AVP/VP, Security Engineering

We are looking for a security engineering professional who operates at both ends of the spectrum - deeply hands-on with enterprise security tooling, and equally capable of authoring the policies and governance frameworks that define how those tools are deployed and managed.

About the Role

You will take ownership of the security controls environment within a regulated financial institution, working across the full lifecycle of enterprise security tools - from evaluation and implementation through to ongoing operationalisation and improvement. Critically, you will also be responsible for developing and maintaining the policies, standards, and configuration governance that sit around those tools, ensuring that how they are used is as rigorous as the tools themselves.

This is not a pure operations role. You are expected to think architecturally, write authoritatively, and engage credibly with both technical peers and senior stakeholders.

What You'll Be Doing

• Configuring, managing, and continuously improving enterprise security tools across domains such as identity and access management, privileged access, network security, endpoint controls, data loss prevention, and cloud security
• Authoring and maintaining security policies, standards, and governance documentation specifically governing the deployment, configuration, and use of security tooling
• Evaluating new and emerging security technologies against business requirements, regulatory expectations, and established frameworks such as NIST
• Developing and enforcing configuration baselines and hardening standards across the security tooling estate
• Driving vulnerability remediation efforts, from identification through to validated closure
• Investigating security incidents and translating findings into improved controls or updated policy
• Collaborating with auditors, assessors, and internal stakeholders on compliance reviews and security assessments
• Keeping documentation current - technical runbooks, operational procedures, and policy artefacts alike

What You'll Bring

• Substantial hands-on experience with enterprise security platforms across one or more domains - Zero Trust Architecture, cryptographic key management, security hardening, IAM, DLP, or cloud security management
• Demonstrated ability to write security policy and governance documentation, not just implement controls
• Familiarity with regulatory and compliance requirements in a financial services context
• Strong technical writing skills - you produce documentation that others can actually work from
• Backgrounds in system integration or security presales are welcome - what matters is depth of hands-on tooling exposure and the ability to translate that into sound governance
• CISSP, CISM, or CRISC is advantageous

EA Licence: 16S8091

EA Reg No.: R1656500