At a Glance
- Tasks: Lead information security governance and risk management in a dynamic FinTech environment.
- Company: Join Wealth Dynamix, an award-winning FinTech firm transforming client management.
- Benefits: Enjoy career progression, learning opportunities, and a hybrid work model.
- Other info: Be part of a diverse culture with global clients and exciting projects.
- Why this job: Make a real impact in the fast-paced world of FinTech and digital transformation.
- Qualifications: Experience in ISO 27001 and strong understanding of information security risk management.
The predicted salary is between 60000 - 80000 £ per year.
- Information Security Manager
- Fintech - Hybrid
Calling highly motivated, bright candidates who are looking for a career at an exciting award winning Fin Tech firm!
- Company: Wealth Dynamix
- Role: Information Security
- Manager
Would you like to join one of the fastest growing Fin Tech firms in Europe?
We are looking for an analytical self starter with experience in product focussed software delivery.
If you are passionate about digital transformation and keen to learn about delivering the market leading Client Lifecycle Managing solution to the Wealth Management industry,? apply now!
Who are we?
- Wealth Dynamix helps to relieve the burden client management issues for wealth management and private banking firms with innovative technology.
- We provide Relationship Managers with a multi-award winning digital Client Lifecycle Management (CLM) platform, offering 360-degree access to their client.
- We are a global leader in end-to-end CLM, Wealth Dynamix has offices and clients in three continents with headquarters in the UK.
What is the role?
- The role is accountable for defining, operating and evidencing the information security governance framework.
Technology and Engineering teams remain responsible for implementing and operating technical controls, subject to oversight, assurance and challenge from the Information Security function.
- Purpose of Role
- The Information Security Manager owns the company’s information security governance, risk and compliance programme, including the ISMS, client security assurance, security policy framework, incident governance, supplier security assurance, and security reporting.
The role works closely with Technology, Product, Operations, Legal and senior leadership to ensure the company’s products, services and operations meet internal, regulatory, contractual and client security expectations.
- The role provides security input into privacy compliance activities and works with the DPO on UK GDPR and EU GDPR obligations, DPIAs, data protection by design and incident response.
The role is not the statutory DPO unless separately appointed.
- The role reports to the COO and ultimately to the WDX Board.
Responsibilities
- ISMS & IS Programme
- Maintain and continuously improve the Information Security Management System, firmwide information security programme, security policies, certifications and control framework, aligned to ISO 27001, SOC 2, DORA-related customer obligations, applicable financial services expectations and Crédit Agricole Group requirements.
- Partner with Product, Engineering and Technology teams to embed security into the software development lifecycle, including secure design reviews, threat modelling, secure coding standards, dependency scanning, SAST/DAST tooling, secrets management, application/API penetration testing, vulnerability remediation tracking and release security governance.
- Support DORA-related client and contractual obligations for EU financial services customers, including ICT risk management evidence, incident response and notification processes, resilience testing, ICT third-party risk controls, subcontractor oversight, exit planning and audit evidence.
- Provide security governance over cloud and Saa S environments, including identity and access management, logging and monitoring, encryption, key management, backup, tenant segregation, environment segregation, secure configuration and cloud security posture management.
- Own and test the security incident response framework, including severity classification, escalation, communications, evidence preservation, lessons learned and remediation tracking.
- Support Legal and Sales teams in reviewing client and supplier contract clauses relating to information security, privacy, audit rights, incident notification, resilience, subcontracting and data protection.
- Audit & Budgets
- Coordinate internal, external, client and certification audits, including audit planning, evidence collection, stakeholder coordination, finding remediation and management reporting.
- Manage the information security budget, including security tooling, external assurance, certifications, training and specialist advisory support, in line with agreed financial controls.
- Operate a risk-based third-party security assurance framework covering supplier onboarding, periodic reassessment, critical supplier classification, contractual security controls, subcontractor/sub-processor oversight, supplier incident monitoring and exit arrangements.
- Own the client security assurance process, including security questionnaires, RFP/RFI responses, client audits, evidence packs, ISO 27001/SOC 2 artefacts, penetration test summaries, contractual security schedules and remediation tracking.
- Security Awareness & Planning
- Plan and maintain the annual security roadmap for the company.
- Determine whether emerging technology or market trends pose a security risk to the company.
- Provide quarterly security updates to the Board, including risk posture, material vulnerabilities, incident trends, control maturity and alignment to risk appetite.
- Provide monthly updates to the Executive Committee on security roadmap delivery, key risks, incidents, audit actions, supplier risks and control performance.
- Provide security awareness training to employees to help them identify potential threats and understand how to protect themselves from harm.
- Support the Board and Executive Committee in understanding cyber risk, regulatory expectations, risk appetite, material control gaps and their governance responsibilities.
- Others
- Undertake any such duties required to continuously improve the Company Information Security Management System and set high standards and levels of compliance related to Information Security.
- Develop and report security KPIs/KRIs, including vulnerability remediation, patch compliance, access review completion, audit action closure, supplier assurance status, incident trends, phishing performance, training completion and control exceptions.
- Partner with Technology and Operations to maintain and evidence business continuity, disaster recovery and digital operational resilience controls, including dependency mapping, backup/restore testing, RTO/RPO validation, and remediation tracking.
Why should you apply?
- This is a fantastic opportunity to work in a growing Fin Tech environment with excellent career progression available.
- With a global client base the role offers an opportunity to experience a wide variety of digital transformation projects – each with their own unique requirements and opportunities.
- We take career progression seriously, with investment into the WDX Academy for new and existing employee learning and development.
- You will learn a lot with exposure to multiple complex client needs.
Who is best suited to this role?
Essential
- Demonstrable experience owning or materially operating an ISO 27001-aligned or certified ISMS
- Experience supporting SOC 2, client security assurance, external audits or certification evidence processes.
- Strong understanding of information security risk management, control assessment, risk treatment and governance reporting.
- Experience coordinating security incident response governance, including escalation, communications and remediation tracking.
- Experience operating or improving supplier security assurance and third-party risk processes.
- Ability to report security risks, control performance and remediation priorities to senior stakeholders, including Ex Co or Board-level audiences.
- Experience in a Saa S, fintech, financial services, regulated technology or B2B enterprise software environment.
Desirable
- Exposure to DORA, FCA operational resilience, outsourcing/third-party risk or financial services client assurance requirements.
- Experience with Microsoft Dynamics, Azure security, Saa S platforms or Microsoft cloud security controls.
- Working knowledge of UK GDPR/EU GDPR and privacy-by-design principles.
- Familiarity with secure SDLC, application security testing, Dev Sec Ops or product security governance.
Qualifications
- Relevant professional certification such as CISSP, CISM, CISA, CRISC, ISO 27001 Lead Implementer/Lead Auditor or equivalent experience.
- Degree in cybersecurity, computer science, risk management or a related discipline, or equivalent practical experience.
We believe we offer career defining opportunities and are on a journey that will build awesome memories in a diverse and inclusive culture.
If you are looking for more than just a job, get in touch.
Information Security Manager - Fintech - Hybrid in London employer: Wealth Dynamix
Wealth Dynamix is an exceptional employer located in the heart of London, offering a dynamic work culture that fosters innovation and collaboration. Employees benefit from a strong focus on professional development, with ample opportunities for career progression in the fast-paced FinTech sector. The company values work-life balance and provides a supportive environment where team members can thrive and contribute to meaningful projects.
StudySmarter Expert Advice🤫
We think this is how you could land Information Security Manager - Fintech - Hybrid in London
✨Get Involved in the Cybersecurity Community
Diving into the cybersecurity community is key for landing that full-time gig. Join forums like Reddit's r/cybersecurity or attend local meetups to connect with industry veterans and other job seekers. Networking is everything in this field—don’t just be a passive lurker!
✨Show Off Your Skills with Capture the Flag Competitions
Participate in Capture the Flag (CTF) competitions; these are not just a fun way to boost your skills but also a chance to showcase your talent to potential employers. Many companies, including Wealth Dynamix, love seeing candidates who actively engage in these challenges.
✨Tailor Your Online Presence
Make sure your LinkedIn and any professional profiles reflect your cybersecurity expertise. Share your projects, whether they’re personal or from a previous role, to catch the eye of hiring managers. This is how they’ll find your passion and commitment to the field!
✨Apply Directly Through Wealth Dynamix
Don’t forget to head straight to our website and check out any openings for cybersecurity roles at Wealth Dynamix. Applying directly can sometimes give you an edge, especially if you can mention that you've been following our work or engaging in the community.
We think you need these skills to ace Information Security Manager - Fintech - Hybrid in London
Some tips for your application 🫡
Show off your technical skills:In cybersecurity, it's crucial to highlight your technical prowess. Make sure your CV showcases specific skills like network security, penetration testing, or threat analysis. If you have relevant certifications (like CEH or CISSP), pop those on the front page to grab attention!
Tailor your portfolio for the role:Even for a full-time role, a portfolio can set you apart. If you've worked on any cybersecurity projects—be it CTF challenges, security assessments, or research papers—include these in your application. This demonstrates not just your skills, but also your hands-on experience!
Use real-world examples:When writing your cover letter, don’t just stick to your qualifications. Share real-world examples of how you’ve tackled security issues or vulnerabilities. This gives the hiring team at Wealth Dynamix insight into your practical problem-solving abilities and makes your application memorable.
Demonstrate your passion for cybersecurity:Cybersecurity is an ever-evolving field, so show us that you’re always learning! Mention any recent courses, webinars, or industry events you’ve attended. This not only exhibits your enthusiasm but also signals to Wealth Dynamix that you’re committed to staying ahead in the game.
How to prepare for a job interview at Wealth Dynamix
✨Sharpen Your Technical Skills
For a role in cybersecurity, it’s essential to be up-to-date with the latest tools and techniques. Brush up on your knowledge of firewalls, intrusion detection systems, and vulnerability assessment tools. Be ready to discuss specific scenarios where you’ve applied these skills, as hands-on experience can really set us apart in interviews.
✨Prepare for Scenario-Based Questions
Expect the interviewers at Wealth Dynamix to throw in some hypothetical situations to see how you’d handle them. Think about common security breaches or incidents and be prepared to explain how you would respond. This not only shows your problem-solving skills but also your understanding of real-world cybersecurity challenges.
✨Highlight Your Certifications
Certifications like CompTIA Security+, CISSP, or CEH can give you a significant edge in a full-time role in cybersecurity. Make sure to mention these during your interview and be prepared to discuss what you learned through those certifications and how they relate to the position at Wealth Dynamix.
✨Show Your Passion for Cybersecurity
Since you’re going for a full-time gig, showing genuine enthusiasm for the field can make all the difference. Share any personal projects, blogs, or communities you’re part of that relate to cybersecurity. This not only showcases your passion but also your commitment to staying engaged in this ever-evolving field.