We’re partnering with a growing technology company in the financial services sector that is building modern, cloud-native platforms used by enterprise clients. As the company continues to scale, they are looking for an Information Security Manager to take ownership of their security and compliance function and help shape the next phase of their security maturity.
This is a high-impact role with real ownership. You won’t just be maintaining a program - you’ll be improving it, shaping it, and acting as the go-to person for security across the business. The role combines leadership, hands-on technical work, and regular interaction with clients and auditors, so it suits someone who enjoys operating across both technical and business environments.
What You’ll Be Doing
- Owning and running the company’s SOC 2 program and broader security compliance initiatives
- Developing and improving security policies, controls, and governance frameworks (SOC 2, ISO 27001, NIST)
- Managing and responding to security alerts, vulnerabilities, and incidents
- Overseeing cloud and infrastructure security across AWS and Kubernetes environments
- Leading identity and access management, including access reviews and privileged access controls
- Coordinating penetration testing, risk assessments, and remediation programs
- Managing business continuity and disaster recovery planning and testing
- Acting as the main point of contact for client security questionnaires, audits, and security discussions
- Conducting vendor security reviews and managing third-party risk
- Reporting on security posture, risk, and ongoing improvements to leadership
- Supporting security for AI/ML systems and data pipelines, including model security, data protection, and access controls
- Around 6 years of experience in Information Security with strong hands-on technical experience
- Experience running SOC 2 in a real production environment
- Strong cloud security experience, particularly in AWS (GCP is a plus)
- Experience working with Kubernetes and modern cloud infrastructure
- Experience with EDR/XDR tools such as CrowdStrike (or similar)
- Familiarity with SOC 2, ISO 27001, and NIST frameworks
- Experience securing data, APIs, and AI/ML systems is a strong plus
- Experience working in regulated environments such as financial services, fintech, or SaaS
- Ability to communicate with both technical teams and non-technical stakeholders, including clients and auditors
- Certifications such as CISSP, CISM, or Security are helpful but not essential
- Fully remote role with a high level of ownership and autonomy
- You’ll own security rather than inherit a rigid program
- You’ll work in a modern cloud-native environment, not legacy infrastructure
- You’ll have direct exposure to clients and leadership
- You’ll be in a role where security is taken seriously and has real visibility
- You’ll be able to make measurable improvements and see the impact of your work
