Information Security Risk Specialist
Garanti BBVA International
AzureCloudCyber Security
Information Security Lead
VFX Financial
full-time
Posted on:
Location Type: Remote
Location: Remote • 🇬🇧 United Kingdom
Visit company websiteJob Level
Senior
Tech Stack
AzureCyber Security
About the role
- Define and enforce security governance policies across Azure and enterprise systems
- Maintain and update the IT risk register, ensuring risks are tracked, prioritized, and mitigated
- Drive compliance with DORA, GDPR, and fintech regulatory obligations
- Contribute to initiatives for ISO 27001 and SOC 2 readiness
- Provide regular reporting to leadership and the board on security posture, KPIs, and risk trends
- Implement and configure Microsoft Sentinel as the company’s SIEM
- Manage the SOC function (internal or vendor), ensuring SLA compliance and effective detection/response
- Act as the internal escalation point for SOC alerts and incidents
- Lead incident response planning, post-mortems, and resilience testing
- Collaborate with Infrastructure on business continuity and disaster recovery (BCP/DR) from a security perspective
- Lead the vulnerability management lifecycle and coordinate remediation with Infra/Dev teams
- Oversee attack surface monitoring, penetration testing, and red team activities
- Oversee data security strategy including classification, encryption, retention, and privacy-by-design
- Ensure compliance with data protection laws (GDPR) and industry standards (PCI DSS)
- Manage relationships with SOC providers, penetration testers, and auditors and conduct third-party risk assessments
- Champion DevSecOps practices, run security awareness programs and phishing simulations
- Act as the security point of contact for regulators, auditors, investors, and key clients
Requirements
- 5+ years in IT Security, Cybersecurity, or Risk Management roles
- Strong knowledge of Azure security governance and controls
- Hands-on experience with SIEM implementation (Microsoft Sentinel preferred)
- Experience with SOC operations (internal or vendor-managed)
- Knowledge of vulnerability management, incident response, and risk frameworks
- Familiarity with DORA, GDPR, and fintech regulatory frameworks
- ISO 27001 and SOC 2 experience preferable (certification, audit prep, or implementation)
- Strong communicator able to govern SOC vendors or lead internal SOC teams
- Pragmatic, risk-based decision maker with business alignment
- Calm, structured, and decisive in incident response situations
- Ability to engage business leaders, regulators, and external partners effectively
Benefits
- Generous Profit Share Plan (PSP)
- Equity via the Company Share Option Plan (CSOP)
- Competitive salary
- Annual all-expenses paid company incentive trip abroad
- Flexible learning & development budget
- Opportunity to act like an owner through PSP & CSOP
ATS Keywords
Tip: use these terms in your resume and cover letter to boost ATS matches.
Hard skills
Azure security governanceSIEM implementationvulnerability managementincident responserisk managementpenetration testingdata security strategyattack surface monitoringencryptionprivacy-by-design
Soft skills
strong communicatorpragmatic decision makercalm in incident responsestructured approachdecisiveability to engage stakeholdersleadershipcollaborationrisk-based decision makingsecurity awareness
Certifications
ISO 27001SOC 2
