Debt is the world's largest asset class, and it operates with the worst technology: trillions of dollars of trades are placed over the phone, news is slow, and information is scattered.

Our mission is to change this. 9fin's proprietary technology delivers fast and comprehensive news, data, and analysis on all aspects of corporate debt, from company financials through to credit analysis, legal documentation and ESG.

We enable our clients to make faster and better-informed decisions, helping them win more business and save time. Our fast-growing list of clients include 9 of the top 10 investment banks, as well as leading asset managers, hedge funds and law firms.

At 9fin, we're establishing an entirely new IT and information security department. As the Head of IT and Information Security, you will be the core owner of this initiative. Developing the function quickly and ensuring business continuity will be critical. You’ll be tasked with both being the architect of the team, but also the strategy - steering 9fin in the right direction early, using your expertise and foresight, balanced against our company stage. You will set up clear policies and procedures across information security, compliance and audit processes - ensuring we have strong day-to-day processes that are appropriate for our size and risks, yet prepared for our ambitions. You’ll need to be able to translate important requirements into real-world applications for the business, building a culture at 9fin that values and understands IT and information security requirements.

9fin really values individuals that take ownership for their and their team's work, and are willing to push the envelope on what we can achieve, not simply relying on what others have done historically.

This role reports to the Director of Corporate Operations and involves close collaboration across the business, including with our co-founder and CTO. 

Please note that 9fin has a separate Platform Engineering team, which supports our large team of software engineers with application infrastructure.

Every day is different, but here’s an example of the kind of things you’ll work on:

• IT Team
• Build a lean IT and information security function at 9fin, appropriate for our size, and robust enough for the long haul;
• Manage, and ultimately improve, 9fin’s hybrid IT estate utilising Google Workspace understand we have a remote / hybrid workforce across three offices;
• Proactively help us as we scale - implementing best practices at the right time;
• Build and manage the IT helpdesk and service desk functions for smooth and efficient resolution of day-to-day IT issues;
• Implement and manage device management systems (e.g., JumpCloud MDM), and endpoint protection solutions;
• Manage physical IT assets (computers, etc.), including working with our providers;
• Manage and improve SSO/SAML deployment processes;
• Own subscription provisioning across the business, including SSO/SAML connections to internal SaaS systems or tools;
• Oversee patch management (via JC) and endpoint security;
• Commercial Enablement
• Assist with client onboarding - including with due diligence questionnaires, and communicating directly with clients to ensure they are comfortable with our information processing, enterprise security systems, use of AI and LLMs, etc., including Vanta;
• Conduct security evaluations of third-party vendors and service providers, advising on and planning application security initiatives;
• Work with our product development team to ensure our clients are confident in our security and confidentiality controls;
• Information Security Strategy
• You’ll design a comprehensive information security strategy roadmap and determine what we can achieve and when - enabling your team to move at pace;
• Develop, implement and maintain all information security policies, guidelines, documentation, and processes;
• Build buy-in with all 9finner’s that IT, Information Security and Compliance is a shared responsibility, that is important to the long-term success of 9fin;
• Risk Management
• Implement and oversee long term compliance with information security accreditation requirements SOC2 and ISO27001;
• Take responsibility for identifying and defending against threats (seeing around corners), managing risks, and ensuring we are using the latest technology for ongoing departmental improvements;
• Increase cyber resilience and awareness across the organisation to establish clear security controls and robust operational procedures that provide value for money whilst minimising risks;
• Compliance and Audit
• Ensure compliance with relevant laws, regulations, and certification standards (e.g., GDPR, UK GDPR);
• Oversee penetration testing, vulnerability scans, incident responses, data loss prevention, phishing tests, and system audits; 
• Rapidly implement corrective actions and strategies based on audit findings;
• Lead Subject Access Requests responses, including technical audit of internal systems to ensure compliance with legal requirements;
• Stay up to date on the latest security trends, technologies, and standard updates;
• Incident Response
• Lead the incident response process for security breaches and coordinate the process with all relevant stakeholders;
• Develop and maintain an incident response plan, as well as a repository of past incidents to ensure learnings are brought forward;
• Coordinate with relevant teams to investigate and respond to security incidents;

Requirements

If you are a talented IT and Enterprise Security leader who has significant prior experience with the work listed above, has a hands-on approach, and is prepared to lead a fast-paced team in a dynamic company, we’d love to hear from you. 

You’ll also likely have: 

• Independent mindset: Ability and willingness to fully own the IT and enterprise security function at 9fin, with little guidance required;
• Senior stakeholder relationships: Ability to build strong communication channels with senior stakeholders based in different locations and time zones in order to ensure alignment across the business;
• Ready to push your boundaries: Desire to work at pace to ensure projects are implemented both well and fast, you will work on some critical projects for our scaling ambitions;
• Willingness to challenge the status quo: You see how things could be done better, and you aren’t afraid to speak up; 
• Commercial and pragmatic mindset: You understand what scaling a business means, and take a pragmatic view to what must be done now, and what can be done later; and
• Growth mindset: You believe that your team members and colleagues most basic abilities can be developed through dedication and hard work — brains and talent are just the starting point.

Benefits

We’re a scaling start up and we enjoy sharing our success, when the company succeeds, we always reinvest that in our people. We also offer huge amounts of responsibility, an abundance of opportunity for growth and a platform to truly excel.

Financial & Insurance

• Competitive Salary(our salary bands are benchmarked at the top end of the market)
• Equity options
• Pension (your minimum contributions are 4% with 9fin matching up to 7%)
• Private Medical Insurance
• Paid sick leave with Income Protection for long periods of illness
• Group Life Assurance
• Season Ticket Loan & Cycle to Work schemes

Time off

• 25 holiday days per year
• Local public holidays (with the ability to exchange them for alternative days)
• Hybrid working model, to allow you the flexibility to decide how, where and when you do your best work
• Work abroad for up to 3 months a year
• 1 month paid sabbatical after 5 years of service
• Enhanced parental leave & flexible working arrangements available

Training & Culture

• Professional learning and development budget
• Quarterly team socials
• Summer and Winter company social events

Don’t meet every single requirement? At 9fin we are dedicated to building and promoting a fair and inclusive workplace where everyone can flourish, reach their full potential and truly belong. We recognise diverse teams allow a more creative and productive environment. So, if you’re excited about this role but your experience doesn’t perfectly align with the job description, we encourage you to apply anyway. You might just be who we’re looking for - for this role, or perhaps another.