Head of Information Security

About Us

Hawk is the leading provider of AI-supported anti-money laundering and fraud detection technology. Banks and payment providers globally are using Hawk’s powerful combination of traditional rules and explainable AI to improve the effectiveness of their AML compliance and fraud prevention by identifying more crime while maximizing efficiency by reducing false positives. With our solution, we are playing a vital role in the global fight against Money Laundering, Fraud, or the financing of terrorism. We offer a culture of mutual trust, support and passion – while providing individuals with opportunities to grow professionally and make a difference in the world.

Your Mission:

As the Head of Information Security, you will be responsible for building and leading Hawk's information security program. You will develop and execute a comprehensive security strategy, manage a team of security professionals, and ensure the protection of Hawk's information assets across all systems that we operate for our clients from the financial sector as well as in general our parent company in Germany and our affiliates and subsidiaries in USA, UK and Singapore. This leadership role requires a strong technical background, strategic thinking, and the ability to effectively communicate security concepts to both technical and non-technical audiences.

Your Responsibilities:

1. Provide leadership and direction to the InfoSec team, fostering a culture of collaboration, innovation, and continuous improvement.
2. Develop, implement, and maintain the organization’s information security strategy, policies, and procedures, aligning them with business objectives and risk tolerance.
3. Oversee the maintenance and expansion of existing security certifications (ISO 27001, SOC 2) and drive initiatives for future certifications (e.g., ISO 22301, DORA).
4. Direct regular security audits, risk assessments, and vulnerability analyses, ensuring that findings are addressed effectively and efficiently.
5. Lead security incident response efforts, including complex investigations and remediation, and develop robust incident response plans and playbooks.
6. Ensure compliance with relevant industry standards, regulations, and legal requirements, proactively adapting to changes in the regulatory landscape.
7. Establish and maintain security awareness training programs, promoting a strong security culture across the organization.
8. Oversee the design, implementation, and management of security systems and technologies, ensuring their effectiveness and integration.
9. Collaborate with Engineering, Product, and other departments to integrate security into the software development lifecycle (SDLC) and business processes.
10. Stay abreast of the latest security threats, technologies, and industry trends, evaluating their potential impact on Hawk and driving innovation in security practices.
11. Manage relationships with external security vendors and service providers, ensuring they meet Hawk's security requirements and contribute to the overall security posture.
12. Provide security expertise and support to the sales process, effectively communicating Hawk's security posture to (potential) clients and addressing their security concerns.

Your Profile:

1. Bachelor's or Master's degree in Information Security, Computer Science, or a related field.
2. A minimum of 9 years of experience in information security, with demonstrated leadership experience. Work experience with a regulated financial institution, or as a technical service provider in the financial sector is a plus.
3. Strong technical background with in-depth knowledge of security architecture, technologies, best practices and IT-regulations that apply to financial institutions or its outsourcing partners.
4. In-depth knowledge of relevant regulatory requirements and industry standards (ISO 27001, SOC 2, GDPR, DORA, etc.).
5. Experience with cloud security (AWS, Google etc.), application security, and DevSecOps practices is a significant plus.
6. Proven experience in developing and implementing security strategies and programs.
7. Extensive experience with risk management, security audits, and vulnerability management.
8. Excellent leadership, communication, and interpersonal skills, with the ability to influence and collaborate across all levels of the organization.
9. Strong analytical, problem-solving, and decision-making skills.
10. Relevant certifications such as CISSP, CISM, or equivalent are highly desirable.