Cyber Security Manager - Fintech

We’re looking for a passionate and experienced Cyber Security Manager with a proven track record of delivering software solutions to join our Fintech division within N Brown. As a member of the Fintech team, you’ll be at the heart of a unique and exciting venture to assemble a new financial services platform.

liDriven by boundless curiosity and experimentally minded, always starting with ‘why?’.
• Tenacious and persistent, willing to go above and beyond to deliver great outcomes.
• Focused and decisive, able to ruthlessly prioritise to stay on track.
• Energised by collaboration and a champion of radical candour.
• Work hard whilst maintain our sense of humour, and don't take ourselves too seriously.

We are looking for an experienced cyber security specialist, with a track record of facilitating change to help assure our future success. The Cyber Security Manager will oversee risk assessment and communication related to software and infrastructure vulnerabilities. They will collaborate with teams to identify vulnerabilities, prioritise risks, and improve the vulnerability management process, including continuous scanning and patch management.

• Manage Castle Fintech’s ongoing cyber commitments to the business and help deliver operational security control measures, risk & governance frameworks and Info Sec principles and standards.
• Help identify emerging security threats, risks and vulnerabilities to ensure appropriate countermeasures and risk mitigations are identified, prioritised and implemented through our cyber detection technologies and governance frameworks.
• Provide Cyber Security subject matter expertise across Castle internal stakeholders to ensure the confidentiality, integrity and availability of systems, data and information assets, while working closely with our information security partners to maintain an ahead of the curve approach to industry technologies and threats.
• Identify and remove impediments faced by the team by working collaboratively with stakeholders to proactively manage any risks, issues or delays.
• To deliver the Info Sec technology roadmap into the business, ensuring our regulatory obligations are met in line with industry best practice.
• To help shape and inform ongoing cyber security strategy in an ever-changing digital landscape.
• To manage and oversee an appropriate programme of vulnerability and patch management to maintain an informed understanding of our technical control measures.
• Define and review key security performance indicators that ensure service delivery and service improvements.
• Develop and create reports for management updates and escalations using key program performance metrics.
• Work closely with outsourced SOC.
• Ensure information and security data is continuously collected, correlated and analysed to detect external and internal threats and vulnerabilities to our services.

• Good working knowledge of AWS security services and implementations, e.g. Security Hub, Control Tower, Organizations, SCPs, IAM entities and policies, Account lockdown and AI/ML tools like Macie and Guard Duty.
• You will also understand and maintain security compliance requirements e.g. DPA, GDPR, PCI DSS, SOC1, SOC2 and ISO
  27001.
• To have a personal and corporate awareness of current Information Security Issues, e.g. emerging vulnerabilities and zero-day exploits, and to identify appropriate risk mitigation counter-measures.
• Understanding of risk assessment methodologies and the ability to identify, assess, and prioritize security risks to the organization.
• Managing third party suppliers including SOC providers.
• The ability to work with teams and stakeholders across Castle to promote and facilitate security best practise.
• Excellent communication skills to effectively convey complex technical information to non-technical stakeholders, executives, and employees. This includes writing reports, creating policies, and conducting security training.
• Ability to analyse complex problems, troubleshoot security incidents, and develop effective solutions to mitigate security risks.