Information Security Manager

As the senior security leader in the business, you will be responsible for providing the vision, strategy, and execution for all aspects of security and data protection.

This is a high-impact role where you will be the go-to expert for our teams, clients, and partners, ensuring our cutting-edge platform remains secure, compliant, and resilient against emerging threats. You will report directly to senior management and play a key part in our continued growth and success.

Key responsibilities

• Lead and maintain our ISO 27001 certified Information Security Management System (ISMS), driving a culture of continuous improvement.
• Own and manage our annual PCI-DSS v4.0 assessment, acting as the primary point of contact for our QSA.
• Develop and execute the security roadmap, evaluating and implementing new tools and technologies to enhance our security posture (e.g., WAF, Cloud Security Posture Management).
• Oversee our comprehensive vulnerability management program, including managing third-party penetration tests and interpreting results from vulnerability scanning.
• Own and enhance our third-party supplier security due diligence program.
• Develop, review, and maintain our suite of security policies, procedures, and our Disaster Recovery and Business Continuity plans.
• Act as the primary security subject matter expert for prospective clients, auditors, and internal teams.
• Provide leadership and technical guidance on the security of our modern, cloud-native environment, built on Google Cloud Platform (GCP) and Kubernetes (GKE).

Your skills & experience include

Essential

• Proven experience in a senior information security role (e.g., InfoSec Manager, Senior InfoSec Analyst).
• Deep, practical expertise in developing, implementing, and managing an ISO 27001 certified ISMS.
• Expert-level knowledge and hands-on experience leading assessments against the PCI DSS v4.0 standard, preferably for a cloud-native service provider.
• A strong, fundamental understanding of modern cloud security principles and architectures.
• Excellent communication skills, with the ability to articulate complex security concepts to technical teams, senior management, and clients with clarity and confidence.

Desirable

• Hands-on experience securing GCP environments is highly desirable.
• Practical knowledge of container security and orchestrators like GKE.
• Experience working in a fast-paced FinTech or SaaS environment.
• Relevant industry certifications (e.g., CISSP, CISM, CISA, or a GCP Security certification).

Why work with Flexys?

Flexys is an award-winning fintech that is revolutionising the credit and collections industry. Our modern, cloud-native platform helps our clients to "collect more, faster" by providing intelligent, data-driven, and customer-centric solutions. We are a technology-first company with a collaborative culture, building a market-leading platform on a modern, scalable tech stack.

Flexys are an equal opportunities employer and believe that diversity enhances our culture and our products.

Our culture is underpinned by our five core values: 

• We are fearless: We are not afraid to challenge the status quo and we are courageous in our ambition. 
• We always seek to innovate: We apply new ideas, fresh thinking and decades of subject matter expertise to deliver better client outcomes.
• We demonstrate integrity: We do the right thing and evidence this by being self-critical, open and transparent.
• We are passionate: We care about what we do and are dedicated to delivering great outcomes. 
• We are committed to client success: We have a relentless focus on excellence and always strive to exceed expectations. 

‍

If this sounds like you, we want to hear from you.

‍

Interested? Get in touch at careers@flexys.com

‍

We do not require help from recruitment agencies or individuals at this time, thank you.

‍