Information Security Manager

About the Role

The Information Security Manager will play a crucial role in protecting the confidentiality integrity and availability of our systems and data. Youll work across the business to support secure delivery of projects conduct thorough risk assessments oversee third-party security engagements and contribute to shaping our evolving security posture. This is a hands-on role ideal for someone who enjoys both strategic thinking and rolling up their sleeves to get things done.

Responsibilities:

Security in Projects: Advise and support project teams to embed security best practices throughout the project lifecycle.

Penetration Testing and Vulnerability Management: Scope manage and track remediation of penetration testing and vulnerability assessments. Management vulnerability reporting.

Application Security: Maintain application security processes standards and guidelines. Translate application security policies into security requirements. Must have good experience in application security. 

Risk Assessments: Conduct and document security risk assessments on changes threats vulnerabilities and new initiatives. 

Third-Party Risk: Perform third-party vendor risk assessments and ongoing security reviews. Solution Due Diligence: Assist in identifying and assessing new security technologies and vendors.

Incident Management: Lead or support the response to security incidents including investigation containment root cause analysis and reporting. Work with internal teams to continuously improve incident response processes.

Security Frameworks: Support compliance and alignment with ISO 27001 Cyber Essentials SWIFT NIST and other relevant frameworks. Must have some previous experience in regulatory compliance.

Stakeholder Communication: Communicate effectively with various stakeholders including engineers product managers operations team senior management and auditors about the information security posture risks and mitigation strategies.

Qualifications :

About You

Minimum of 8 years experience in information security roles ideally in the financial sector.

Bachelors degree or higher in Computer Science or equivalent industry experience

CISSP certification required; additional certifications (e.g. CEH OSCP AWS Security) are a plus. Preferred but not essential

Must have a strong understanding of security in the context of software development and application security (OWASP SDLC DevSecOps).

Must have in depth experience with threat analysis and incident response.

Experience working with ISO 27001 Cyber Essentials and preferably NIST CSF SOC 2 or SWIFT frameworks.

Hands-on pragmatic approach with the ability to operate in a lean fast-paced environment. Excellent communication skills with the ability to engage both technical and non-technical stakeholders. Innovative mindset with a passion for staying current in the ever-evolving cyber landscape. Experience working in or with regulated financial institutions is desirable.

Additional Information :

Why Join Us

Be part of a small agile and collaborative team where your impact is direct and visible.

Opportunity to work on cutting-edge financial services and security projects.

Competitive salary and benefits including training and development support.

Hybrid working arrangements and a culture that values innovation and initiative.

Benefits include:

• Hybrid working
• Contributory personal pension plan: - Minimum: Employee 2% and Employer 7%. Employer matches contributions in 1% increments to a maximum of: Employee 5% and Employer 10%
• Life Assurance 4 times annual salary
• Group Income Protection
• Private Medical Insurance this may include cover for partner and or children at company cost. Cover includes Optical Dental and Audiology
• Discretionary Bonus
• Competitive Annual Leave
• 2 Volunteering Days
• Benefit Hub

Remote Work :

No

Employment Type :

Full-time