About You. Do you have a proven, established background in Cyber Security with a strong understanding of risk assessment and mitigation? Have you got the ability to communicate complex security issues to non-technical audiences? Does the idea of joining a business undergoing an exciting period of transformation appeal? The Role. We’re now looking for someone to help shape the future of cyber security at Billing Finance in a newly created high-impact position. This is your chance to influence decision-making at the highest level and build a security function from the ground up. You'll work directly with the Senior IT Operations Manager to define and drive security initiatives that protect the entire business. You'll identify internal and external threats, then develop and execute plans to mitigate them. You'll provide both proactive and reactive security measures, monitoring systems and resolving issues before they impact the business. You'll ensure the company is prepared for any cyber incident, coordinating responses and maintaining strong business continuity and disaster recovery plans. Working closely with the IT Operations Manager, you'll help deliver strategic projects and solve complex security challenges. You'll be instrumental in ensuring all systems are appropriately access controlled, ensuring robust security governance. By maintaining a clear overview of the company’s security posture, you'll enable rapid threat identification and response. There’s a lot to this role, but here’s a taste of what you’ll get up to: Work with stakeholders to understand where threats exist internally and externally, then devise and execute plans to mitigate them Provide both proactive and reactive cyber security capability to the business through monitoring and remediations Ensure cyber and InfoSec incident preparedness, response coordination, and remediation, as well as regularly reviewed and tested business continuity and disaster recovery plans Work closely with the Senior IT Operations Manager to progress strategic project work, and ensure the swift resolution of business problems Administer and update all relevant applications such as EDR/XDR, MDM, SIEM etc and manage penetration testing activities Responsibility for device security, and ensuring non-authorised devices, as well as those used outside of allowed geographical locations cannot access nor authenticate to company systems/services etc. Ensure the business is alerted to and protected from all CVE’s, zero day, vulnerabilities etc which apply to our landscape through numerous channels Assist in the configuration, deployment, and management of end user devices with a security best practice mindset Collaborate with engineering and technology departments ensuring governance around ‘secure by design’ principles. Maintain all cyber and InfoSec documentation, as well as perform audits, reviews and assessments ensuring continual improvement and reporting in line with CE/CE and ISO27001 accreditations. Identifying new technologies to support the business achieving its strategic objectives. Liaise with 3rd party suppliers to improve security position and establish best practices. Providing input to the continuous review of our processes and procedures, ways of working and tooling to enhance the department’s capability and offering into the wider business. Drive employee training and awareness initiatives. Supporting the identification of key IT risks and appropriate mitigations to keep them within appetite. Adhering to the Company’s GDPR and security policies. Your Background and Experience We're looking for someone with: Proven track record in trialling, procuring, and implementing security tools Experience in conducting assessment of a company’s cyber posture and subsequently making recommendations for initial and continual improvement Skilled in clearly communicating to non-technical audiences (including at a senior level) any findings and remedial works around cyber and information security incidents Ability to provide cyber awareness and training to employees at all levels Why Join Us? We’re a values-driven business where your voice matters. You’ll join a team that believes in collaboration, continuous improvement, and doing the right thing—for our customers, and each other. About Billing Finance. We are a privately-run family owned vehicle financing Company based on the outskirts of Northampton. We focus on customers with non-standard credit profiles that may not fit the automated underwriting processes of other lenders. Our mission is to help get all our people, including customers and staff “where they need to be” by “putting them at the heart of everything we do”. We help people with non-standard credit profiles access vehicle finance, and as a small, ambitious company, you’ll see the direct impact of your work across the full customer journey. We offer meaningful benefits, flexibility, and a team that values getting things done. Our values are: We are responsible – We are conscious of our impact on people and planet We care about you – We are kind and compassionate with our customers and with each other We work with you – We support financial wellbeing for our customers and the wider community The successful candidate will not only have a successful and fulfilling career with us but will also receive a fantastic range of benefits: Discretionary bonus scheme Electric Vehicle salary sacrifice scheme Pension salary sacrifice scheme Private Medical Income Protection Hybrid working Employee Assistance Programme Annual £200 personal growth fund Paid volunteering days We currently have approximately 100 staff members, so if you want to join a Company that wants to make a difference then apply today! The Recruitment Process and How We Will Use Your Data. The recruitment process will involve obtaining information and/or exchanging it with the following organisations to assist with our pre-employment checks prior to interview. Credit Reference Agencies – to complete a soft credit check to understand your financial history CIFAS – to check both National and Internal databases for fraudulent activity. The personal information we have collected from you will be shared with Cifas who will use it to prevent fraud, other unlawful or dishonest conduct, malpractice, and other seriously improper conduct. If any of these are detected, you could be refused certain services or employment. Your personal information will also be used to verify your identity. Further details of how your information will be used by us and Cifas, and your data protection rights, can be found here https://www.cifas.org.uk/fpn.