ABOUT US

Pliant is a European fintech specializing in B2B payment solutions. Our modular, API-first platform helps businesses streamline spending, improve cash flow, and integrate payments into their financial workflows. Designed for industries with complex payment needs, such as travel and fleet, Pliant enables greater efficiency, control, and profitability.

We serve two primary customer segments:

• Companies looking to optimize operational processes through intuitive apps and APIs, gaining control, automation, and financial flexibility through extended credit lines.
• Businesses such as financial software platforms, ERP providers, and banks that want to launch or enhance their credit card offerings using Pliant’s embedded finance and white-label solutions.

Founded in 2020 and headquartered in Berlin, Pliant supports over 4,000 businesses and more than 20 partners globally. As a licensed e-money institution (EMI), we issue Visa-powered credit cards in 11 currencies across more than 30 countries, helping companies streamline and simplify payments.

Learn more at
www.getpliant.com

ABOUT THE ROLE

The Head of Operational Risk & Information Security, based at Pliant Payments Ltd, the Group’s UK entity applying for an Electronic Money Institution (EMI) licence, is responsible for establishing, maintaining, and continuously strengthening Pliant’s Operational Risk, ICT Risk, and Information Security frameworks in line with FCA, PRA, and UK regulatory expectations.

The role ensures compliance with relevant UK and international standards, including FCA SYSC requirements, Operational Resilience rules, UK GDPR, ISO 27001, SOC 2, and PCI DSS.

While part of the Second Line of Defence, the role provides group-wide oversight and coordination across Pliant’s operations in the UK, Germany, and the US.

The Head is responsible for promoting a strong risk and security culture, ensuring operational resilience, and protecting the confidentiality, integrity, and availability of Pliant’s systems and data. The role also acts as the primary UK contact for regulators, auditors, and partners on operational risk and information security matters.

WHAT YOU’LL DO

1. Governance, Framework & Leadership

• Lead the development and continuous enhancement of Pliant’s Operational Risk and Information Security Frameworks in line with FCA, PRA, and UK EMI expectations.
• Maintain governance, control, and reporting structures that meet SYSC 13A, Operational Resilience, and Risk Management requirements.
• Act as the 2nd Line of Defence lead, providing independent oversight, challenge, and assurance across all Pliant entities.
• Partner with Engineering, Compliance, and Operations teams to embed security by design into all products and processes.

• Advise senior management, the UK Board, and Group Risk Committee on risk trends, resilience, and information security posture.

2. Risk Oversight & Incident Management

• Own and maintain the enterprise-wide incident management framework, covering ICT and non-ICT incidents.
• Ensure consistent incident classification, escalation, root cause analysis, and reporting in line with FCA/PRA operational incident and major incident requirements.
• Lead post-incident reviews and ensure lessons learned are documented and integrated into ongoing risk management processes.
• Oversee compliance with UK incident notification obligations.

3. Information Security Governance

• Maintain and improve Pliant’s Information Security Management System (ISMS) in accordance with ISO 27001, SOC 2, and PCI DSS.
• Develop, implement, and enforce security policies and standards aligned with NCSC guidance and ICO data protection expectations.
• Oversee cyber incident detection, response, and recovery in coordination with the Group Technology team.
• Ensure business continuity and disaster recovery plans are regularly tested and compliant with FCA and PRA operational resilience principles.

4. Business Continuity & Operational Resilience

• Coordinate Business Continuity Management (BCM) and Operational Resilience across the UK entity and the wider group.
• Conduct and maintain Business Impact Analyses (BIAs) and ensure Important Business Services (IBS) have tested impact tolerances.
• Oversee alignment of technical recovery objectives (RTOs/RPOs) with regulatory and business requirements.
• Collaborate with IT and Operations to ensure continuity arrangements remain fit for purpose and demonstrably resilient.

5. Third-Party & Outsourcing Risk

• Oversee the outsourcing and third-party risk management framework in compliance with FCA/PRA outsourcing rules and the EBA Outsourcing Guidelines.
• Conduct due diligence and ongoing monitoring of critical third parties and cloud providers.
• Ensure supplier contracts include clear provisions for risk management, data protection, and security obligations.
• Liaise with the Group Legal and Compliance teams to ensure consistent governance of material outsourcing arrangements.

6. Regulatory Engagement & Assurance

• Serve as the primary point of contact for the FCA on operational risk, ICT risk, and information security matters.
• Represent Pliant Payments Ltd and the Group in regulatory reviews, audits, and assurance activities.
• Support audit readiness for FCA, ISO 27001, SOC 2, PCI DSS, and other relevant frameworks.
• Track audit findings, ensuring timely remediation and effective follow-up.

7. Training & Awareness

• Foster a strong risk and security culture throughout the organisation.
• Design and deliver regular training on cybersecurity, incident reporting, risk management, and operational resilience.
• Encourage continuous improvement, open communication, and proactive identification of risks.
  
  

WHAT YOU’LL BRING

• Bachelor’s or Master’s degree in Information Security, Risk Management, Computer Science, or a related field.
• 5+ years of experience in operational risk, ICT risk, or information security management within financial services, fintech, or EMI environments.
• In-depth understanding of FCA and PRA operational resilience, UK GDPR, and information security expectations.
• Proven experience implementing or managing ISO 27001, SOC 2, and PCI DSS frameworks.
• Strong leadership and stakeholder management skills, with experience managing a small risk/security team.
• Excellent written and verbal communication skills, capable of engaging senior management, regulators, and auditors.

NICE TO HAVE

• Professional certifications such as CISM, CISSP, CRISC, ISO 27001 Lead Implementer/Auditor.
• Familiarity with NCSC Cyber Essentials and DORA (EU).
• Working knowledge of another European language.

WHAT WE OFFER

• The opportunity to work in a growing team with big responsibilities that thrives on a strong exchange of knowledge and excellence
• Attractive remuneration
• Flat hierarchy and transparent communication in a relaxed, professional atmosphere
• Opportunity to develop your talent in a dynamic team with ambitious goals
• Flexibility and possibility to work remotely
• Company card with a monthly allowance for lunches, coffee, etc. with co-workers

At Pliant, we believe diversity and inclusion are essential to building not only an innovative product but also an exceptional experience for both our customers and our team. This commitment begins with our hiring process—we welcome individuals of all racial and ethnic backgrounds, religions, national origins, gender identities or expressions, sexual orientations, ages, marital statuses, and abilities. If you require accommodations or accessibility support during the interview process, please let us know in your application so we can make sure your experience is seamless.