Penetration and security testing lead

At FNZ, our purpose is to make wealth management more accessible, bringing easier, fairer and more inclusive solutions to people worldwide. Here in the Global Cyber & Information Security team, we are on a mission to embed cyber resilience across FNZ, protecting the platforms that support investment solutions for over 20 million people.

We are looking for a proven Penetration and security testing lead reporting to the Group Head of Cyber Resilience and Operations.

The role will be responsible for leading a team of application security and penetration testing experts. The team are currently responsible for ensuring that web applications are tested in line with the SDLC processes, including:

• Explaining and prioritising defects identified through pen tests and code reviews

• Onboarding applications to security testing tools

• Facilitating 3rd party penetration tests

The services will be expanding to support increased coverage of penetration tests (i.e. supporting infrastructure and cloud platforms) and ensuring compliance with regulations e.g. DORA for threat prioritised pen testing.

Close alignment with technology and infrastructure colleagues will be required to ensure that security best practices are embedded.

You will have knowledge of the cybersecurity landscape and experience in a complex and evolving environment in regulated financial services across different regions and jurisdictions.

The role requires qualification in penetration testing and experience of web application and infrastructure testing. Knowledge of SDLC processes is required.

Specific Role Responsibilities

• Lead a team of application security consultants, engineers and penetration testers

• Provide oversight and training for penetration testing

• Engagement with IT leaders

• Drive a strategy for penetration testing

• Ideally, experience of red and purple teaming

• Collaborate with development and DevOps teams to provide technical guidance for  implementing security fixes and mitigations to identified defects

• Coordinate the engagement of penetration testers

• Onboard services to security testing tools (e.g. SAST, DAST, IAST) in order to test applications, APIs and mobile applications

• Input into the design and implementation of secure development technology, processes and procedures, identifying areas of improvement.

• Improve earlier engagement of security in design processes

• Support security incident and assessments

• Facilitate threat modelling

Experience required

Primary requirements

• Qualification (e.g. CREST) and sufficient experience in penetration testing to oversee and train penetration testers

• Experience of managing and leading a small team

• Knowledge and ideally experience of application development and testing

• Strong knowledge of web application security frameworks (e.g., OWASP Top 10) and secure coding principles

• Familiarity with programming languages (e.g., Java, .NET, Python, JavaScript)

• Knowledge of industry standards and frameworks (e.g., NIST, CIS, ISO 27001) as they relate to application security

• Strong analytical and problem-solving skills with a keen attention to detail in identifying and addressing data security issues

• Excellent verbal and written communication skills, with the ability to explain complex data security concepts to non-technical stakeholders

• Relevant certifications is required

About FNZ Culture

Our culture is what drives us. It's at the heart of who we are and everything we do. It's what inspires, excites and moves us forward. Our ambition is to create a culture for growth, one that opens up limitless opportunities for our employees, customers and the wider world. At FNZ we know that great impact is only possible with great teamwork.

That’s why we value the strength and diversity of thought in our global team.

The FNZ Way is the cornerstone of what we do. It is comprised of four values that set the standard for how everyone at FNZ interacts with each other, with our customers, and with all our diverse stakeholders around the world.

Customer obsessed for the long-term Think big and make an impact Act now and own it all the way Challenge, commit and win together

Read more about The FNZ Way and our values: www.fnz.com/culture

Opportunities

• Right from day one, you will work alongside exceptional, multicultural teams - experts in their respective fields - who will inspire and challenge you to make your greatest impact.

• Be part of a highly successful, rapidly growing, global business that is leading the delivery of financial services via cloud computing and partners with some of the world’s largest companies;

• Working in a flexible and agile way that meets the needs of the business and personal circumstances;

• Remuneration, significant financial rewards and career advancement is based on individual contribution and business impact rather than tenure or seniority;

• We provide global career opportunities for our best employees at any of our offices in the UK, EU, US, Canada, South Africa and APAC.

Commitment to Equal Opportunities

At FNZ, we recognise that diversity, equity and inclusion are important factors contributing to our success. We embrace the unique perspective and capabilities of our current and future employees, which will help us continue to drive innovation and achieve our business goals. Recruitment decisions at FNZ are made in a non-discriminatory manner without regard to gender, ethnicity/race, faith, age, nationality, gender identity, sexual orientation, marital status, socio-economic background, disability or military veteran status where all applicants and employees are valued and respected.

In addition, we want to ensure accessibility needs are well supported, if you require specific support please advise us.

About FNZ

FNZ is committed to opening up wealth so that everyone, everywhere can invest in their future on their terms. We know the foundation to do that already exists in the wealth management industry, but complexity holds firms back. 

We created wealth’s growth platform to help. We provide a global, end-to-end wealth management platform that integrates modern technology with business and investment operations. All in a regulated financial institution. 

We partner with over 650 financial institutions and 12,000 wealth managers, with US$1.5 trillion in assets under administration (AUA).

Together with our customers, we help over 20 million people from all wealth segments to invest in their future.