Information Security Manager

Job Description

About the Role

The Information Security Manager will play a crucial role in protecting the confidentiality, integrity, and availability of our systems and data. You’ll work across the business to support secure delivery of projects, conduct thorough risk assessments, oversee third-party security engagements, and contribute to shaping our evolving security posture. This is a hands-on role ideal for someone who enjoys both strategic thinking and rolling up their sleeves to get things done.

Responsibilities:

Security in Projects: Advise and support project teams to embed security best practices throughout the project lifecycle.

Penetration Testing and Vulnerability Management: Scope, manage, and track remediation of penetration testing and vulnerability assessments. Management vulnerability reporting.

Application Security: Maintain application security processes, standards and guidelines. Translate application security policies into security requirements. Must have good experience in application security.

Risk Assessments: Conduct and document security risk assessments on changes, threats, vulnerabilities, and new initiatives.

Third-Party Risk: Perform third-party vendor risk assessments and ongoing security reviews. · Solution Due Diligence: Assist in identifying and assessing new security technologies and vendors.

Incident Management: Lead or support the response to security incidents, including investigation, containment, root cause analysis, and reporting. Work with internal teams to continuously improve incident response processes.

Security Frameworks: Support compliance and alignment with ISO 27001, Cyber Essentials, SWIFT, NIST and other relevant frameworks. Must have some previous experience in regulatory compliance.

Stakeholder Communication: Communicate effectively with various stakeholders including engineers, product managers, operations team, senior management, and auditors about the information security posture, risks, and mitigation strategies.

Qualifications

About You

· Minimum of 8 years’ experience in information security roles, ideally in the financial sector.

· Bachelor\’s degree or higher in Computer Science or equivalent industry experience

· CISSP certification required; additional certifications (e.g. CEH, OSCP, AWS Security) are a plus. Preferred but not essential

· Must have a strong understanding of security in the context of software development and application security (OWASP, SDLC, DevSecOps).

· Must have in depth experience with threat analysis and incident response.

· Experience working with ISO 27001, Cyber Essentials, and preferably NIST CSF, SOC 2, or SWIFT frameworks.

· Hands-on, pragmatic approach with the ability to operate in a lean, fast-paced environment. · Excellent communication skills, with the ability to engage both technical and non-technical stakeholders. · Innovative mindset with a passion for staying current in the ever-evolving cyber landscape. · Experience working in or with regulated financial institutions is desirable.

Additional Information

Why Join Us?

· Be part of a small, agile, and collaborative team where your impact is direct and visible.

· Opportunity to work on cutting-edge financial services and security projects.

· Competitive salary and benefits, including training and development support.

· Hybrid working arrangements and a culture that values innovation and initiative.

Benefits include:

• Hybrid working
• Contributory personal pension plan: – Minimum: Employee 2% and Employer 7%. Employer matches contributions in 1% increments to a maximum of: Employee 5% and Employer 10%
• Life Assurance – 4 times annual salary
• Group Income Protection
• Private Medical Insurance – this may include cover for partner and or children at company cost. Cover includes Optical, Dental and Audiology
• Discretionary Bonus
• Competitive Annual Leave
• 2 Volunteering Days
• Benefit Hub