Berater:in in der Informationssicherheit für Management - Beratung bei UIMC Dr. Voßbein GmbH. Aufbau von ISMS, Audits und Schulungen für Kunden in Deutschland.
About the role
- CISO managing the information security program at Sokin, a B2B financial services provider. Leading strategy, compliance, and security operations across global operations.
Responsibilities
- Define and execute the enterprise information security strategy aligned with business objectives
- Establish and maintain the Information Security Management System (ISMS) to support constant certification readiness with PCI DSS, ISO 27001 and SOC2
- Own security policies, standards, and procedures across the organisation
- Report to the Board and senior leadership on security posture, risk exposure and programme maturity
- Manage security budget and resource allocation
- Lead enterprise security risk assessments and maintain the infosec item on the risk register
- Ensure compliance with FCA operational resilience requirements and SYSC guidelines
- Maintain PCI-DSS Level 1 compliance across payment processing infrastructure
- Oversee GDPR, UK Data Protection Act, and international privacy compliance
- Manage relationships with external auditors, penetration testers, and regulatory bodies
- Lead third-party vendor security assessments and due diligence
- Build and lead the Security Operations Centre (SOC) function
- Establish incident response capabilities and lead major security incident management
- Implement and manage SIEM, EDR, vulnerability management, and threat intelligence platforms
- Oversee identity and access management (IAM) strategy and privileged access management (PAM)
- Drive security monitoring and alerting across cloud and on-premise infrastructure
- Embed security into the SDLC through secure development practices and DevSecOps
- Lead application security programme including SAST, DAST, SCA, and code review processes
- Secure AWS cloud infrastructure using native and third-party security tooling
- Ensure secure API design and implementation for payment integrations
- Manage secrets management, encryption standards, and key management practices
- Own business continuity and disaster recovery planning from a security perspective
- Lead security aspects of operational resilience testing and scenario planning
- Ensure adequate backup, recovery, and failover capabilities for critical systems
- Build security awareness programme including phishing simulations and training
- Foster a security-conscious culture across engineering, product, and business teams
- Recruit, develop, and retain security talent
Requirements
- 10+ years in information security with 5+ years in senior security leadership roles
- Experience in regulated financial services (payments, banking, or fintech)
- Track record of building and leading security teams in scale-up environments
- Experience with FCA regulation, PCI-DSS compliance, and financial services audits
- Hands-on experience with security incident response and crisis management
- Deep knowledge of AWS security services (GuardDuty, Security Hub, WAF, KMS, CloudTrail, Config)
- Experience with containerised environments (EKS/Kubernetes) and serverless security
- Strong understanding of network security, zero trust architecture, and micro-segmentation
- Proficiency with SIEM platforms (Splunk, Datadog Security, or equivalent)
- Knowledge of application security tools: Wiz, SonarQube, Burp Suite, OWASP ZAP
- Experience with IAM solutions (Auth0, Azure AD) and PAM tools (CyberArk, ConductorOne, Hashicorp)
- Understanding of cryptographic standards, HSMs, and payment security (tokenisation, encryption)
- Familiarity with infrastructure-as-code security (Terraform, CloudFormation)
Benefits
- Competitive salary and equity participation
- Hybrid working with flexibility
- Private healthcare
- Pension contribution
- Professional development budget
Job title
Job type
Experience level
Salary
Not specified
Degree requirement
Tech skills
Location requirements
Security Intern providing support and administrative duties for the Global Security Services team at RTX. Collaborating on security projects and drafting documentation at a leading aerospace and defense company.
Senior Safety Technician conducting inspections and managing safety measures for ISA ENERGIA BRASIL. Collaborating with internal teams to ensure compliance with safety regulations and improve practices.
Cybersecurity Engineer responsible for designing and implementing security solutions at NTT DATA Romania. Collaborating with international teams and ensuring robust security architectures across projects.
Cyber Security Manager leading end - to - end cybersecurity services and operations across the region. Ensuring quality delivery and managing a multidisciplinary cybersecurity team.
Cybersecurity Infrastructure Monitoring Engineer designing and improving security solutions at NTT DATA Romania. Managing cloud infrastructure and collaborating with international teams to deliver robust security architectures.
Information Security Engineer working collaboratively to ensure the protection of IT environments. Critical role focusing on threat identification, incident response, and security operations.
Administrative Business Partner supporting leaders within Security function at Palantir Technologies. Managing diverse responsibilities to enhance productivity and support leadership teams.
Providing security consultancy to technical and business stakeholders at Trendyol Tech. Driving improvements in security practices while assessing new projects and establishing security standards.
Administrative Business Partner supporting leadership within Palantir’s Security function. Providing comprehensive administrative support while handling confidential matters in a fast - paced environment.