Responsibilities
- Work closely with engineering, architecture, product and delivery teams in Agile and DevOps environments to embed security by design.
- Support compliance with security and regulatory frameworks including ISO 27001, PCI DSS, OWASP and internal standards.
- Review security posture of vendors and outsourced services, providing due diligence and third‑party risk assurance.
- Present security findings, risk opinions and design recommendations clearly to both technical and non‑technical stakeholders, including senior leadership.
Required Experience and Skills
- Extensive experience in cyber security, security consulting, risk assessment or security architecture within regulated environments, ideally financial services.
- Strong knowledge of threat modelling methodologies, secure design principles, attack vectors and mitigating controls across network, application and cloud domains.
- Practical understanding of cloud security, secure application delivery, third‑party risk management and access management practices.
- Experience applying recognised frameworks and standards such as ISO 27001, PCI DSS, OWASP, NIST and enterprise security control frameworks.
- Ability to translate complex technical risks into business language and provide clear, evidence‑based recommendations.
- Exposure to contemporary architectures such as RESTful APIs and containerised microservices.
- Strong stakeholder management, written communication and presentation skills, with confidence engaging senior managers and control functions.
Qualifications and Certifications
- Essential: Demonstrable experience in security design, cyber risk, security consulting or related cyber security disciplines.
- Desirable: Professional certifications such as CISSP, CISM, CCSP, CEH, GIAC or equivalent.
- Preferred background: Experience supporting cloud transformation, digital delivery, third‑party assurance and regulated change programmes.
Desirable Attributes
- Commercially aware and able to balance risk reduction with pragmatic business delivery.
- Capable of working independently while influencing multidisciplinary teams and senior stakeholders.
- Understanding or awareness about banking systems.
- Comfortable operating in fast‑paced, high‑pressure environments with changing priorities.
- Structured, detail‑oriented and focused on producing high‑quality, repeatable outcomes.
Benefits
Competitive compensation and benefits including up to 20 days' vacation per year, various insurances such as Term life and Business Travel insurance, statutory benefits as per the law of the land.
