Wealth Dynamix logo

Information Security Manager - Fintech - Hybrid

Wealth Dynamix
2 days ago
Full-time
On-site
London, London, City of, United Kingdom
Cybersecurity & Compliance

Information Security Manager  - Fintech - Hybrid   


Calling highly motivated, bright candidates who are looking for a career at an exciting award winning FinTech firm!


Company: Wealth Dynamix

Role: Information Security  Manager

Location: London

Start Date: August 2026


Would you like to join one of the fastest growing FinTech firms in Europe? We are looking for an analytical self starter with experience in product focussed software delivery. If you are passionate about digital transformation and keen to learn about delivering the market leading Client Lifecycle Managing solution to the Wealth Management industry,? apply now!


Who are we?


  • Wealth Dynamix helps to relieve the burden client management issues for wealth management and private banking firms with innovative technology.
  • We provide Relationship Managers with a multi-award winning digital Client Lifecycle Management (CLM) platform, offering 360-degree access to their client.
  • We are a global leader in end-to-end CLM, Wealth Dynamix has offices and clients in three continents with headquarters in the UK.


What is the role?


  • The role is accountable for defining, operating and evidencing the information security governance framework. Technology and Engineering teams remain responsible for implementing and operating technical controls, subject to oversight, assurance and challenge from the Information Security function.


Purpose of Role


  • The Information Security Manager owns the company’s information security governance, risk and compliance programme, including the ISMS, client security assurance, security policy framework, incident governance, supplier security assurance, and security reporting. The role works closely with Technology, Product, Operations, Legal and senior leadership to ensure the company’s products, services and operations meet internal, regulatory, contractual and client security expectations.
  • The role provides security input into privacy compliance activities and works with the DPO on UK GDPR and EU GDPR obligations, DPIAs, data protection by design and incident response. The role is not the statutory DPO unless separately appointed.
  • The role reports to the COO and ultimately to the WDX Board.


Responsibilities


ISMS & IS Programme

  • Maintain and continuously improve the Information Security Management System, firmwide information security programme, security policies, certifications and control framework, aligned to ISO 27001, SOC 2, DORA-related customer obligations, applicable financial services expectations and Crédit Agricole Group requirements.
  • Partner with Product, Engineering and Technology teams to embed security into the software development lifecycle, including secure design reviews, threat modelling, secure coding standards, dependency scanning, SAST/DAST tooling, secrets management, application/API penetration testing, vulnerability remediation tracking and release security governance.
  • Support DORA-related client and contractual obligations for EU financial services customers, including ICT risk management evidence, incident response and notification processes, resilience testing, ICT third-party risk controls, subcontractor oversight, exit planning and audit evidence.
  • Provide security governance over cloud and SaaS environments, including identity and access management, logging and monitoring, encryption, key management, backup, tenant segregation, environment segregation, secure configuration and cloud security posture management.
  • Own and test the security incident response framework, including severity classification, escalation, communications, evidence preservation, lessons learned and remediation tracking.
  • Support Legal and Sales teams in reviewing client and supplier contract clauses relating to information security, privacy, audit rights, incident notification, resilience, subcontracting and data protection.


Audit & Budgets

  • Coordinate internal, external, client and certification audits, including audit planning, evidence collection, stakeholder coordination, finding remediation and management reporting.
  • Manage the information security budget, including security tooling, external assurance, certifications, training and specialist advisory support, in line with agreed financial controls.
  • Operate a risk-based third-party security assurance framework covering supplier onboarding, periodic reassessment, critical supplier classification, contractual security controls, subcontractor/sub-processor oversight, supplier incident monitoring and exit arrangements.
  • Own the client security assurance process, including security questionnaires, RFP/RFI responses, client audits, evidence packs, ISO 27001/SOC 2 artefacts, penetration test summaries, contractual security schedules and remediation tracking.


Security Awareness & Planning

  • Plan and maintain the annual security roadmap for the company.
  • Determine whether emerging technology or market trends pose a security risk to the company.
  • Provide quarterly security updates to the Board, including risk posture, material vulnerabilities, incident trends, control maturity and alignment to risk appetite.
  • Provide monthly updates to the Executive Committee on security roadmap delivery, key risks, incidents, audit actions, supplier risks and control performance.
  • Provide security awareness training to employees to help them identify potential threats and understand how to protect themselves from harm.
  • Support the Board and Executive Committee in understanding cyber risk, regulatory expectations, risk appetite, material control gaps and their governance responsibilities.


Others

  • Undertake any such duties required to continuously improve the Company Information Security Management System and set high standards and levels of compliance related to Information Security.
  • Develop and report security KPIs/KRIs, including vulnerability remediation, patch compliance, access review completion, audit action closure, supplier assurance status, incident trends, phishing performance, training completion and control exceptions.
  • Partner with Technology and Operations to maintain and evidence business continuity, disaster recovery and digital operational resilience controls, including dependency mapping, backup/restore testing, RTO/RPO validation, and remediation tracking.


Why should you apply?


  • This is a fantastic opportunity to work in a growing FinTech environment with excellent career progression available.
  • With a global client base the role offers an opportunity to experience a wide variety of digital transformation projects – each with their own unique requirements and opportunities.
  • We take career progression seriously, with investment into the WDX Academy for new and existing employee learning and development.
  • You will learn a lot with exposure to multiple complex client needs.


Who is best suited to this role?


Essential

  • Demonstrable experience owning or materially operating an ISO 27001-aligned or certified ISMS
  • Experience supporting SOC 2, client security assurance, external audits or certification evidence processes.
  • Strong understanding of information security risk management, control assessment, risk treatment and governance reporting.
  • Experience coordinating security incident response governance, including escalation, communications and remediation tracking.
  • Experience operating or improving supplier security assurance and third-party risk processes.
  • Ability to report security risks, control performance and remediation priorities to senior stakeholders, including ExCo or Board-level audiences.
  • Experience in a SaaS, fintech, financial services, regulated technology or B2B enterprise software environment.


Desirable

  • Exposure to DORA, FCA operational resilience, outsourcing/third-party risk or financial services client assurance requirements.
  • Experience with Microsoft Dynamics, Azure security, SaaS platforms or Microsoft cloud security controls.
  • Working knowledge of UK GDPR/EU GDPR and privacy-by-design principles.
  • Familiarity with secure SDLC, application security testing, DevSecOps or product security governance.

 

Qualifications

  • Relevant professional certification such as CISSP, CISM, CISA, CRISC, ISO 27001 Lead Implementer/Lead Auditor or equivalent experience.
  • Degree in cybersecurity, computer science, risk management or a related discipline, or equivalent practical experience.


We believe we offer career defining opportunities and are on a journey that will build awesome memories in a diverse and inclusive culture. If you are looking for more than just a job, get in touch.