Information Security Lead

About VFX

VFX is a fast-growing FinTech simplifying global trading and cash management for businesses worldwide. We remove complexity so clients can transact globally with confidence. Our tailored, secure, and efficient solutions span FX and international payments, multi-currency accounts, and integrations that make global operations effortless.

With six offices, five regulatory licences, and an 83% CAGR over the past three years, we’re scaling fast and earning industry recognition along the way - including CNBC UK's Top Fintech Companies for 2025, Wealth & Finance FinTech Awards 2025, and the Business Growth Award from Business Awards UK. Behind it all is a team of ambitious VFXers who think like founders, never stop learning, and go the extra mile to help our clients succeed.

About the Role

The Information Security Lead will take ownership of VFX’s security governance, risk management, and operational resilience, ensuring compliance with frameworks, such as DORA/Ops Res. You’ll oversee vulnerability management, SOC operations (whether internal or outsourced), vendor security, and regulatory readiness.

A key part of the role will be implementing Microsoft Sentinel as the SIEM platform and managing SOC operations day to day. You’ll also support data security, resilience planning, secure development practices, and provide board-level infosec reporting. Experience with ISO 27001 and SOC 2 is highly desirable.

Location

This role can be based in either the UK or Portugal. We’re open to fully remote candidates in both locations, though you’re also welcome to work from our offices in London or Portimão.

Key Responsibilities

Governance & Risk Oversight

• Define and enforce security governance policies across Azure and enterprise systems.
• Maintain and update the IT risk register, ensuring risks are tracked, prioritized, and mitigated.
• Drive compliance with DORA, GDPR, and fintech regulatory obligations.
• Contribute to initiatives for ISO 27001 and SOC 2 readiness.
• Provide regular reporting to leadership and the board on security posture, KPIs, and risk trends

Security Operations & Incident Response

• Implement and configure Microsoft Sentinel as the company’s SIEM.
• Manage the SOC function (whether internal or delivered by a vendor), ensuring SLA compliance and effective detection/response.
• Act as the internal escalation point for SOC alerts and incidents.
• Lead incident response planning, post-mortems, and resilience testing.
• Collaborate with Infrastructure team on business continuity and disaster recovery (BCP/DR) from a security perspective.

Vulnerability & Attack Surface Management

• Lead the vulnerability management lifecycle, coordinating remediation with Infra/Dev teams.
• Oversee attack surface monitoring, penetration testing, and red team activities.
• Ensure vulnerabilities are prioritized based on business risk.

Data Security & Privacy

• Oversee data security strategy, including classification, encryption, retention, and privacy-by-design.
• Ensure compliance with data protection laws (GDPR) and industry standards (PCI DSS).

Vendor & Third-Party Security

• Manage relationships with SOC providers, penetration testers, and auditors.
• Conduct third-party risk assessments and due diligence on critical vendors.

Security Awareness & Culture

• Champion DevSecOps practices, including code scanning, pipeline security, and secure design reviews.
• Run security awareness programs and phishing simulations across the company.
• Act as the security point of contact for regulators, auditors, investors, and key clients.

Candidate Profile

Qualifications & Experience

• 5+ years in IT Security, Cybersecurity, or Risk Management roles.
• Strong knowledge of Azure security governance and controls (in partnership with Cloud Architect).
• Hands-on experience with SIEM implementation (Microsoft Sentinel preferred).
• Experience with SOC operations (internal or vendor-managed).
• Knowledge of vulnerability management, incident response, and risk frameworks.
• Familiarity with DORA, GDPR, and fintech regulatory frameworks.
• ISO 27001 and SOC 2 experience preferable (certification, audit prep, or implementation).

Soft Skills

• Strong communicator, able to govern SOC vendors or lead internal SOC teams.
• Pragmatic, risk-based decision maker with business alignment.
• Calm, structured, and decisive in incident response situations.
• Ability to engage business leaders, regulators, and external partners effectively.

Benefits at VFX

We offer more than just perks — we offer ownership.

Our benefits include:

• Generous Profit Share Plan (PSP)
• Equity via the Company Share Option Plan (CSOP)
• Competitive salary
• Annual all-expenses paid company incentive trip abroad
• Flexible learning & development budget

PSP & CSOP Details

At VFX, the biggest benefit is the opportunity to act like an owner. Through our Profit Share Scheme (PSP) and Company Share Option Plan (CSOP), every team member has a chance to own a stake in the business and share in the profits.

To show you what that looks like, in 2024, PSP participants received over $1,000,000 USD. From those distributions, more than 80% of eligible VFXers chose to become shareholders — a powerful reflection of the belief and commitment that drives VFX forward.

If you care about building something meaningful, take pride in your work, and are motivated by impact — you’ll thrive here.