Information Security Manager

We are seeking a strategic and hands-on Information Security Manager to own and mature our entire information security and compliance program.

Location:

Remote (UK based)

On application

Apply:

mailto:

As the senior security leader in the business, you will be responsible for providing the vision, strategy, and execution for all aspects of security and data protection.

This is a high-impact role where you will be the go-to expert for our teams, clients, and partners, ensuring our cutting-edge platform remains secure, compliant, and resilient against emerging threats. You will report directly to senior management and play a key part in our continued growth and success.

• Lead and maintain our ISO 27001 certified Information Security Management System (ISMS), driving a culture of continuous improvement.
• Own and manage our annual PCI-DSS v4.0 assessment, acting as the primary point of contact for our QSA.
• Develop and execute the security roadmap, evaluating and implementing new tools and technologies to enhance our security posture (e.g., WAF, Cloud Security Posture Management).
• Oversee our comprehensive vulnerability management program, including managing third-party penetration tests and interpreting results from vulnerability scanning.
• Own and enhance our third-party supplier security due diligence program.
• Develop, review, and maintain our suite of security policies, procedures, and our Disaster Recovery and Business Continuity plans.
• Act as the primary security subject matter expert for prospective clients, auditors, and internal teams.
• Provide leadership and technical guidance on the security of our modern, cloud-native environment, built on Google Cloud Platform (GCP) and Kubernetes (GKE).
• Proven experience in a senior information security role (e.g., InfoSec Manager, Senior InfoSec Analyst).
• Deep, practical expertise in developing, implementing, and managing an ISO 27001 certified ISMS.
• Expert-level knowledge and hands on experience leading assessments against the PCI DSS v4.0 standard, preferably for a cloud-native service provider.
• A strong, fundamental understanding of modern cloud security principles and architectures.
• Excellent communication skills, with the ability to articulate complex security concepts to technical teams, senior management, and clients with clarity and confidence.
• Hands on experience securing GCP environments is highly desirable.
• Practical knowledge of container security and orchestrators like GKE.
• Experience working in a fast paced FinTech or SaaS environment.
• Relevant industry certifications (e.g., CISSP, CISM, CISA, or a GCP Security certification).

Flexys is an award winning fintech that is revolutionising the credit and collections industry. Our modern, cloud native platform helps our clients to "collect more, faster" by providing intelligent, data driven, and customer centric solutions. We are a technology first company with a collaborative culture, building a market leading platform on a modern, scalable tech stack.

Flexys are an equal opportunities employer and believe that diversity enhances our culture and our products.

Our culture is underpinned by our five core values:

• We are fearless: We are not afraid to challenge the status quo and we are courageous in our ambition.
• We always seek to innovate: We apply new ideas, fresh thinking and decades of subject matter expertise to deliver better client outcomes.
• We demonstrate integrity: We do the right thing and evidence this by being self critical, open and transparent.
• We are passionate: We care about what we do and are dedicated to delivering great outcomes.
• We are committed to client success: We have a relentless focus on excellence and always strive to exceed expectations.

If this sounds like you, we want to hear from you.

We do not require help from recruitment agencies or individuals at this time, thank you.