Chief Information Security Officer

About Us: The FNZ Group is committed to making wealth accessible to everyone, everywhere. We provide a global, end-to-end wealth management platform that integrates modern technology with business and investment operations.
We partner with over 650 financial institutions and 12,000 wealth managers, with US$1.5 trillion in assets under administration (AUA). Together with our customers, we help over 20 million people from all wealth segments to invest in their future.

Job Description: We are seeking an experienced Application Security Engineer to join our Global Cyber Information Security team. In this role, you will work closely with our developers to embed security measures and tooling across our application platforms, contributing to the development of secure products.
The successful candidate will have experience in Information Security using DevSecOps tooling like GitHub, CI/CD, application security, and threat modeling. They will also possess strong collaboration skills, experience in SDLC security integration, vulnerability assessment, and risk management.

Main Responsibilities:

Provide guidance and oversight to development teams on secure coding practices and application security best practices.
Conduct security reviews, including code and design reviews to identify design flaws and vulnerabilities.
Contribute to and maintain a threat modelling framework and review.
Develop and maintain security standards, and procedures for application security.
Collaborate with cross-functional teams to design, implement, and maintain security controls for our applications.
Stay up to date with the latest security threats, vulnerabilities, and countermeasures in order to continuously improve our application security posture.
What We're Looking For:

Information Security experience, and experience of working in a regulated environment.
Experience of DevSecOps tooling e.g. GitHub, CI/CD.
Experience in application security engineering, threat modelling and secure coding.
Experience of integrating security into SDLC.
Assessing vulnerability defects.
Good collaboration and communication skills, with experience of working with DevOps and delivery teams.
Familiar with static and dynamic application testing toolsets, including secret scanning and software composition analysis.
Experienced in managing security risk.
Experience in developing and managing formal security documents.
Knowledge of cloud concepts a plus.
Why Join Us? As a valued member of our team, you can expect significant career opportunities within the company. Remuneration and career advancement is based on individual contribution and business impact rather than tenure or seniority. We offer a competitive salary package and a comprehensive benefits program. Read more