Key skills
AzureCloudCyber SecurityAILeadershipRisk ManagementCommunicationCloud Security
About this role
Role Overview
- Owning and delivering Moneybox’s information security strategy, roadmap and operating model.
- Leading the ongoing development of Moneybox’s Information Security Programme, using NIST CSF as the practical risk-management framework while aligning with ISO 27001 for governance, control maturity and assurance.
- Reducing real security risk across Moneybox’s technology estate, people processes, suppliers and products.
- Building a small, effective and high-leverage security function that uses technology, automation and AI to scale its impact.
- Providing clear, practical security leadership to senior stakeholders, including regular reporting on security posture, risks, incidents and priorities.
- Making proportionate, risk-based decisions that support business growth while protecting customers and the organisation.
- Developing, maintaining and embedding practical information security policies, standards and procedures.
- Leading security awareness and training programmes that improve behaviours and strengthen Moneybox’s security culture.
- Owning Moneybox’s security incident response framework, ensuring the business is prepared to identify, contain, respond to and recover from security incidents effectively.
- Overseeing vulnerability management, including scanning, remediation, patching and risk-based prioritisation.
- Leading third-party security risk management for key vendors, partners and technology providers.
- Defining and tracking security metrics that focus on risk reduction and meaningful outcomes, not vanity reporting.
- Partnering with Engineering and Product teams to ensure security is built into systems, services and ways of working.
- Monitoring emerging threats, regulatory expectations and industry practice, then applying them pragmatically to Moneybox’s environment.
- Continuously improving the security function without adding unnecessary complexity or bureaucracy.
Requirements
- Proven experience leading or significantly contributing to an information security function.
- Strong working knowledge of risk-based security management and the NIST Cyber Security Framework.
- Experience developing and delivering information security strategy, roadmaps, policies and controls.
- Practical knowledge of security technologies and business systems, including identity and access management, SIEM, endpoint security, cloud security, vulnerability management and remote working technologies.
- Experience using technology, automation or AI to improve security outcomes or operational efficiency.
- Experience managing security risk in cloud-based environments, ideally including Azure.
- Strong understanding of third-party security risk management.
- Experience with incident response planning, testing and improvement.
- Experience reporting security risks, controls and metrics to senior management.
- Strong communication skills, with the ability to translate technical security issues into clear business risks, recommendations and trade-offs for senior stakeholders.
- Good understanding of financial services security, risk and regulatory expectations.
- Demonstrated leadership skills with the ability to influence, collaborate and drive change across teams.
- Excellent written and spoken English.
- Relevant professional certifications such as CISSP, CISM or CRISC are desirable, but practical judgement and delivery experience matter more.
Tech Stack
- Azure
- Cloud
- Cyber Security
Benefits
- Opportunity to join a fast-growing, award-winning and super ambitious company
- Work with a friendly team of highly motivated individuals
- Be in an environment where you are listened to and can actually have an impact
- Thriving collaborative and inclusive company culture
- Competitive remuneration package
- Company pension scheme
- Company bonus scheme
- Hybrid working environment
- Home office furniture allowance
- Personal Annual Learning and Development budget
- Private Medical Insurance
- Health Cash Plan (cashback on visits to the dentist & opticians etc)
- Cycle to work scheme
- Wellhub subscription to a variety of gyms and wellbeing apps
- Enhanced parental pay & leave
- 25 days holiday + bank holidays with additional days added with length of service.