Job Description
About the Role
The Information Security Manager will play a crucial role in protecting the confidentiality, integrity, and availability of our systems and data. You’ll work across the business to support secure delivery of projects, conduct thorough risk assessments, oversee third-party security engagements, and contribute to shaping our evolving security posture.
This is a technically hands-on role ideal for someone who enjoys both strategic thinking and rolling up their sleeves to get things done.
Key Responsibilities
· Security in Projects: Advise and support project teams to embed security best practices throughout the project lifecycle.
· Penetration Testing: Scope, manage, and track remediation of penetration testing and vulnerability assessments.
· Application Security: Maintain application security processes, standards and guidelines. Translate application security policies into security requirements and work closely with engineers.
· Risk Assessments: Conduct and document security risk assessments on changes, threats, vulnerabilities, and new initiatives.
· Third-Party Risk: Perform third-party vendor risk assessments and ongoing security reviews.
· Solution Due Diligence: Assist in identifying and assessing new security technologies and vendors.
· Incident Management: Lead or support the response to security incidents, including investigation, containment, root cause analysis, and reporting. Work with internal teams to continuously improve incident response processes.
· Security Frameworks: Support compliance and alignment with ISO 27001, Cyber Essentials, SWIFT, NIST CSF and other relevant frameworks.
· Stakeholder Communication: Communicate effectively with various stakeholders including engineers, product managers, operations team, senior management, and auditors about the information security posture, risks, and mitigation strategies.
Qualifications
About You
· Extensive experience in information security roles, ideally in a regulated environment.
· Bachelor's degree or higher in Computer Science
· CISSP certification is essential; additional certifications (e.g. CEH, OSCP, AWS Security) are a plus.
· Experience working with ISO 27001, Cyber Essentials, NIST CSF and preferably SOC 2, or SWIFT frameworks.
· Strong understanding of security in the context of software development and application security (OWASP, SDLC, DevSecOps).
· Technically hands-on ( AWS, DevSecOps pipelines, configuration of security vendor solutions, basic scriptic language for automation), and experience using tools like Tenable, Mimecast, Akami, Sophos and MDR tools.
· Excellent communication skills, with the ability to engage both technical and non-technical stakeholders.
· Innovative mindset with a passion for staying current in the ever-evolving cyber landscape.
· Experience working in or with regulated financial institutions is desirable.
Additional Information
Why Join Us?
· Be part of a small, agile, and collaborative team where your impact is direct and visible.
· Opportunity to work on cutting-edge financial services and security projects.
· Competitive salary and benefits, including training and development support.
· Hybrid working arrangements and a culture that values innovation and initiative.
Benefits include:
* Hybrid working
* Contributory personal pension plan: - Minimum: Employee 2% and Employer 7%. Employer matches contributions in 1% increments to a maximum of: Employee 5% and Employer 10%
* Life Assurance – 4 times annual salary
* Group Income Protection
* Private Medical Insurance – this may include cover for partner and or children at company cost. Cover includes Optical, Dental and Audiology
* Discretionary Bonus
* Competitive Annual Leave
* 2 Volunteering Days
* Benefit Hub