At a Glance
- Tasks: Lead a team in driving Asta's information security programme and manage security incidents.
- Company: Join Asta, a leader in innovative security solutions with a supportive culture.
- Benefits: Enjoy flexible working, generous holidays, private medical insurance, and a competitive pension.
- Other info: Opportunity for career growth and to work with top-tier clients in the industry.
- Why this job: Make a real impact in cybersecurity while developing your skills in a dynamic environment.
- Qualifications: 7+ years in cybersecurity with leadership experience and strong communication skills.
The predicted salary is between 60000 - 80000 £ per year.
The Information Security Tech Lead is responsible for owning and driving the end-to-end information security programme across Asta and its client base. This role is technical and leads a team of Engineers, providing authoritative security direction across PAM, EDR, SIEM, DLP, identity governance, vulnerability management and regulatory compliance.
Key Responsibilities
- Security Leadership & Team Management
- Lead a team of engineers, setting direction, managing workloads, and developing capability.
- Act as the primary security escalation point across the Infrastructure function.
- Own the InfoSec roadmap aligned to Asta’s IT transformation programme.
- Infrastructure Security Engineering & Hardening
- Implement and maintain security controls across infrastructure and systems.
- Harden infrastructure by applying best practices for IAM, PIM, PAM encryption and network security.
- Review and implement security tooling recommendations including AD hardening tools like Ping Castle and Semperis Lightening, as well as vendor solutions and systems.
- Collaborate on implementing security controls into pipelines, including security scans, policy enforcement and dependency checking.
- Security Monitoring & Incident Response
- Monitor security alerts and events from SIEM, EDR, firewall, IDS/IPS and other security tools.
- Triage and prioritise alerts based on severity and impact.
- Investigate security incidents and suspicious activities using log analysis, packet captures and forensic techniques.
- Lead containment, eradication and recovery during incidents.
- Maintain alerting for security events and integrate with SIEM/SOAR platforms.
- Security Strategy & Programme Delivery
- Define, own and drive delivery of Asta’s end‑to‑end security programme spanning PAM, EDR, NDR, SIEM, penetration testing, DLP and compliance.
- Translate regulatory obligations (FCA/PRA, Lloyd’s Principle 12, CBEST, ISO 27001, Cyber Essentials) into actionable technical controls and measurable outcomes.
- Client Security Services
- Provide security advisory and managed security services to 20+ syndicate and MGA clients including Carbon Underwriting, Dale Underwriting Partners and Beat Capital.
- Conduct client security reviews, Secure Score assessments, Semperis/Entra evaluations and PAM deployment planning.
- Act as the security escalation point for client‑facing incidents and assurance requests.
- Threat Intelligence & Detection
- Stay current with emerging threats, vulnerabilities, attack techniques and security trends.
- Apply threat intelligence to improve detection capabilities, identify indicators of compromise and contribute to threat hunting activities and proactive monitoring.
- Compliance & Documentation
- Support compliance and audits for ISO 27001, NIST, SOC2, Lloyd’s Principle 12 and other standards.
- Prepare incident reports, timelines, reviews and maintain event logs.
- Contribute to security documentation, runbooks and standards.
- Produce metrics and quarterly reports on security posture and incidents for senior management.
- Coordinate Cyber Essentials certification and audits.
- Handle security requests and data sharing from third parties.
- Operational Resilience & Disaster Recovery
- Support operational resilience and business continuity planning activities including scenario testing and disaster recovery exercises.
- Participate in post‑incident reviews and implement lessons learned.
- Phishing Campaign Management
- Design, implement and manage simulated phishing campaigns to test and improve staff awareness of social engineering threats.
- Analyse results, identify training needs and track metrics on phishing resilience and user security awareness.
Skills, Knowledge & Expertise
- 7+ years of hands‑on experience, including at least 3–4 years in a lead, management or principal role in cybersecurity, combining security engineering, SOC operations or incident response within a regulated industry.
- Demonstrable experience leading and developing a security team.
- Confident communicator able to translate complex security risk into business language for C‑suite and board audiences.
- Strong understanding of cybersecurity principles, attack vectors, defense strategies, OWASP Top 10 and the Mitre Attack framework.
- Experience with cloud security (Azure/AWS), IAM, secrets management, encryption and certificate management.
- Experience with the Microsoft 365 security suite including Microsoft Defender, Azure AD Identity Protection, threat analytics and security compliance tools.
- Hands‑on experience with SIEM platforms such as Splunk, Crowdstrike Falcon, LogRhythm, Sentinel and Microsoft Defender.
- Experience working with tools such as Varonis, Tenable, Pentera and external and internal SOC processes.
Job Benefits
- At Asta, you’ll enjoy a market‑leading benefits package that puts your wellbeing, career development and financial future first.
- We combine flexible working, strong family‑friendly policies and exceptional rewards to create a supportive, inclusive and high‑performing workplace.
- Work‑life balance you can rely on: 35‑hour working week with hybrid and flexible working.
- Generous holiday allowance that increases with service.
- Your health & wellbeing covered: Private medical insurance with virtual GP access, annual health screening, dental cover and eye care, subsidised gym or sports club membership.
- Support for you and your family: Enhanced maternity, paternity, adoption and shared parental pay.
- Rewarding your contribution: Highly competitive pension with up to 13% employer contribution, life assurance and income protection, discretionary annual bonus scheme, interest‑free season ticket loan and salary sacrifice schemes.
Information Security Technical Lead employer: Asta Capital Limited
Asta is an exceptional employer, offering a dynamic work environment in London where innovation and security are at the forefront of our mission. With a strong focus on employee wellbeing, we provide a market-leading benefits package, including flexible working arrangements, comprehensive health coverage, and generous holiday allowances that promote a healthy work-life balance. Our commitment to professional growth ensures that team members have ample opportunities for development and advancement within a supportive and inclusive culture.