About VFX VFX Financial is one of the UK's fastest-growing FinTechs, helping complex organisations move, manage, and protect money across borders.
Built for specialist sectors, multi-jurisdiction structures, and high-compliance environments, we support businesses whose needs go beyond standard banking.
We're selective about who we work with because exceptional service requires focus and commitment.With six international offices, five regulatory licences, and an 83% CAGR over the past three years, we're scaling rapidly and earning industry recognition along the way — including the Financial Times FT****: Europe's Fastest Growing Companies ****, CNBC UK's Top Fintech Companies ****, Wealth & Finance FinTech Awards ****, and the Business Growth Award from Business Awards UK.Behind it all is a team of ambitious VFXers united by collective ownership, a focus on growth, and a shared passion for solving complex problems.About the Role The Information Security Lead will take ownership of VFX's security governance, risk management, and operational resilience, ensuring compliance with frameworks, such as DORA/Ops Res.
You'll oversee vulnerability management, SOC operations (whether internal or outsourced), vendor security, and regulatory readiness.A key part of the role will be implementing Microsoft Sentinel as the SIEM platform and managing SOC operations day to day.
You'll also support data security, resilience planning, secure development practices, and provide board-level infosec reporting.
Experience with ISO ***** and SOC 2 is highly desirable.Location This role can be based in either the UK or Portugal.
We're open to fully remote candidates in both locations, though you're also welcome to work from our offices in London or Portimão.Key Responsibilities Governance & Risk OversightDefine and enforce security governance policies across Azure and enterprise systems.Maintain and update the IT risk register, ensuring risks are tracked, prioritized, and mitigated.Drive compliance with DORA, GDPR, and fintech regulatory obligations.Contribute to initiatives for ISO ***** and SOC 2 readiness.Provide regular reporting to leadership and the board on security posture, KPIs, and risk trends.Security Operations & Incident ResponseImplement and configure Microsoft Sentinel as the company's SIEM.Manage the SOC function (whether internal or delivered by a vendor), ensuring SLA compliance and effective detection/response.Act as the internal escalation point for SOC alerts and incidents.Lead incident response planning, post-mortems, and resilience testing.Collaborate with Infrastructure team on business continuity and disaster recovery (BCP/DR) from a security perspective.Vulnerability & Attack Surface ManagementLead the vulnerability management lifecycle, coordinating remediation with Infra/Dev teams.Oversee attack surface monitoring, penetration testing, and red team activities.Ensure vulnerabilities are prioritized based on business risk.Data Security & PrivacyOversee data security strategy, including classification, encryption, retention, and privacy-by-design.Ensure compliance with data protection laws (GDPR) and industry standards (PCI DSS).
Vendor & Third-Party SecurityManage relationships with SOC providers, penetration testers, and auditors.Conduct third-party risk assessments and due diligence on critical vendors.Security Awareness & CultureChampion DevSecOps practices, including code scanning, pipeline security, and secure design reviews.Run security awareness programs and phishing simulations across the company.Act as the security point of contact for regulators, auditors, investors, and key clients.Candidate Profile Qualifications & Experience5+ years in IT Security, Cybersecurity, or Risk Management roles.Strong knowledge of Azure security governance and controls (in partnership with Cloud Architect).
Hands-on experience with SIEM implementation (Microsoft Sentinel preferred).
Experience with SOC operations (internal or vendor-managed).
Knowledge of vulnerability management, incident response, and risk frameworks.Familiarity with DORA, GDPR, and fintech regulatory frameworks.ISO ***** and SOC 2 experience preferable (certification, audit prep, or implementation).
Soft SkillsStrong communicator, able to govern SOC vendors or lead internal SOC teams.Pragmatic, risk-based decision maker with business alignment.Calm, structured, and decisive in incident response situations.Ability to engage business leaders, regulators, and external partners effectively.Benefits at VFX We offer more than just perks — we offer ownership.Our benefits include:Generous Profit Share Plan (PSP)Equity via the Company Share Option Plan (CSOP)Competitive salaryAnnual all-expenses paid company incentive trip abroadFlexible learning & development budgetPSP & CSOP Details At VFX, the biggest benefit is the opportunity to act like an owner.
Through ourProfit Share Scheme (PSP)andCompany Share Option Plan (CSOP), every team member has a chance to own a stake in the business and share in the profits.To show you what that looks like, in ****, PSP participants received over $1,000,000 USD.
From those distributions, more than 80% of eligible VFXers chose to become shareholders — a powerful reflection of the belief and commitment that drives VFX forward.If you care about building something meaningful, take pride in your work, and are motivated by impact — you'll thrive here.
#J-*****-Ljbffr