Head of IT and Information Security

9fin

9fin

IT
Belfast, UK
Posted on Sep 13, 2024

Debt is the world's largest asset class, and it operates with the worst technology: trillions of dollars of trades are placed over the phone, news is slow, and information is scattered.

Our mission is to change this. 9fin's proprietary technology delivers fast and comprehensive news, data, and analysis on all aspects of corporate debt, from company financials through to credit analysis, legal documentation and ESG.

We enable our clients to make faster and better-informed decisions, helping them win more business and save time. Our fast-growing list of clients include 9 of the top 10 investment banks, as well as leading asset managers, hedge funds and law firms.

The role

At 9fin, we're establishing an entirely new IT and information security department. As the Head of IT and Information Security, you will be the core owner of this initiative. Developing the function quickly and ensuring business continuity will be critical. You’ll be tasked with both being the architect of the team, but also the strategy - steering 9fin in the right direction early, using your expertise and foresight, balanced against our company stage. You will set up clear policies and procedures across information security, compliance and audit processes - ensuring we have strong day-to-day processes that are appropriate for our size and risks, yet prepared for our ambitions. You’ll need to be able to translate important requirements into real-world applications for the business, building a culture at 9fin that values and understands IT and information security requirements.

9fin really values individuals that take ownership for their and their team's work, and are willing to push the envelope on what we can achieve, not simply relying on what others have done historically.

This role reports to the Director of Corporate Operations and involves close collaboration across the business, including with our co-founder and CTO.

Please note that 9fin has a separate Platform Engineering team, which supports our large team of software engineers with application infrastructure.

What you’ll work on

Every day is different, but here’s an example of the kind of things you’ll work on:

  • IT Team
    • Build a lean IT and information security function at 9fin, appropriate for our size, and robust enough for the long haul;
    • Manage, and ultimately improve, 9fin’s hybrid IT estate utilising Google Workspace understand we have a remote / hybrid workforce across three offices;
    • Proactively help us as we scale - implementing best practices at the right time;
    • Build and manage the IT helpdesk and service desk functions for smooth and efficient resolution of day-to-day IT issues;
    • Implement and manage device management systems (e.g., JumpCloud MDM), and endpoint protection solutions;
    • Manage physical IT assets (computers, etc.), including working with our providers;
    • Manage and improve SSO/SAML deployment processes;
    • Own subscription provisioning across the business, including SSO/SAML connections to internal SaaS systems or tools;
    • Oversee patch management (via JC) and endpoint security;
  • Commercial Enablement
    • Assist with client onboarding - including with due diligence questionnaires, and communicating directly with clients to ensure they are comfortable with our information processing, enterprise security systems, use of AI and LLMs, etc., including Vanta;
    • Conduct security evaluations of third-party vendors and service providers, advising on and planning application security initiatives;
    • Work with our product development team to ensure our clients are confident in our security and confidentiality controls;
  • Information Security Strategy
    • You’ll design a comprehensive information security strategy roadmap and determine what we can achieve and when - enabling your team to move at pace;
    • Develop, implement and maintain all information security policies, guidelines, documentation, and processes;
    • Build buy-in with all 9finner’s that IT, Information Security and Compliance is a shared responsibility, that is important to the long-term success of 9fin;
  • Risk Management
    • Implement and oversee long term compliance with information security accreditation requirements SOC2 and ISO27001;
    • Take responsibility for identifying and defending against threats (seeing around corners), managing risks, and ensuring we are using the latest technology for ongoing departmental improvements;
    • Increase cyber resilience and awareness across the organisation to establish clear security controls and robust operational procedures that provide value for money whilst minimising risks;
  • Compliance and Audit
    • Ensure compliance with relevant laws, regulations, and certification standards (e.g., GDPR, UK GDPR);
    • Oversee penetration testing, vulnerability scans, incident responses, data loss prevention, phishing tests, and system audits;
    • Rapidly implement corrective actions and strategies based on audit findings;
    • Lead Subject Access Requests responses, including technical audit of internal systems to ensure compliance with legal requirements;
    • Stay up to date on the latest security trends, technologies, and standard updates;
  • Incident Response
    • Lead the incident response process for security breaches and coordinate the process with all relevant stakeholders;
    • Develop and maintain an incident response plan, as well as a repository of past incidents to ensure learnings are brought forward;
    • Coordinate with relevant teams to investigate and respond to security incidents;