Information Security Manager - Navro

London - UK / IT / Navro - Pioneering the Future of Payments

Architecting Trust: Information Security Manager
This isn't just another Information Security role. No legacy systems. No corporate red tape. No coasting. This is about building something from the ground up. Fast.

You won't have layers of approval slowing you down. You will have the freedom to make real, impactful decisions from day one. This isn't a passenger role. We're bringing you in for your expertise and your relentless drive. You will be responsible for understanding our information assets, identifying emerging threats, and implementing robust security measures that protect Navro and our clients.

Who We Are

We are transforming payments for global platforms and e-commerce businesses. As the world's first payments curation platform, we simplify cross-border transactions by uniting best-in-class infrastructure into a seamless ecosystem, enabling businesses to scale and operate effortlessly across borders. Cross-border workforce payments are slow, expensive, and outdated. We can't be. Businesses rely on us to pay their people accurately and on time - contractors, freelancers, and employees across the globe. When we say we'll deliver, failure isn't an option. If we don't do what we said we would, people don't get paid - not just a transaction delayed, but real workers left without wages. That means a developer in Argentina missing their paycheck, a freelancer in the Philippines unable to pay rent, or a contractor in Poland unable to get to work. No excuses. No passengers. No tolerance for politics or mediocrity.

Requirements What This Role Demands:

• You Own It - You're responsible and proactive, you take the lead and make things happen.
• You Ask Questions - You don't just gather requirements; you challenge assumptions, to make us better. Why this control, why not another way?
• You Fix What's Broken - No waiting for permission. If it's clunky or output is inconsistent, you dive in, solve, and fix it.
• You're Hands On - One hour you're leading on an external audit, the next assessing a critical vendor's security posture, the next you're deep in the vulnerability rating details with DevOps.
• You Thrive in Chaos - Startups are messy. Deadlines change, priorities shift, and ambiguity is constant. You bring clarity to define workable security policies and procedures.
• You Handle the Pressure - Fast-paced. High stakes. You balance multiple projects, manage tight timelines, and keep moving forward.
• You're Here for the Journey - This is career defining. It's hard, rewarding, and not for the faint hearted. If you're ready to grow alongside Navro, let's build something amazing together.

What You'll Be Doing:

Day-to-day responsibility for security GRC, help build version 2.0 of Navro's Information Security Management System. Ensure compliance to international standards and regional regulatory requirements.
Own security GRC automation tooling (Vanta) and work across the business to maintain security compliance posture.
Successfully lead internal and external security audits - ISO 27001 / SOC2 Type II / PCI DSS.
Champion a company wide culture of security awareness and operational resilience by playing a key role in defining, maintaining, and managing security incident response and threat intelligence procedures.
Lead, curate, and report on Navro's on going and persistent security awareness programme including frequent phishing testing campaigns, secure development, etc.
Work with IT, SRE, and other key stakeholders on implementing and maintaining security policies and standards including disaster recovery and business continuity testing.
Work with Sales and Operations on business critical procedures for onboarding/offboarding clients and vendors. Act as primary contact for security due diligence and assessments.
Project manage initiatives with product and engineering teams to embed "security by design" into products, services, and processes.
Help make Navro's security posture a value proposition - develop a Trust Centre to easily present and provide security information. Work with Marketing to position excellent posture, certifications, and regulatory compliance as a product differentiator.

What We're Looking For:

• GRC Experience - You're the go to person for security governance, risk, and compliance. With a degree in a computer or security discipline and numerous years' GRC experience under your belt.
• Start up - Preferably have worked in a start up or scale up environment before where ambiguity and chaos do not faze you.
• Tool Ninja - You're familiar with various tools and systems and have hands on experience with market leading security tools including Vanta, KnowBe4, Google Workspace, Microsoft Entra, and Wiz.
• Detail Obsessed - You don't miss a thing. Your attention to detail and decision making capabilities are top notch. You're able to horizon scan and research effectively to find the missing details.
• ISO 27001 et al - You have built and maintained an ISO 27001 certified ISMS before and led other important security audit assessments (SOC2, PCI, etc.). You may have also gained ISO 27001 Lead Auditor or alike certifications (a plus).
• Collaborator Extraordinaire - Strong communications skills with the ability to explain technical and security concepts, risks, controls in business terms.
• Regulation Machine - You have knowledge of payments and various related regulatory environments including FCA, EMI, DORA, PSD2 (a plus).

You may not possess every single required skill listed, and that's perfectly fine. If you have most of them, along with grit, passion, a desire to learn quickly, and the willingness to get stuck in, we encourage you to apply.

Why Navro?

Lead and Shape the Future: This is your chance to build and grow a market from zero to one.
Make Real Impact: Your decisions will directly shape Navro's growth journey.
Innovative Environment: Be at the forefront of Fintech innovation and payments disruption.
Career Defining Role: This isn't just another job. It's a legacy.
Ready to Build Something Big?
This is your chance to leave your mark. If you're ready to lead, build, and grow with the intensity that only startups offer, we want to hear from you.

Benefits

As part of this role you will receive the following:
You will enjoy 26 days of annual leave (excluding Bank holidays)
Volunteering & Compassionate leaves
Maternity and Paternity leaves
Private Healthcare
Company Options Scheme
Team socials
Comprehensive, interactive & engaging Training - Leadership, Communication and Presentation Skills, Behavioural Profiling, Conflict Management, etc
Career frameworks
Flexibility surrounding other commitments; within your team we will work around child care or other appointments you have. We just ask for advance notice!
For those London Based 2-3 days per week in office
Working in a diverse and inclusive environment where we ensure that our people thrive

Navro does not accept unsolicited resumes from search firms/recruiters. Navro will not pay any fees to search firms/recruiters if a candidate is submitted by a search firm/recruiter unless an agreement has been entered into with respect to specific open position(s). Search firms/recruiters submitting resumes on an unsolicited basis shall be deemed to accept this condition, regardless of any other provision to the contrary.

Questions? Want to schedule a demo? Reach out to a member of our team.

Navro Group Limited is a company registered in England and Wales with registration number and registered office at 3rd Floor, 86-90 Paul Street, London, United Kingdom, EC2A 4NE. Navro Payments Limited is authorised by the Financial Conduct Authority under the Electronic Money Regulations 2011, with Firm Reference number 982631 for the issuing of electronic money. Navro Payments Europe Ltd. is a company registered in The Republic of Ireland with registration number 726727 and registered office at Block A George's Quay Plaza, George's Quay, Dublin 2 and authorised by the Central Bank of Ireland under the Electronic Money Regulations 2011, with Firm Reference number C504018 for the issuing of electronic money.