Cyber Security Lead

.About Salary Finance

Working with employers, we provide a financial wellbeing platform as an employee benefit, helping employees to understand their money better, get out of debt faster and save for their future. We already have a reach of over 4,000,000 employees through our relationships with over 600 of the biggest companies in the UK. 

By improving employee financial wellbeing, we have a very real and meaningful impact on people’s lives. We remove the stress and worry associated with financial difficulties by dramatically reducing the interest rates employees pay on their personal debt, and provide them with the tools needed to start saving sooner and be more financially secure. We are backed by some of the biggest brands, including investments from Blenheim Chalcot (the UK’s leading venture builder), Legal and General (the FTSE 100 insurer and asset manager), Experian and Goldman Sachs, and funding partnerships with JP Morgan and Virgin Money. 

Launched in 2015, we have made excellent progress, and are scaling fast. We are named BITC’s Responsible Business of Year 2018, included in KPMG’s Global Fintech 100, listed top of the Forbes' list of socially-responsible startups, and profiled by the Financial Times, the Times, the Wall Street Journal, the Guardian, the Telegraph, CityAM and the Institute of Directors. 

Your role in our mission

We’re looking for an established, proactive, and hard-working Cybersecurity Lead.  Reporting to the Head of Information Security & DPO you’ll be part of the Information Security Team working across all areas of the business in this very important role.  You will have responsibility for the successful selection, implementation, management, and monitoring of numerous systems and processes, as well as Security Incident management & response. The role will suit someone who enjoys being in technical detail but also has excellent written and verbal communication skills in order to persuade and lead initiatives effectively.  You will have worked as an internal cybersecurity person or a cybersecurity consultant for at least the last three years.

What you’ll do

• Take ownership of existing cybersecurity systems and assess, configure, improve and manage them in line with the changing environment and requirements. Including procedure creation and training handovers (where necessary).
• Configure for continuous improvement of the data leakage prevention, vulnerability management, anti-malware, patching, context-aware, and single sign-on initiatives aligning to ISMS policy.
• Lead Cybersecurity projects - define, roadmap, implement and regularly report the status, blockers, successes and failures along the timeline of the projects.
• Research and author a set of security reference architecture documents for the secure development of new products and services.  Communicate to and work with the Product Engineering and DevOps Teams to uphold the reference requirements.
• Perform vulnerability, endpoint, and configuration management scans - assess, communicate and manage the results through to remediation. Maintaining the usability and effectiveness of these systems at all times.
• Build adequate reporting across all systems pulling together key metrics to be reported to the Head of Information Security & Data Protection as well as the wider business.
• Develop Information Security procedures and Use Case run books
• Be familiar with the MITRE ATT&CK Framework
• Review and lead on security incident response management and procedures, including evaluating and reporting on the business impact of security threat trends.
• Actively monitor multiple systems, services, and incident reports to separate the signals from the noise.  Continue the rollout of a 24/7 SOC with third-party and off-shore assistance.
• Perform threat modelling and document the risks and mitigations, systems, and controls.
• Work with the Information Security Officer to document key security non-conformities leading to improved security configuration controls, resilience, and maintenance procedures.
• Assist in the management and update of information security policy (ISMS) where it relates to new standards, best practices, compliance and regulatory requirements in cybersecurity.
• Play an active role in risk management, working with the risk and compliance articulate and assist in documenting cybersecurity risks on the enterprise risk register.
• Use your technical expertise and experience to input into the Salary Finance Information Security Strategy.

About you

• You have experience working as part of an information security team in a commercial environment and are educated to degree level (computer science-related field). 
• You have an in-depth technical knowledge of various systems and services across IT and security and are able to pick up and run with new systems very easily.
• You are a logical thinker with a proactive approach to work, you are a tech person at heart with an appreciation of all areas of information security, not only cybersecurity.
• You have practical hands-on experience working with AWS but also with DevOps and IT Teams in implementing security systems, controls, and monitoring and managing security alerts.
• You have experience configuring and managing Qradar, SentinelOne, Google Workspace Admin, Wiz, Netskope, ESET Cloud, ManageEngine Desktop Central, JumpCloud SSO.
• You have practical experience in administering, monitoring, and reporting on system and networking controls; firewalls, IPS, endpoint protection, IAM, RBAC, DLP, CASB, web filtering, MFA, WAF, SACLs, SIEM, log stores, cloud storage, remote access/VPN etc.
• You have experience in configuring, managing and reporting against multiple disparate systems and have also brought them together under one SIEM as part of an information security strategy.

Awesome if

• You have previous experience with the NIST Cybersecurity Framework
• You have experience using Google Workspace (formally G Suite), JIRA, Confluence and Lucidchart.
• You have experience of working with external auditors to demonstrate effectiveness of IT controls.
• You have implemented and managed the CIS Benchmarks for CIS Amazon Web Services
• You hold one (or more) security qualifications and memberships (e.g. CISSP, CISA, AWS Security Specialist, Security+, etc.)
• Experience with ISO 27001/2, within a certified environment or as an auditor.
• Have previous experience in providing assistance in CI/CD security tooling - code scanning, build vuln. scanning, code coverage, deployment orchestration, automation, and automated security configuration management.
• You have a masters degree (MSc) in a Cyber or Information Security related domain.

Who you are

We embrace our differences, but there’s one thing we like to share, which is our values, so it’s important to us that you are:

• Fearless, and able to make the impossible possible.
• Responsible, and want to help build a business that delivers a meaningful difference to society.
• Dedicated and want to commit to an exciting journey even through the highs and lows.
• Empathetic and truly care about every colleague and customer.
• United, because you understand we achieve more when we work as a team.
• Humble, and take feedback as a way to continuously improve.

What do you get for all your hard work?

• Company bonus scheme 💰
• 25 days holiday with an extra day off on your birthday 🎂
• Office first with up to a day a week working from home 🏢
• Generous company benefits to include pension and life assurance and an annual allowance to spend on medical insurance, health cash plan, denplan, gym memberships 🤸
• Enhanced policies that are family and pet friendly, to include company sick pay and peternity leave 🐶
• Great career development in a fast paced environment 🚀
• Regular company socials (post covid, although we've got quite good at virtual ones too!)
• Volunteer days as part of our CSR program 🤝
• More great perks to include weekly snacks, tuckshop, cycle to work, help to save and much more! 🍭

The typical interview process

• Phone call with our Talent Manager - 20 mins
• Video interview with Hiring Manager - 30 mins 
• Case Study to give you a taster of the role - 35 mins 
• In person interview with Hiring Manager, Head of Department, Stakeholder, and / or Team -  60 mins 

We’re looking for people that will get stuck in and make a difference. We have a great collaborative, entrepreneurial team and are passionate about what we do. If you want to join a team that is changing people’s lives for the better then we’d love to hear from you.

Learn more at salaryfinance.com

Salary Finance is proud to be an equal opportunities employer. We celebrate diversity and are committed to creating an inclusive work environment where all employees and applicants can flourish.

If there’s anything we can do to accommodate your specific situation, please let us know.