Information security officer - SBS UK

SBS is a global financial technology leader, empowering banks and financial institutions to thrive in an increasingly digital world. Trusted by over 1,500 institutions across 80 countries, including Santander, Société Générale, KCB Bank, Argenta, Crelan, Knab, Mercedes-Benz, and Toyota Financial Services, SBS delivers innovative, future-ready solutions.

Its cloud-native platform features a composable architecture that supports a wide range of financial services—from banking, lending, and compliance to payments and consumer or asset finance. With 3,400 employees across 50 offices, SBS has been recognized as a Top 10 European Fintech by IDC and a leader in Omdia’s Universe: Digital Banking Platforms. Headquartered in Paris, France, SBS continues to shape the future of finance through technology.

For more information, we invite you to our corporate website: www.sbs-software.com 

SBS is embarking on delivering a significant programme of work over the next 2 years, which will improve the experience of millions of customers in the UK. We are looking for an Information Security Officer (ISO) to lead the development of the programme’s security posture, ensuring appropriate certifications, processess and operating model are in place.

The ISO plays a critical role in ensuring a highly effective and secure service for one of our major UK clients. Reporting directly to the Head of Service line and program manager, and facing off to senior stakeholders across Europe, including the CISO, the ISO will be expected to demonstrate Leadership, strategic planning and experience in establishing Information Security Management Systems which comply with government standards.

The role will require the candidate to travel occasionally within both the UK, Belgium and France.

High-Level Objectives:

• Responsible for all aspects of Security delivery for the Major UK Client.
• Be the go-to authority for all Security-related issues and strategies regarding service delivery to the Client.
• Identify, manage, and mitigate information security risks.
• Align information security strategy with business goals and objectives.
• Ensure compliance with relevant local and international laws, as well as internal policies.
• Foster a culture of information security awareness and continuous improvement.
• Drive the adoption of best practices in data protection and cybersecurity.

Core Responsibilities:

• Strategic Leadership: Develop and implement an annual information security roadmap in alignment with business objectives.
• Compliance Management: Keep up-to-date with legal and regulatory changes, ensuring timely compliance and client commitments.
• Risk Assessment: Ensure regular Data Protection Impact Assessments, vulnerability scans, and risk assessments are executed.
• Stakeholder Engagement: Liaise with internal and external stakeholders including regulatory bodies, auditors, and third-party vendors to ensure alignment of Security standards & plans
• Incident Management: Develop and maintain an incident response plan. Handle security incidents and breaches effectively.
• Budget Oversight: Manage the information security budget to ensure adequate funding for critical initiatives.
• Policy Development & Enforcement: Create and enforce policies related to emerging trends which may impact the service to our client.
• Performance Metrics: Establish, monitor, and report on KPIs to assess the effectiveness of the information security program.
• Resilience Testing: Conduct periodic resilience and penetration testing to evaluate organizational preparedness.
• Employee Training: Evangelise and enable regular training and awareness programs on various aspects of information security relative to the service.
• Vendor Risk Management: Perform security assessments on third-party vendors and manage associated risks.
• Board Reporting: Provide regular reports to the internal and external senior management on the status of information security and risk.

 

Minimum Competencies & Experience:

• Educational Qualification: Relevant security professional accreditations, such as CISSP, IBITGQ, (ISC)² - with evidence of how these have been applied into a working role.
• Experience: Minimum of 5 years of experience in information security, preferably in the financial services or technology sectors.
• Technical Skills: Proficiency in common security tools and AWS platforms, including SIEM, firewalls, and endpoint protection.
• Legal and Regulatory Knowledge: Familiarity with GDPR, ISO 27001, and other relevant information security laws and standards.
• Communication Skills: Excellent written and verbal communication skills, with the ability to convey complex information in a clear manner.

Preferred Competencies & Experience

• Strong experience across UK government security requirements, such as GBEST, ITHC, His Majesty’s Government (HMG) Security Policy Framework, and equivalent UK public‑sector security standards, particularly in Technology / IT practices is considered as a strong asset.
• Experience in working within a Service Integration and Management (SIAM) model
• Experience leading or participating in cross-functional teams across departments like legal, human resources, and operations, particularly in the context of incident response and compliance.
• BPSS Security Cleared

At our organization, we are committed to fighting against all forms of discrimination. We foster a work environment that is inclusive and respectful of all differences.

All of our positions are open to people with disabilities.