Overview
About Lorum
About The Company
About Lorum
Global payments are not broken. Incentives are. Clearing has been deprioritised inside balance sheet driven institutions whose models rely on lending and interest. When liquidity takes priority over settlement, payments slow and certainty drops. The same financial institutions that distort clearing as providers are disadvantaged as users. They are forced into fragmented setups, inconsistent rails, duplicated compliance, and unpredictable timelines. Stablecoin shortcuts and treasury pooling treat symptoms at the surface, but almost no one is rebuilding the underlying infrastructure in each market.
Rebuilding clearing from the ground up
We are rebuilding clearing as its own specialist function. We act as a clearing and transaction banking partner for regulated institutions, with treasury built into the core so liquidity, settlement, and reconciliation sit in one controlled system.
Our platform unifies global and local licenses, direct central bank clearing, and domestic rails. We allow clients to open named customer accounts in every market we operate, collecting funds and paying out through a single network while retaining full ownership of their customer relationships. Market expansion becomes as simple as one correspondent relationship, not hundreds.
Why Lorum
Joining Lorum means contributing to one of the most ambitious clearing infrastructure projects in global finance. You will help shape settlement systems that perform under real regulatory standards and institutional volumes. You will build for regulated institutions that rely on precision, predictable timelines, and regulatory integrity. It is about working across currencies, markets, and supervisory frameworks to deliver reliable, final settlement.
Role
About The Role
Role purpose
This role is security-led and foundational in nature. You will establish and operate Lorum’s initial information security, risk, and compliance framework to meet regulatory, supervisory, and institutional client requirements as the business scales.
Your focus will be on putting the right security and control foundations in place - frameworks, ownership, and ways of working - rather than building a large, segmented GRC function from day one. You will help ensure that security, risk, and compliance are embedded into how products are built, how operations run, and how decisions are made.
You will act as a key point of trust for regulators, auditors, and institutional clients, ensuring Lorum can demonstrate a clear, credible, and proportionate control environment as we grow into new markets and licences.
Key Responsibilities
* Security-led foundations
* Establish and operate Lorum’s information security and control framework, with an initial focus on pragmatic, high-impact security and technology controls.
* Define clear ownership for risks and controls, setting the foundations for future scaling of the security and GRC function.
* Partner with Engineering and Product to ensure security and risk industry standards are built into system design, change processes, and delivery practices.
* Risk & governance
* Identify, assess, and monitor key technology, operational, and regulatory risks, maintaining a clear and actionable risk register.
* Support structured, risk-informed decision-making across product development, market expansion, and operational change.
* Help evolve governance processes that are lightweight, auditable, and appropriate for a scaling, regulated business.
* Assurance, audits & clients
* Lead or coordinate audits and assurance activities (e.g. SOC 2, ISO 27001) with internal stakeholders and third parties.
* Act as a key interface for regulator, auditor, and client security and due-diligence engagements.
* Track findings and improvement actions, ensuring issues are owned and resolved pragmatically.
* Enablement & culture
* Develop clear, usable policies and guidance that support teams rather than slow them down.
* Promote a security-aware, ownership-driven culture across Engineering, Product, and Operations.
* Support the long-term evolution of the function as Lorum grows and responsibilities naturally specialise.
Must-Haves
* 4+ years of experience working in regulated environments across information security, risk, compliance, or GRC-adjacent roles.
* Strong grounding in information security and technology risk, particularly in modern, cloud-native or platform-based systems.
* Hands-on experience with at least one recognised assurance or control framework (e.g. SOC 2, DORA, ISO 27001, PCI DSS, or similar).
* Experience establishing or operating security and control frameworks in a scaling or high-growth organisation.
* Comfortable working autonomously, prioritising pragmatically, and operating without heavy structure.
* Able to communicate clearly with engineers, operators, auditors, and non-technical stakeholders.
Nice-to-Haves
* Experience supporting licensing, regulatory change, or supervisory interactions in regulated financial or infrastructure environments.
* Prior exposure to payments, transaction banking, clearing, or treasury systems.
* Familiarity with third-party risk management and vendor assurance processes.
* Experience working closely with engineering teams on security-by-design rather than post-hoc review.
* Professional certifications (e.g. CISM, CISA, CRISC, CISSP, ISO Lead Implementer/Auditor), or equivalent practical experience.
* Experience joining a company early and helping shape functions that later grow into specialist teams.
Benefits
* Opportunity to travel (if applicable)
* Flexible vacation policy
* Private Healthcare
* Employee stock ownership (ESOP)
* Flexible working and autonomy
* Pay it forward days - we offer 2 annual pay it forward days where you can take time to volunteer for a charitable cause that is important to you.
* Wellness days - we believe you can only work your best when you feel your best, and we know working at Lorum is intense, so we offer 3 wellness days every quarter where you can take time to re-energise.
#J-18808-Ljbffr