act and other applicable regulatory requirements.
-
Lead security incident response and ensure lessons learned are translated into measurable improvements.
-
Manage penetration testing, security assessments, audits and remediation programmes.
-
Support customer security due diligence, audits and assurance activities.
-
Develop and deliver security awareness and education programmes across the business.
-
Lead and develop a small Information Security team while coordinating the work of specialist security partners and suppliers.
-
Provide regular reporting on security posture, key risks and improvement activities to senior management.
Requirements
-
At least six years' experience in Information Security or Cyber Security.
-
Experience leading or significantly maturing an Information Security function or security programme.
-
Experience implementing and maintaining ISO 27001.
-
Experience supporting DORA, NIS2 or comparable regulatory or operational resilience requirements.
-
Strong understanding of cloud security, identity and access management, vulnerability management, endpoint security and application security.
-
Experience working closely with software engineering and technology teams.
-
Strong understanding of Information Security risk management and security governance.
-
Experience managing security incidents, audits and penetration testing programmes.
-
Excellent communication and stakeholder management skills, including the ability to influence at Executive level.
-
Fluent written and spoken English.
Nice to have experience with
-
Experience within financial technology, software or financial services.
-
Experience with Microsoft Azure and Microsoft security technologies.
-
Knowledge of the NIST Cybersecurity Framework and the Cyber Resilience Act.
-
Experience supporting customer security due diligence and client audits.
-
CISSP, CISM, ISO 27001 Lead Implementer, ISO 27001 Lead Auditor or equivalent professional certification.
Our offer
Health & wellness: Benefit from wellbeing initiatives tailored to local needs, including access to an employee assistance programme that provides confidential support to employees and their families.
Holiday: Enjoy competitive holiday entitlement aligned with local markets, so you can rest and recharge.
Remote work: Enjoy the opportunity to work two days a week from home, with flexible working hours where possible. You may also request to work up to four weeks per year from a different location.
Learning & development: Support your career progression with access to learning resources, ongoing conversations with your manager, and opportunities to share the knowledge you gain with your team.
Culture & impact: Be part of an international team with a startup mindset and play a key role in making a meaningful impact.
Our offices: Work from Europe’s leading financial centres and be at the heart of where finance happens.
Additional notes
All candidates selected for employment are subject to Pre-Employment Screening. This process includes professional reference and background checks conducted by our third-party partner, ZINC. These screenings are part of our commitment to ensuring a secure, compliant, and trustworthy workplace.
This position will be based in our new office in Madrid; however, we also welcome applications from candidates located in London or Oslo who have the legal right to work in their respective location.
We kindly ask that you submit your CV in English.
Spain, Madrid
Infront ASA (NOR)
English (3- Business fluent)
Larios Romo
Miriam