Cyber Security & Compliance Manager ______

The Cyber Security & Compliance Manager is responsible for day to day management of Calastone’s technical cyber security environment. This hands-on role will have overall responsibility to ensure Calastone is applying the appropriate level of cyber security controls for a leading financial technology business and will work alongside other teams outside of technology to maintain ongoing best practice and compliance.

Key Responsibilities

  • Implement and manage the adherence to Calastone’s cyber security strategy
  • Deal with any security incidents that may arise and work to achieve a positive outcome in the shortest possible timeframe
  • Conduct ongoing security threat, risk, capability and/or maturity assessments
  • Oversee technical solutions to address specific security challenges
  • Conduct research to keep up to date with the latest threats and mitigations
  • Collaborate with third party vendors to ensure we have suitable additional retained specialist resource (e.g. IT forensic analysis; penetration testing; security auditing)


Required Knowledge & Experience

  • Professional information security experience (i.e. operational or consultancy)
  • A good understanding of IT infrastructure fundamentals such as networks, operating systems and databases
  • Any cyber/information security certification (e.g. CISSP, CISA, CISM, GIAC)
  • Experience or understanding of security legislation and regulatory frameworks (e.g. DPA, PCI-DSS, RIPA, PSD)
  • Experience or understanding of security methodologies and industry standards (e.g. ISO27001, NIST, CSA)
  • Knowledge of application security requirements and benchmarks (e.g. OWASP top 10; CWE/SANS top 25)
  • Knowledge of security technologies (e.g. AV, SIEM, IDM, IPS, F/W, SSO, DLP)
  • Knowledge of security assessment frameworks (e.g. threat modelling, controls assessment, risk assessment)
  • Experience working in a financial services organisation or time-critical environment such as manufacturing
  • Understanding of the basic requirements of GDPR and MiFID II would be advantageous 


Person Specification

  • Passionate about evangelising cyber security best practices
  • Understands key business drivers and can inform and influence key stakeholders
  • Always calm and focused under pressure and able to positively direct colleagues and service partners
  • Takes ownership of problems and leads by example, through to root cause identification
  • Highest levels of professionalism, honesty and integrity
  • Clear and precise in written, oral and diagrammatic forms
  • Willing to travel internationally occasionally to meet with remote team members

Experience – 8-10 Years in a cybersecurity management role