About Salary Finance
Salary Finance is a leading global FinTech platform. We support a community of 4M employees across 575 clients (inc 20% of the FTSE 100) in the UK and US, and provide a suite of financial employee benefits, to help employees improve their financial health and happiness. Our platform provides salary-linked savings, loans, pay advances, insurance and financial education. We have a team of 200 brilliant and passionate colleagues in 3 countries and have the backing of great investors (Blenheim Chalcot, Legal & General, Experian, Goldman Sachs, Royal London, Virgin Money) with £100M in equity and £500M in debt funding raised to-date. We have won over 70 awards for our work, including MoneyAge's Consumer Champion of the Year, Prince Charles' BITC Responsible Business of the Year, and the Global Impact Award from Sadiq Khan for our US growth.
We were co-founded by entrepreneurs Asesh Sarkar (CEO), Daniel Shakhani, and former Head of Google UK and Ireland Dan Cobley (Chairman) and are authorised by the FCA.
Your role in our mission
We’re looking for an established, proactive, and hard-working Cybersecurity Specialist. Reporting to the Head of Information Security you’ll be part of the Information Security & Data Protection Team working across all areas of the business in this very important role. You will have responsibility for the successful selection, implementation, management, and monitoring of numerous systems and processes. The role will suit someone who enjoys being in technical detail but also has excellent written and verbal communication skills in order to persuade and lead initiatives effectively. You will have worked as an internal cybersecurity person or a cybersecurity consultant for at least the last three years.
Who you are
We embrace our differences but there’s one thing we like to share, our values, so it’s important to us you are:
- fearless, and able to make the impossible possible.
- responsible, and want to help build a business that delivers a meaningful difference to society.
- dedicated and want to commit to an exciting journey even through the highs and lows.
- empathetic and truly care about every colleague and customer.
- united, because you understand we achieve more when we work as a team.
- humble, and take feedback as a way to continuously improve.
- You have experience working as part of an information security team in a commercial environment and are educated to degree level (computer science-related field).
- You have an in-depth technical knowledge of various systems and services across IT and security and are able to pick up and run with new systems very easily.
- You are a logical thinker with a proactive approach to work, you are a tech person at heart with an appreciation of all areas of information security, not only cybersecurity.
- You have practical hands-on experience working with AWS but also with DevOps and IT Teams in implementing security systems, controls, and monitoring and managing security alerts.
- You have practical experience in administering, monitoring, and reporting on system and networking controls; firewalls, IPS, endpoint protection, IAM, DLP, CASB, web filtering, MFA, WAF, SACLs, SIEM, log stores, cloud storage, remote access/VPN etc.
- You have experience in configuring, managing and reporting against multiple disparate systems and have also brought them together under one SIEM as part of an information security strategy.
What you’ll do
- Take ownership of existing cybersecurity systems and assess, configure, improve and manage them in line with the changing environment and requirements. Including procedure creation and training handovers (where necessary).
- Configure for continuous improvement of the data leakage prevention, vulnerability management, anti-malware, patching, context-aware, and single sign-on initiatives aligning to ISMS policy.
- Lead Cybersecurity projects - define, roadmap, implement and regularly report the status, blockers, successes and failures along the timeline of the projects.
- Research and author a set of security reference architecture documents for the secure development of new products and services. Communicate to and work with the Product Engineering and DevOps Teams to uphold the reference requirements.
- Perform vulnerability, endpoint, and configuration management scans - assess, communicate and manage the results through to remediation. Maintaining the usability and effectiveness of these systems at all times.
- Build adequate reporting across all systems pulling together key metrics to be reported to the Head of Information Security & Data Protection as well as the wider business.
- Lead annual and ad-hoc third-party penetration testing engagements - support the Product Engineering Team to review and communicate weaknesses and vulnerabilities leading to remediation and reporting.
- Review and lead on security incident response management and procedures, including evaluating and reporting on the business impact of security threat trends.
- Actively monitor multiple systems, services, and incident reports to separate the signals from the noise. Build a business case for automated or manned 24/7 SOC with third-party and/or off-shore assistance.
- Perform threat modelling and document the risks and mitigations, systems, and controls.
- Work with the Information Security Officer to document key security non-conformities leading to improved security configuration controls, resilience, and maintenance procedures.
- Assist in the management and update of information security policy (ISMS) where it relates to new standards, best practices, compliance and regulatory requirements in cybersecurity.
- Play an active role in risk management, working with the risk and compliance articulate and assist in documenting cybersecurity risks on the enterprise risk register.
- Use your technical expertise and experience to input into the Salary Finance Information Security Strategy.
- You have previous experience with the NIST Cybersecurity Framework
- You have experience using Google Workspace (formally G Suite), JIRA, Confluence and Lucidchart.
- You have experience configuring and managing Google Workspace Admin, Netskope, ESET Cloud, ManageEngine Desktop Central, JumpCloud SSO.
- You have implemented and managed the CIS Benchmarks for CIS Amazon Web Services
- You hold one (or more) security qualifications and memberships (e.g. CISSP, CISA, AWS Security Specialist, Security+, etc.)
- Experience with ISO 27001/2, within a certified environment or as an auditor.
- Have previous experience in providing assistance in CI/CD security tooling - code scanning, build vuln. scanning, code coverage, deployment orchestration, automation, and automated security configuration management.
- You have a masters degree (MSc) in a Cyber or Information Security related domain.
What’s in it for you?
- Competitive salary
- Company bonus scheme
- Regular company socials
- Fast-growing environment
- Career development
- Generous company benefits including a pension scheme, health and life assurance, 25 days holiday, an extra day off on your birthday, subsidised onsite cafe, complimentary team breakfast every Tuesday, complimentary fresh fruit, cycle to work scheme, gym discount (with PMI), childcare benefits, and many other perks!
We’re looking for people that will get stuck in and make a difference. We have a great collaborative, entrepreneurial team that are passionate about what they do. If you want to join a team that is changing people’s lives for the better then we’d love to hear from you.
Learn more at salaryfinance.com
Salary Finance is proud to be an equal opportunities employer. We celebrate diversity and are committed to creating an inclusive work environment where all employees and applicants can flourish.