Information & Cyber Security Lead, Autumn - SC Ventures
is a digital wealth, health and lifestyle solution. As an independent and bank agnostic platform, Autumn offers customers the best-in-class products in the marketplace. Our vision is to make a meaningful retirement accessible to more people. We harness the power of technology to integrate wellness with wealth management, making it easier for everyone to achieve their life goals. The Role Responsibilities
Our Ideal Candidate
- Direct the design of 1st line of defence in managing information & cyber security risk, encompassing the areas of strategy, governance, business engagement, policy, risk assessment, and awareness
- Partner with SCVentures CISO and Information and Cyber Security Specialists to implement 1st line controls in managing information & cyber security risk
- As a specialist in the governance of Information and Cyber Security Risk Management, build and maintain a strong risk control framework within a fast-paced fintech environment but with bank level governance
- Design, implement, and monitor healthy 1st line controls for technology whilst upholding the integrity of technology and operational risk within risk appetite
- Provide focal point of managing information and cyber security risk in the venture, including the design of effective controls and the systematic monitoring of risks
- Solid experience in information security and risk management for 6+ years
- Have implementation experience of compliance frameworks and controls like ISO 27001, CIS Benchmarks.
- Working experience in managing M365 Security viz. Experience in analysing malicious email attachments, spam emails, phishing emails, managing DLP, Azure AD, MS Intune, setting up MAM, MDM policies.
- Good in implementing : ZScaler Proxy, CASB, Device Trust, VDI Infra and containers.
- Should have experience in managing Windows and Mac workstations along with Linux servers.
- Should have experience in handling vulnerability detection tools like Qualys, Snyk.
- Good to have experience in DevSecOps, Github, AWS Security, Microservices Implementation, AWS SES, AWS Fargate.
- Experience in governance, risk management, or operational risk
- Experience in the three lines of defence risk model
- Ability to understand and overcome the differences in the risk management of an agile fintech compared to a traditional bank
- A respectful and balanced attitude towards both risk management and business development
- Excellent communication and organisational skills
- Certifications in the following areas are desirable, though not mandatory: Certified Information Systems Auditor (CISA); Certified Information Systems Security Professional (CISSP); or other equivalent qualification