ISX Financial is a leading financial technology company that provides secure and efficient payment solutions. We are looking for talented individuals to join our team and hel...
ISX Financial is a leading financial technology company that provides secure and efficient payment solutions. We are looking for talented individuals to join our team and help us continue to innovate in the fintech industry.
ISX Financial UK Ltd is a UK FCA Authorised eMoney Institution (under the Electronic Money Regulations 2011, Firm Reference 901034, for the issuing of electronic money) that provides transactional banking solutions and also multi-currency online payment solutions to businesses around the world. ISX Financial UK Ltd is a wholly owned subsidiary of Xryma Plc and operates independently of its parent.
Join us and be part of a team that is committed to delivering exceptional customer service and innovative solutions shaping the future of finance.
The Role
We are looking for an experienced and hands-on Head of Cyber Security to lead our cyber security function within a fast-growing, FCA-regulated fintech environment. You will be responsible for defining and delivering our cyber security strategy, protecting critical business services, and ensuring our security posture supports both business growth and regulatory compliance.
You are required to combine strong technical expertise with proven leadership, governance, and stakeholder management skills, enabling you to translate cyber risk into business decisions while fostering a security-first culture across the organisation. You will work closely with IT, Engineering, DevOps, Product Management and Risk teams to ensure cyber security is embedded into every stage of technology delivery and business operations.
This is a hands-on leadership role, requiring a strategic thinker who remains technically credible and actively engaged in solving complex security challenges alongside their team. This role offers an excellent opportunity to shape and mature the cyber security capability within a growing FCA-regulated fintech business, while making a significant contribution to the organisations’ long-term success.
Key Responsibilities
- Developing, implementing and continually improving the organisation’s cyber security strategy, roadmap and governance framework.
- Maintaining compliance with FCA regulatory expectations and international security standards including PCI DSS, ISO 27001, DORA, PSD2, NIST and CIS Controls.
- Building and maintaining an effective cyber security governance framework, including policies, standards, risk management processes and security metrics.
- Leading enterprise cyber risk management, maintaining security risk registers, assessing emerging threats, and providing regular reporting to senior leadership and Board committees.
- Protecting sensitive customer and business data by implementing effective identity, access management and data protection controls.
- Leading the design and implementation of secure cloud, infrastructure and application architectures in partnership with Engineering, DevOps, Product and Infrastructure teams.
- Embedding security throughout the software development lifecycle by implementing secure-by-design principles, threat modelling, code security, automated testing and DevSecOps practices.
- Leading cyber incident response, crisis management, threat intelligence, vulnerability management and continuous security monitoring activities.
- Driving operational resilience initiatives, including Business Continuity, Disaster Recovery planning, cyber resilience testing and tabletop exercises.
- Managing third-party cyber risk, supplier assurance and security due diligence for strategic technology partners.
- Defining meaningful security KPIs and KRIs, reporting organisational cyber risk and security performance to executive leadership and Board stakeholders.
- Managing relationships with regulators, auditors, certification bodies and external security partners.
- Leading, mentoring and developing the cyber security team while fostering a strong security culture across the organisation.
- Acting as the organisations’ trusted cyber security advisor, contributing to business informed decisions.
Essential Requirements
- Minimum 8 years' experience in cyber security, with at least 3–5 years leading cyber security teams within financial services, fintech, payments, banking or another highly regulated environment.
- Demonstrable experience working within an FCA-regulated organization or a similarly regulated financial services environment, with a strong understanding of regulatory expectations, operational resilience and cyber risk management.
- Proven experience developing and delivering a cyber security strategy aligned to business objectives, regulatory requirements and industry best practice.
- Experience implementing and maintaining cyber security governance frameworks, policies, standards, procedures and security roadmaps.
- Experience managing security programs aligned to recognized frameworks such as PCI DSS, ISO 27001, NIST CSF, CIS Controls, SOC 2, DORA, PSD2 and SWIFT CSCF (where applicable).
· Experience leading regulatory, customer and certification audits, including managing relationships with regulators, external auditors and internal audit functions.
· Excellent knowledge of English - verbal and written communication skills.
Nice-to-have Requirements
- Strong understanding of secure software development, DevSecOps and application security, including secure SDLC, CI/CD security, SAST, DAST, Software Composition Analysis (SCA), container security, API security and threat modelling.
- Strong technical knowledge of Identity and Access Management (IAM), Identity Providers (IdP), Single Sign-On (SSO), Privileged Access Management (PAM), Conditional Access and Zero Trust security principles.
- Experience implementing and optimising enterprise security technologies including SIEM, EDR/XDR, vulnerability management, endpoint protection, cloud security tooling, security monitoring and threat intelligence platforms.
- Strong understanding of cyber threat frameworks including MITRE ATT&CK, Cyber Kill Chain and the evolving cyber threat landscape affecting financial institutions.
- Experience managing third-party and supplier cyber security risk, including due diligence, security assessments and ongoing assurance activities.
- Demonstrated ability to recruit, mentor and develop high-performing cyber security teams while promoting collaboration across Technology, Product and Business functions.
- Excellent communication skills with the ability to present technical concepts, security risks and strategic recommendations to executive leadership, Board members and non-technical stakeholders.
*****
All applications will be treated with the strictest confidence. Personal information provided by applicants will be used solely for recruitment and selection purposes and will be handled in accordance with applicable data protection and privacy laws.
Due to the high volume of applications received, only shortlisted candidates will be contacted.
To find out more about how we process your data, please read our privacy policy (Privacy Notice & Disclosure section) at
https://www.isx.financial/legalprivacyeu#:~:text=Privacy%20Notice%20%26%20Disclosure
Please note that our company works with recruitment agencies on a pre-approved basis only. A recruitment agency that wishes to submit candidate profiles or resumes for consideration must obtain prior written consent from our HR team.
We do not accept unsolicited resumes from recruitment agencies, and we will not be responsible for any fees related to unsolicited CVs.