
Moneybox · London
About Moneybox At Moneybox, our mission is to give everyone the means to get more out of life. We're guided by our belief that wealth isn't about the money, it'...
About Moneybox
At Moneybox, our mission is to give everyone the means to get more out of life. We're guided by our belief that wealth isn't about the money, it's about the means to more - more freedom, opportunities, possibilities, and peace of mind. Moneybox is an award-winning wealth management platform, helping over one and a half million people build wealth throughout their lives, whether they’re saving and investing, buying their first home, or planning for retirement.
Job Brief
Moneybox is looking for a Head of Information Security to lead and mature our information security function.
Reporting to the Engineering Director, this role will own Moneybox’s Information Security Programme and be accountable for reducing security risk across our people, systems, products and third-party ecosystem as the business continues to scale.
This is a hands-on leadership role. The successful candidate will need to think strategically, set direction and influence senior stakeholders whilst also being close enough to the detail to get things done.
We are looking for someone who can build a small, high-performing and nimble security function, using technology, automation and AI to increase the breadth, quality and pace of what the team can achieve.
The role will suit an experienced information security leader who is pragmatic, commercially aware and focused on reducing meaningful risk, not creating unnecessary bureaucracy or replicating a big-bank security model.
Ready to combine a security-first mindset with strong technical understanding to shape the future of digital banking? As Head of Information Security at Nordiska, you will lead the security strategy, guide architecture decisions and ensure secure delivery across our organization - where banking meets tech. About Nordiska Nordiska is a bank that provides innovative financial products for both companies and consumers. Nordiska Embedded is a platform for embedded financial services, where we offer savings, lending, and payment services, either under our own brand or through partners. Nordiska also provides corporate and real estate financing, as well as sustainable savings with a government-backed deposit guarantee. What we offer Our code of conduct is the foundation for everything we do. We act with honesty and responsibility to build long-term trust among customers, partners, and employees. We believe that diversity drives innovation and encourages each employee to contribute their unique expertise and perspective. We are driven and dedicated to making a difference. Our employees receive a competitive benefits package. About the Role As we continue scaling with embedded finance partners on a European level, we’re looking for a Head of Information Security to take end-to-end ownership of information security and cybersecurity. At Nordiska, security is more than compliance; it’s a core enabler of growth and trust. As our embedded platform capabilities expand, so do partner expectations and the need for clear security ownership, strong execution and pragmatic risk management. In this role, you will own Nordiska’s security posture and drive initiatives that strengthen resilience, governance, and operational security. You will ensure compliance with evolving requirements and frameworks, while embedding security into product development and day-to-day operations in close collaboration with Risk, Tech and Legal. This is a hands-on, operational leader role with accountability for both strategy and implementation. You will also serve as Nordiska’s primary security representative in external engagements - working with regulators, auditors, and partners - leading compliance efforts and ensuring Nordiska not only meets, but consistently raises the bar on security, governance and risk management. What You’ll Do As Head of Information Security some of your key responsibilities are: Lead Nordiska’s information security and cybersecurity work end-to-end, aligned with business priorities, partner expectations and regulatory requirements. Lead and maintain the ICT security framework, including governance, implementation, and cross-functional coordination, while leading third-party security risk management through due diligence, contractual requirements, and ongoing monitoring of vendors and service providers. Measure, report, and continuously strengthen Nordiska’s security posture through risk-based prioritization, clear metrics, and structured remediation, while owning incident management and regulatory reporting with well-defined procedures, timely escalation, and compliant communication with relevant authorities. Establish and maintain security governance and controls, embedding regulatory and industry requirements into policies, processes and steering documentation. Lead security assurance and stakeholder management, including ISO work, internal/external/regulatory audits and assessments and advising management and the Board on risks and mitigations. We’re Looking for Someone who has 7+ years of experience in information security/cybersecurity, with at least 5 years in leading roles in technology or infrastructure-intensive environments. Extensive experience in information security, cyber risk management and regulatory oversight, ideally within fintech, banking, or other highly regulated environments. A strong understanding of modern cybersecurity principles and technical security concepts. Hands-on experience driving audits, assessments and security programs, including regulatory reviews, risk assessments and remediation follow-up. Solid knowledge of key regulatory frameworks and standards such as DORA, ISO 27001, and GDPR, and how to translate requirements into practical controls. Excellent communication skills in both English and Swedish, with experience presenting to senior stakeholders and non-technical audiences. Experience from a tech-driven organization (preferred), where security enables delivery, scale and partner trust. Your Professional Profile Proactive and accountable - you take ownership beyond “tech security” and ensure security and compliance are embedded across the business. Structured and execution-oriented - you thrive in building, running and continuously improving compliance processes, not just overseeing them at a distance. Independent and self-sufficient - you can drive progress without formal line management, leading through influence in cross-functional initiatives. Collaborative and influential – you create alignment across departments and communicate risks, trade-offs, and priorities effectively across all levels of the organization. Application & Process If you’re looking to join a growth-driven environment that pairs innovation with profitability and reliability, welcome to Nordiska. We look forward to receiving your application. We review and interview continuously, with background checks as part of the final stage of our process. For questions about the role and or more information, you are warmly welcome to contact Ida Garamvölgyi, ida.garamvolgyi@nordiska.com or +46704 385 325.
CFTC-Regulated Business Unit (DCM) Location: Chicago, IL. Fully remote to start, transitioning to 3 days/week in office. ABOUT SMARKETS Smarkets is a prediction market exchange for sports and political trading that has handled over $50 billion in volume since 2010. We are upending the sports betting industry by growing a platform that offers the best value for traders, with not only the fairest prices but also the best technology, alongside a superior customer experience. We believe the foundation to our success is attracting the best people to our organisation and creating a high-performance environment where they can thrive. We are searching for an atypical candidate with a wealth of regulated business experience to support the development of our CFTC business. THE ROLE This is a senior security leadership role sitting within our CFTC-regulated business unit, responsible for the information security, cybersecurity, and operational resilience of our Designated Contract Market (DCM). You will design and enforce the policies and controls that protect the confidentiality, integrity, and availability of our critical systems and data, in alignment with Core Principle 20 (System Safeguards) under 17 CFR § 38.1050 et seq. This is a founding build: our licensing applications are in-flight and you will stand up the security programme through to go-live, then operate and mature it as the business scales. You will lead efforts to identify and mitigate cyber and physical threats, coordinate incident response, and ensure the DCM can continue operating under stress, working closely with engineering, risk, and compliance, including our UK-based teams, to embed security across the software development life cycle and infrastructure. You will work directly with the CEO and senior management, with the support of the Smarkets UK team behind you. ABOUT YOU * Senior security leader with 7+ years of senior-level information security experience, ideally within financial services, exchange infrastructure, or critical regulated systems. * Demonstrated leadership in implementing cybersecurity, compliance, and resilience programmes in high-risk environments. * Deep familiarity with CFTC expectations around system safeguards, including Core Principle 20 and 17 CFR § 38.1050 et seq. * Direct experience with security and risk assessments, incident response planning and execution, cybersecurity compliance audits (internal or regulatory), and disaster recovery and business continuity programmes. * Experience managing or working with geographically distributed engineering and infrastructure teams. * Strong understanding of security frameworks and secure software development practices. * Excellent communication and reporting skills, including for executive and regulatory audiences. RESPONSIBILITIES * Define and implement the DCM's information security vision, strategy, and programme, consistent with CFTC Core Principle 20 and industry-aligned best practice. * Lead risk identification, vulnerability management, and cyber threat mitigation across all DCM technology assets. * Ensure the design and enforcement of security controls across infrastructure, software development, vendor relationships, and end-user operations. * Own the incident response framework, including procedures for detection, containment, reporting, recovery, and root cause analysis. * Direct the business continuity and disaster recovery programmes, ensuring systems and teams can operate during disruption. * Prepare and maintain system safeguards documentation, audit logs, penetration tests, and other evidence for CFTC oversight and examinations. * Serve as the executive lead for cybersecurity audits, control testing, and CFTC technology compliance. * Collaborate with engineering, DevOps, product, and risk to ensure secure-by-design development and deployment, including across UK-based teams. * Regularly brief the CEO and senior management on security posture, threats, incidents, and risk levels. DESIRABLE ATTRIBUTES * Personal interest in sports, exchanges, or trading * Experience securing exchange, clearing, or trading infrastructure. * Relevant certifications such as CISSP, CISM, or equivalent. * Familiarity with event contracts, prediction markets, or similar novel futures products and their treatment under the CFTC framework. * Experience engaging directly with regulators or examiners on technology and system safeguards. OUR VALUES * Push to win * Make others better * Give a shit * Be a pro * Bring the energy Our values are at the heart of everything that we do. We believe these are the fundamentals to ensure we are delivering what's expected of us in the best way possible for ourselves and for those around us. COMPENSATION AND BENEFITS Base salary range: $130,000 to $200,000 USD per year. The actual offer within this range will depend on experience, qualifications, and other job-related factors. We have designed our benefits offering around Health, Wealth, Lifestyle and Development. From day one you will receive: * 25 days' annual leave, plus public holidays. * 401(k) plan: Smarkets matches 100% of employee contributions up to the first 6% of salary. Participation is voluntary, with automatic enrolment at a default contribution rate of 6% unless you select an alternative rate or choose to opt out. * Private medical insurance: a monthly reimbursement towards the private health insurance plan of your choice. * Performance bonus of up to 25% of base salary. * Equity via share options scheme. * Annual professional development budget of $1,000 for conferences, training, courses, books, and other learning opportunities. * Work From Anywhere: up to 20 days per year (pro-rated) to work remotely from locations around the world. ADDITIONAL INFORMATION * This role is offered subject to satisfactory background screening and, where applicable, CFTC fitness and eligibility requirements. * We use Ashby, our applicant tracking system, to manage applications, and AI-assisted tools may be used to support parts of our recruitment process. Applications are reviewed by our team, and hiring decisions are made by people rather than by automated tools.
About Man Group Man Group is a global alternative investment management firm focused on pursuing outperformance for sophisticated clients via our Systematic, Discretionary and Solutions offerings. Powered by talent and advanced technology, our single and multi-manager investment strategies are underpinned by deep research and span public and private markets, across all major asset classes, with a significant focus on alternatives. Man Group takes a partnership approach to working with clients, establishing deep connections and creating tailored solutions to meet their investment goals and those of the millions of retirees and savers they represent. Headquartered in London, we manage $228.7 billion* and operate across multiple offices globally. Man Group plc is listed on the London Stock Exchange under the ticker EMG.LN and is a constituent of the FTSE 250 Index. Further information can be found at www.man.com At Man Group, we respect your privacy and we are committed to protecting and safeguarding your Personal Data. We have developed policies and processes which are designed to provide for the security and integrity of your Personal Data. We are committed to Processing your Personal Data fairly and lawfully, and being open and transparent about such Processing. For further information on how we process your data, please see the privacy notice for applicants here * As at 31 March 2026 The Team We are looking for a CISO to take full ownership of Information Security and Identity & Access Management at Man Group. This is a leadership role that is as much about driving change across the firm as it is about running the security function. They will set standards, influence behaviour, embed security into business processes, and work with departments across the organisation to raise the bar on how Man Group manages risk. A Deputy CISO will own day-to-day security operations and policy, allowing the CISO to focus on identity transformation, standards, governance, and driving security culture firm-wide. Reporting to the Head of Enterprise Risk, the CISO will be responsible for overseeing Identity and Access Management (IAM) Programme, IAM BAU, and Information Security. Role Responsibilities Strategy & Standards * Own the information security strategy, aligning security investment to the firm's risk appetite * Drive security culture and awareness across the firm through training, engagement, and communications * Set and enforce security standards across technology, operations, and business departments, not just within InfoSec * Work with teams across the organisation to understand existing process and embed secure access into existing systems * Enable the safe adoption of AI and emerging technologies by defining practical security guardrails * Own the Information Security and IAM Risks and Controls Self-Assessment (RCSA), ensuring that risks are identified, controls are documented and remediation is tracked Identity & Access Management * Own the IAM strategy and transformation roadmap, driving the migration from legacy provisioning to a modern, governed identity platform * Directly oversee the identity governance implementation, including application onboarding, lifecycle automation, access controls and defining central APIs * Remediate audit findings related to identity and access management Governance & Reporting * Chair the Information Security Steering Committee * Present security posture, risk, and programme updates to boards and the Risk and Finance Committee * Provide oversight of third-party risk management in coordination with the dedicated TPRM team * Support SOC-1 audit processes Key Competencies Essential * A builder mindset, comfortable with balancing competing priorities * Strong understanding of technical security implementations, trade-offs, APIs and architectural design patterns and a working understanding of modern open-source based application design * Demonstrable experience in a senior information security role, ready to step into a full CISO mandate * Proven ability to drive change outside of a direct reporting line, influencing technology, operations, and business teams to adopt security standards * Strong communicator, comfortable presenting to boards and equally comfortable in a technical design review Advantageous * CISSP certification * Experience with identity governance platforms and large-scale IAM transformation programmes * Familiarity with infrastructure-as-code environments (Terraform, GitOps workflows) * Experience with hybrid identity environments (Active Directory, Entra ID, SSO platforms) * Experience defining security frameworks for emerging technology enablement * Background in a regulated industry, with an appreciation for the governance, operational, and compliance requirements that come with itith cloud platforms (e.g., Azure or AWS) and containerization (e.g., Docker, Kubernetes) Inclusion, Work-Life Balance and Benefits at Man Group You'll thrive in our working environment that champions equality of opportunity. Your unique perspective will contribute to our success, joining a workplace where inclusion is fundamental and deeply embedded in our culture and values. Through our external and internal initiatives, partnerships and programmes, you'll find opportunities to grow, develop your talents, and help foster an inclusive environment for all across our firm and industry. Learn more at www.man.com/diversity. You'll have opportunities to make a difference through our charitable and global initiatives, while advancing your career through professional development, and with flexible working arrangements available too. Like all our people, you'll receive two annual 'Mankind' days of paid leave for community volunteering. Our comprehensive benefits package includes competitive holiday entitlements, pension/401k, life and long-term disability coverage, group sick pay, enhanced parental leave and long-service leave. Depending on your location, you may also enjoy additional benefits such as private medical coverage, discounted gym membership options and pet insurance. Equal Employment Opportunity Policy Man Group provides equal employment opportunities to all applicants and all employees without regard to race, color, creed, national origin, ancestry, religion, disability, sex, gender identity and expression, marital status, sexual orientation, military or veteran status, age or any other legally protected category or status in accordance with applicable federal, state and local laws. Man Group is a Disability Confident Committed employer; if you require help or information on reasonable adjustments as you apply for roles with us, please contact TalentAcquisition@man.com.