Cyber Security Lead

Location: London, UK (Hybrid: 2 days per week in the office)
Company: Navro – Pioneering the Future of Payments

This isn’t just another Information Security role. No legacy systems. No corporate red tape. No coasting. This is about building something from the ground up. Fast.

We’re Navro, a rapidly scaling B2B payments startup, and we’re looking for a bold, proactive, and hands-on Cybersecurity Lead to design, implement, and operate our security operations function, including SIEM, incident response, threat detection, secure by design, shift-left security engineering, and automated monitoring and response. You’ll run and be part of the projects that implement, build, and maintain security integrations across our tech stack, establish incident response playbooks, and lead day‑to‑day SOC operations that protect our platform and customers.

You won’t have layers of approval slowing you down. You will have the freedom to make real, impactful decisions from day one. This isn’t a passenger role. We’re bringing you in for your expertise and your relentless drive. You will be responsible for understanding our information assets, identifying emerging threats, and implementing robust security measures that protect Navro and our clients.

We are transforming payments for global platforms and e-commerce businesses. As the world’s first payments curation platform, we simplify cross-border transactions by uniting best-in-class infrastructure into a seamless ecosystem, enabling businesses to scale and operate effortlessly across borders. Cross-border workforce payments are slow, expensive, and outdated. We can’t be. Businesses rely on us to pay their people accurately and on time - contractors, freelancers, and employees across the globe. When we say we’ll deliver, failure isn’t an option. If we don’t do what we said we would, people don’t get paid - not just a transaction delayed, but real workers left without wages. That means a developer in Argentina missing their paycheck, a freelancer in the Philippines unable to pay rent, or a contractor in Poland unable to get to work. No excuses. No passengers. No tolerance for politics or mediocrity.

⚡ You Own It – You lead our detection and response mission. You help define the roadmap, build the pipelines, and drive measurable outcomes across threat visibility, MTTD/MTTR, and resilience.

⚡ You Ask Questions – You challenge assumptions to improve signal‑to‑noise, coverage, and automation. Why this alert? Where’s the data gap? How do we shift‑left to prevent recurrence?

⚡ You Fix What’s Broken – If telemetry is missing or playbooks stall, you instrument, tune, and automate. You remove toil and reduce manual triage with engineering, not heroics.

⚡ You’re Hands‑On – One hour you’re shipping a new Sentinel analytic rule, the next you’re leading a live incident bridge, then refining a post‑incident problem record and control improvements.

⚡ You Thrive in Chaos – Startups are messy. You bring clarity with crisp runbooks, decision trees, and SLAs that keep operations calm when things get loud.

⚡ You Handle the Pressure – High stakes, time‑sensitive incidents, vendor escalations. You prioritise ruthlessly, communicate precisely, and keep teams aligned.

⚡ You’re Here for the Journey – This is a career‑defining role. You will build capability, mentor others, and leave a legacy of a high‑performing SOC built on automation, quality data, and continuous learning.

• Own the design, implementation, and operation of our SIEM and SOC capability with Microsoft Sentinel, including data ingestion, workspace architecture, analytics, automation, and dashboards.
• Integrate high‑value telemetry sources (Entra, M365, Google Workspace, AWS, GCP, endpoints/EDR, network, SaaS, CI/CD, identity, and proprietary platforms) into Sentinel via native connectors, APIs, custom logs, and event hubs.
• Engineer detection content: write, test, and tune KQL analytics, scheduled rules, UEBA policies, MSTIC notebooks, watchlists, and hunting queries that map to industry frameworks (MITRE ATT&CK).
• Build incident response playbooks and SOAR automation with Logic Apps to enrich, correlate, contain, notify, and ticket, reducing MTTD/MTTR and false positives.
• Run the incident lifecycle: triage, investigation, containment, eradication, recovery, lessons learned, and problem management with crisp communications to stakeholders and customers as needed.
• Establish and lead the SOC operating model: business and non-business hours on‑call, runbooks, SLAs/OLAs, quality reviews, and where applicable, manage an MDR/MSSP partner for 24x7 coverage and surge capacity.
• Stand up threat intelligence workflows: curate intel sources, integrate TI into Sentinel, operationalise indicators, and drive threat‑informed defense and periodic purple‑team exercises.
• Partner with DevOps/SRE to enforce security controls in CI/CD, secure by design infrastructure as code, and configuration baselines; shift‑left through preventive guardrails and detection-in-depth.
• Support audits and regulators by evidencing monitoring, incident response, logging coverage, and continuous improvement; align to ISO 27001, SOC 2, PCI‑DSS, and DORA incident obligations.
• Develop the Secure Development Lifecycle with members of the team and Engineering; uplevel the wider team’s security capabilities and automate.
• Lead tabletop exercises and simulations; keep IR playbooks current for scenarios like identity compromise, malware/ransomware, email compromise, data exfiltration, insider risk, vendor breach, and cloud abuse.
• Measure what matters: publish operational metrics (alert volumes, use‑case efficacy, dwell time, containment time, critical incident trends), and drive quarterly capability maturity improvements.

⚡ Start-It-Up – Preferably have worked in a start-up or scale-up environment before where ambiguity and chaos do not faze you, you are proactive and hungry for the challenge.

⚡ Detail-Obsessed – You don’t miss a thing. Your attention to detail and decision-making capabilities are top-notch. You’re able to horizon scan and research effectively to find the missing details.

⚡ SIEM & Sentinel Expertise – Proven experience in architecting, implementing, and operating Microsoft Sentinel at scale: data connectors, KQL, analytics, UEBA, SOAR (Logic Apps), workbooks, and cost governance.

⚡ SOC Leadership – Demonstrated capability to build and run a SOC internally, including processes, on‑call, playbooks, case management, ticketing, and continuous detection engineering

⚡ Incident Response – Hands‑on leadership of security incidents across identity, endpoint, cloud, email, and SaaS; confident in live triage, scoping, containment, eradication, and stakeholder comms.

⚡ Engineering Mindset – Comfortable with APIs, scripting (PowerShell, Python), automation, infrastructure logging (Datadog), CNAPP (Wiz), and integrating tools (EDR, Email security, Storage security, WAF/CDN, IdP, MDM, etc.).

⚡ Cloud & Identity – Strong knowledge of Microsoft Entra ID, Azure, security workloads, Google Workspace, plus familiarity with AWS logging and control sets; experience with zero‑trust principles.

⚡ Compliance Savvy – Understanding of ISO 27001 controls for logging/monitoring, SOC 2 CC7, PCI‑DSS logging/IR, and DORA incident reporting; able to evidence controls and outputs.

⚡ Collaborator Extraordinaire – Strong communications skills with the ability to explain technical and security concepts, risks, controls in business terms.

You may not possess every single required skill listed, and that\'s perfectly fine. If you have most of them, along with grit, passion, a desire to learn quickly, and the willingness to get stuck in, we encourage you to apply.

• Lead and Shape the Future: This is your chance to build and grow a market from zero to one.
• Make Real Impact: Your decisions will directly shape Navro’s growth journey.
• Innovative Environment: Be at the forefront of Fintech innovation and payments disruption.
• Career-Defining Role: This isn’t just another job. It’s a legacy.

This is your chance to leave your mark. If you’re ready to lead, build, and grow with the intensity that only startups offer, we want to hear from you.

Apply now and be part of Navro’s journey to revolutionise payments with us.

As part of this role you will receive the following:

• You will enjoy 26 days of annual leave (excluding Bank holidays)
• Volunteering & Compassionate leaves
• Maternity and Paternity leaves
• Private Healthcare
• Company Options Scheme
• Team socials
• Comprehensive, interactive & engaging Training - Leadership, Communication and Presentation Skills, Behavioural Profiling, Conflict Management, etc
• Career frameworks
• Flexibility surrounding other commitments; within your team we will work around child-care or other appointments you have. We just ask for advance notice!
• For those London Based 2-3 days per week in office
• Working in a diverse and inclusive environment where we ensure that our people thrive

Navro does not accept unsolicited resumes from search firms/recruiters. Navro will not pay any fees to search firms/recruiters if a candidate is submitted by a search firm/recruiter unless an agreement has been entered into with respect to specific open position(s). Search firms/recruiters submitting resumes on an unsolicited basis shall be deemed to accept this condition, regardless of any other provision to the contrary.