Information Security Manager

Crown Agents Bank is a vastly growing and regulated UK bank that connects emerging and frontier markets to the rest of the world, using FX and payments technology. We are transforming the way payments and FX move through emerging markets, reducing friction so that more money gets to those who need it. Emerging markets payments are usually challenging, expensive, unreliable and opaque. Our solutions help fix these pain points. Ultimately, we connect traditionally hard-to-reach regions to global financial infrastructure, giving access to the best prices and the fastest, most reliable settlement.

FX and cross-border payments are often complex and expensive, especially when operating in emerging markets. Crown Agents Bank (CAB) wraps its deep and trusted relationships and strength of network around innovative digital capabilities, and cross-border transaction banking solutions to enable fintech, corporates, governments, development organisations and banks to move money to, from, and across often hard-to-reach markets.

The Information Security Manager will play a crucial role in protecting the confidentiality, integrity, and availability of our systems and data. You'll work across the business to support secure delivery of projects, conduct thorough risk assessments, oversee third-party security engagements, and contribute to shaping our evolving security posture.

This is a hands-on role ideal for someone who enjoys both strategic thinking and rolling up their sleeves to get things done.

1. Advise and support project teams to embed security best practices throughout the project lifecycle.
2. Scope, manage, and track remediation of penetration testing and vulnerability assessments.
3. Maintain application security processes, standards and guidelines. Translate application security policies into security requirements.
4. Conduct and document security risk assessments on changes, threats, vulnerabilities, and new initiatives.
5. Perform third-party vendor risk assessments and ongoing security reviews.
6. Assist in identifying and assessing new security technologies and vendors.
7. Lead or support the response to security incidents, including investigation, containment, root cause analysis, and reporting. Work with internal teams to continuously improve incident response processes.
8. Support compliance and alignment with ISO 27001, Cyber Essentials, SWIFT, NIST and other relevant frameworks.
9. Communicate effectively with various stakeholders including engineers, product managers, operations team, senior management, and auditors about the information security posture, risks, and mitigation strategies.

• Bachelor's degree or higher in Computer Science or equivalent.
• CISSP certification required; additional certifications (e.g. CEH, OSCP, AWS Security) are a plus.

Experience:

• Minimum of 8 years' experience in information security roles, ideally in the financial sector.
• Experience working with ISO 27001, Cyber Essentials, and preferably NIST CSF, SOC 2, or SWIFT frameworks.
• Strong understanding of security in the context of software development and application security (OWASP, SDLC, DevSecOps).
• Hands-on, pragmatic approach with the ability to operate in a lean, fast-paced environment.
• Excellent communication skills, with the ability to engage both technical and non-technical stakeholders.
• Innovative mindset with a passion for staying current in the ever-evolving cyber landscape.
• Experience working in or with regulated financial institutions is desirable.

• Contributory personal pension plan: - Minimum: Employee 2% and Employer 7%. Employer matches contributions in 1% increments to a maximum of: Employee 5% and Employer 10%
• Life Assurance – 4 times annual salary
• Group Income Protection
• Private Medical Insurance – this may include cover for partner and or children at company cost. Cover includes Optical, Dental and Audiology