About VFX

For businesses navigating the complexities of global payments and treasury management, finding fast, reliable solutions can be a challenge. VFX removes the barriers to seamless cross-border transactions, offering tailored, secure, and efficient banking and treasury services.

Whether it’s corporate accounts, FX and payment services, or offering the right software and integrations to meet your business needs, VFX experts tailor the right solution every time. Behind these services is a team of ambitious VFXers who think like founders, never stop learning, and go the extra mile to help our clients succeed.

About the Role

The Information Security Lead will take ownership of VFX’s security governance, risk management, and operational resilience, ensuring compliance with frameworks, such as DORA/Ops Res. You’ll oversee vulnerability management, SOC operations (whether internal or outsourced), vendor security, and regulatory readiness.

A key part of the role will be implementing Microsoft Sentinel as the SIEM platform and managing SOC operations day to day. You’ll also support data security, resilience planning, secure development practices, and provide board-level infosec reporting. Experience with ISO 27001 and SOC 2 is highly desirable.

Location
This role can be based in either the UK or Portugal. We’re open to fully remote candidates in both locations, though you’re also welcome to work from our offices in London or Portimão.

Key Responsibilities

Governance & Risk Oversight

• Define and enforce security governance policies across Azure and enterprise systems.

• Maintain and update the IT risk register, ensuring risks are tracked, prioritized, and mitigated.

• Drive compliance with DORA, GDPR, and fintech regulatory obligations.

• Contribute to initiatives for ISO 27001 and SOC 2 readiness.

• Provide regular reporting to leadership and the board on security posture, KPIs, and risk trends

Security Operations & Incident Response

• Implement and configure Microsoft Sentinel as the company’s SIEM.

• Manage the SOC function (whether internal or delivered by a vendor), ensuring SLA compliance and effective detection/response.

• Act as the internal escalation point for SOC alerts and incidents.

• Lead incident response planning, post-mortems, and resilience testing.

• Collaborate with Infrastructure team on business continuity and disaster recovery (BCP/DR) from a security perspective.

Vulnerability & Attack Surface Management

• Lead the vulnerability management lifecycle, coordinating remediation with Infra/Dev teams.

• Oversee attack surface monitoring, penetration testing, and red team activities.

• Ensure vulnerabilities are prioritized based on business risk.

Data Security & Privacy

• Oversee data security strategy, including classification, encryption, retention, and privacy-by-design.

• Ensure compliance with data protection laws (GDPR) and industry standards (PCI DSS).

Vendor & Third-Party Security

• Manage relationships with SOC providers, penetration testers, and auditors.

• Conduct third-party risk assessments and due diligence on critical vendors.

Security Awareness & Culture

• Champion DevSecOps practices, including code scanning, pipeline security, and secure design reviews.

• Run security awareness programs and phishing simulations across the company.

• Act as the security point of contact for regulators, auditors, investors, and key clients.

Candidate Profile

Qualifications & Experience

• 5+ years in IT Security, Cybersecurity, or Risk Management roles.

• Strong knowledge of Azure security governance and controls (in partnership with Cloud Architect).

• Hands-on experience with SIEM implementation (Microsoft Sentinel preferred).

• Experience with SOC operations (internal or vendor-managed).

• Knowledge of vulnerability management, incident response, and risk frameworks.

• Familiarity with DORA, GDPR, and fintech regulatory frameworks.

• ISO 27001 and SOC 2 experience preferable (certification, audit prep, or implementation).

Soft Skills

• Strong communicator, able to govern SOC vendors or lead internal SOC teams.

• Pragmatic, risk-based decision maker with business alignment.

• Calm, structured, and decisive in incident response situations.

• Ability to engage business leaders, regulators, and external partners effectively.

Benefits at VFX

We offer more than just perks — we offer ownership.

Our benefits include:

• Generous Profit Share Plan (PSP)

• Equity via the Company Share Option Plan (CSOP)

• Competitive salary

• Annual all-expenses paid company incentive trip abroad

• Flexible learning & development budget

PSP & CSOP Details

At VFX, the biggest benefit is the opportunity to act like an owner. Through our Profit Share Scheme (PSP) and Company Share Option Plan (CSOP), every team member has a chance to own a stake in the business and share in the profits.

To show you what that looks like, in 2024, PSP participants received over $1,000,000 USD. From those distributions, more than 80% of eligible VFXers chose to become shareholders — a powerful reflection of the belief and commitment that drives VFX forward.

If you care about building something meaningful, take pride in your work, and are motivated by impact — you’ll thrive here.