Home
Jobs
FNZ Group
Identity Security Role Based Access SME

Identity Security Role Based Access SME

On site

Edinburgh, United Kingdom

Full Time

03-03-2025

Share this job:

Score my CV Apply

Job Specifications

At FNZ, our purpose is to make wealth management more accessible, bringing easier, fairer and more inclusive solutions to people worldwide. Here in the Global Information Security team, we work to protect the platforms that support investment solutions for over 20 million people.

We are looking for a motivated and experienced Role Based Access SME reporting to the Role Based Lead. You will have good experience in the development and management role based processes for medium/large organisations. Provide oversight and input to Identity Lifecycle management services and processes including key platform, applications and services, Single Sign on and Multi Factor Authentication. You will also have knowledge of monitoring the coverage and effectiveness of identity security tools, as well as automating day to day procedures.

Job Description:

Align to the Group Head of Identity in maturing Identity management within FNZ, processes and practices contributing to the long-term maturity target.
Manage discussions and delivery with platform and application owners
Participate in developing skills, capabilities, and services of the Identity team including process improvements and documentation.
Create/Maintain and mature Team Processes and Documentation for RBAC
Administer user accounts, permissions, and access controls.
Keep up to date with the latest industry developments and trends.
Support user identity lifecycle
Monitor compliance with internal policies and external regulations
Handle escalated issues, inquiries, and support tickets

Requirements:

Working knowledge of Saviynt, AzureAD and CyberArk
Strong working experience in Identity or a related field
In-depth knowledge of role-based access control within identity and access management concepts. Also a working knowledge of JML, access recertification and identity federation.
Willingness to learn new technologies and keep up with industry trends.
Familiarity with best practices and compliance standards.

Desired Skills:

Experience of engineering in large scale environments, specifically managing multiple stakeholders and change in complex technology stacks.
Professional certification such as Certified Identity and Access Manager (CIAM) or Certified Identity Management Professional (CIMP)
Experience of working in regulated industries
Experience of mapping identity requirements to frameworks (NIST, SCF, ISO)

About FNZ:

Our culture is what drives us. It's at the heart of who we are and everything we do. It's what inspires, excites and moves us forward. Our ambition is to create a culture for growth, one that opens up limitless opportunities for our employees, customers and the wider world. At FNZ we know that great impact is only possible with great teamwork.

That’s why we value the strength and diversity of thought in our global team.

The FNZ Way is the cornerstone of what we do. It is comprised of four values that set the standard for how everyone at FNZ interacts with each other, with our customers, and with all our diverse stakeholders around the world.

Customer obsessed for the long-term
Think big and make an impact
Act now and own it all the way
Challenge, commit and win together

Read more about The FNZ Way and our values: www.fnz.com/culture

About FNZ

FNZ is committed to opening up wealth so that everyone, everywhere can invest in their future on their terms. We know the foundation to do that already exists in the wealth management industry, but complexity holds firms back.

We created wealth’s growth platform to help. We provide a global, end-to-end wealth management platform that integrates modern technology with business and investment operations. All in a regulated financial institution.

We partner with over 650 financial institutions and 12,000 wealth managers, with US$1.5 trillion in assets under administration (AUA).

Together with our customers, we help over 20 million people from all wealth segments to invest in their future.

About the Company

FNZ is committed to opening up wealth so that everyone, everywhere can invest in their future on their terms. We know the foundation to do that already exists in the wealth management industry, but complexity holds firms back. We created wealth’s growth platform to help. We provide a global, end-to-end wealth management platform that integrates modern technology with business and investment operations. All in a regulated financial institution. We partner with over 650 financial institutions and 12,000 wealth managers, wi... Know more

Related Jobs

Company Name: TieTalent
Job Title: Cyber Security Assurance Tester and IR Specialist
Job Description: About Six Degrees is a leading secure, integrated cloud services provider, where everyone is welcome. We believe success lies in harnessing a truly diverse and inclusive culture. Our business protects UK organisations with the goal of enabling them to operate effectively and securely in the cloud, by giving them secure platforms to innovate and grow. We support our customers on their digital transformation journey regardless of their maturity. Our vision is to be the UK’s number one provider of secure, integrated cloud services to the small to mid-size market. Our Cyber Security Assurance team are one of the most experienced and highly qualified teams of penetration testers in the UK. Also experts in forensics, the team is responsible for testing 1000’s of applications, systems, environments and devices every year. The team routinely research vulnerabilities, compile threat intelligence and assist clients in shoring-up their data security. The Internal Penetration Testing & Incident Response Specialist will be a key member of the Cyber Security Assurance team, responsible for proactively identifying, assessing, and mitigating security risks internally within the organisation. They will work under general supervision, handling both internal penetration testing activities and aiding incident response operations for both external clients as well as internal operations. The role requires a methodical and analytical approach to security testing, as well as the ability to act decisively in response to security incidents. They will act as a subject matter expert for internal penetration testing and threat response, applying appropriate tools, techniques, and methodologies in accordance with relevant standards and legislation. They will work on complex and non-routine testing scenarios, providing actionable insights to improve the organisation’s security posture. The role requires close collaboration with internal teams, supporting security investigations, incident handling, and threat mitigation efforts. The Cyber Security Assurance Tester and IR Specialist will need to have experience in running common penetration testing types and being able to manage complex incidents that may malware reversing, forensics and log analysis. You will need be certified with the following certificates such as Cyber Scheme Team Member, CREST Registered Tester, CREST (CPIA), Intrusion Analyst (CRIA), CREST Certified Incident Manager (CCIM) In the context of a broader security initiative, this role will serve as the internal component of the client-facing penetration testing team, reporting to senior management. Exceptional communication skills are crucial, as the individual will be responsible for producing clear and professional written reports, technical evaluations, and briefings for key stakeholders. Regular collaboration with internal teams will be necessary, necessitating the ability to convey technical findings in a manner that highlights their business implications. The individual will also focus on enhancing their knowledge in penetration testing, threat intelligence, and incident response, ensuring that testing methodologies and response strategies are in line with industry best practices. This position is ideal for a security professional who is proactive and adaptable, capable of integrating offensive security testing with swift responses to cyber threats within the organization. Our Benefits In return for the passion our people bring to everything they do, we want them to enjoy a range of benefits that enrich their lives. We are a Real Living Wage employer, and through our additional employee benefits we feel we’ve got something that will help everybody live their best life. We recognise the immense joy and significance of family leave for our employees, which is why Six Degrees provide an enhanced maternity and paternity leave package. We’re also keen to support people with flexible working, so everyone can have the personal time they need whilst still doing great work here at Six Degrees. We have some fantastic benefits on offer, with everyone being given Private Medical Insurance, Life Assurance, a matched pension scheme and 25 days holiday and as a happy birthday from Six Degrees, all employees get a day off for their Birthday. Throughout the business, our people have a causes and initiatives that they support and that is close to their heart. That’s why we give everyone the chance to volunteer one day year in addition to annual leave to make a difference. What is more, we also make a contribution to any additional benefits you may wish to choose. Every Six Degrees employee has instant access to private medical care is available, as well as mental health and employee wellbeing support 24/7. Whether it’s a wellness benefit, such as gym benefits, fitness programmes and genetics wellness testing to our life benefits with discounted rates on travel, critical illness and dental insurance. We also provide discounts on well-known brands, in restaurants, supermarkets, the list goes on! Our Recruitment Process At Six Degrees, we prioritise efficiency in our recruitment process, as we believe it is essential for you to connect with potential colleagues and have a positive candidate experience. Our team will thoroughly evaluate all applications, and if your qualifications align with our needs, our Talent Acquisition team will reach out to schedule a call. If all goes well, you will be invited to participate in an interview with your prospective line manager and team members, where you will discuss your suitability for the position and learn more about Six Degrees. For certain critical roles, we may conduct a second and final interview, which could include a task specific to the role. Following the completion of the assessment process, we look forward to welcoming you to the Six Degrees family Nice-to-have skills Penetration Testing City of London, England Work experience Pentester Security Analyst Languages English

London, United Kingdom

On site

Full Time

03-03-2025

Company Name: Tesco
Job Title: Principal Enterprise Security Architect
Job Description: What’s in it for you We’re all about the little helps. That’s why we make sure our Tesco colleague benefits package takes care of you – both in and out of work. Click Here to find out more! Annual bonus scheme of up to 45% of base salary Car Cash Allowance Holiday starting at 25 days plus a personal day (plus Bank holidays) Private medical insurance Retirement savings plan - save between 6% - 10% and Tesco will contribute 1.5 times this amount 26 weeks maternity and adoption leave (after 1 years’ service) at full pay, followed by 13 weeks of Statutory Maternity Pay or Statutory Adoption Pay, we also offer 6 weeks fully paid paternity leave About The Role Here at Tesco Cyber, we are seeking a highly skilled and experienced Enterprise Security Architect, who will be responsible for ensuring that all enterprise-built platforms and solutions align with our existing security framework and industry standards. This role requires a deep understanding of security principles, technologies, and best practices to protect our information assets and ensure compliance with regulatory requirements. The focus will be on collaborating with key stakeholders across various domains to enable our technology colleagues to work efficiently and manage their environments effectively. You will perform comprehensive risk assessments, develop strategies to mitigate threats, and ensure alignment with organizational security principles and best practices. You will be responsible for Design and implement robust security architectures for enterprise-wide capabilities, which our technology teams rely on regularly to operate their services and perform their day-to-day tasks efficiently, addressing identified threats and vulnerabilities. Conduct thorough risk assessments for new systems and existing environments, reviewing their designs and architectures to ensure they meet modern security requirements, identifying security risks, and recommending mitigation strategies. Influence and guide other teams to implement security solutions by collaborating across functions to integrate security principles and ensure systems align with business needs. Ensure all enterprise-built platforms align with our existing security framework and industry standards, while collaborating with other enabling and architecture teams to integrate security into all aspects of the organization's operations. Evaluate and enhance security processes to improve their efficiency and comprehensiveness. Continuously monitor and respond to emerging security trends and threats to workplace environments, virtualization technologies, and databases. Develop and maintain security architecture documentation, including policies, diagrams, and procedural guides. Act as an SME and advise on the security of the M365 platform, workplace solutions, and infrastructure control plane capabilities such as virtualization layers (VMWare). Lead and participate in internal technology initiatives to implement secure enterprise systems, ensuring alignment with security frameworks and organizational goals to enhance security posture. You will need Soft Skills Proven leadership experience as a technical individual contributor in complex organizations. Analytical mindset with a proactive approach to identifying and solving security challenges. Strong communication and interpersonal skills to articulate complex security concepts to diverse audiences. Ability to work collaboratively with cross-functional teams while managing multiple initiatives. Demonstrated curiosity and flexibility in applying knowledge and advice. Technical Skills Demonstrable experience and expertise in designing, implementing, and applying balanced controls from security frameworks such as NIST, CIS, ISO 27001, and MITRE. Expertise in security controls and best practices for cloud-based workplace environments. Proficiency in Microsoft 365 security, compliance capabilities, identity and access management, and threat protection, including Microsoft Defender, Microsoft Entra, and Microsoft Purview. Expertise with virtualization platforms, ideally on VMware security solutions, including VMware NSX, VMware Carbon Black Cloud, and Horizon. Familiarity with virtualization security best practices and endpoint security. Proficiency in securing databases (e.g., SQL, NoSQL), with a focus on encryption, authentication, and monitoring solutions. Proficiency in risk analysis, security controls management planning, and disaster recovery planning. Experience with security technologies such as firewalls, intrusion detection/prevention systems, and encryption. Qualifications & Experience Strong knowledge of security frameworks and standards (e.g., NIST, ISO 27001). Bachelor's degree in Computer Science, Information Technology, or a related field. Minimum of 10 years of experience in information security, with at least 5 years in a security architecture role. Professional certifications such as SABSA, CISSP, CISM, or TOGAF are highly desirable. Professional certifications in risk management such as CRISC are desirable.

Farringdon, United Kingdom

On site

Full Time

26-02-2025

Company Name: Morgan Stanley
Job Title: Lead Application Security Engineer - VP
Job Description: JR000996 Glasgow Morgan Stanley is looking for a motivated Engineering lead to join the Cybersecurity department, who will be charged with enabling security controls in the CI/CD pipelines by rolling out SAST, SCA or DAST tools with a significant impact to the development community and to the security posture of firm’s applications. In the Technology division, we leverage innovation to build the connections and capabilities that power our Firm, enabling our clients and colleagues to redefine markets and shape the future of our communities. This is a Software Engineering Manager position at VP, P5 level, which is part of the job family responsible for developing and maintaining software solutions that support business needs. Morgan Stanley is an industry leader in financial services, known for mobilizing capital to help governments, corporations, institutions, and individuals around the world achieve their financial goals. Interested in joining a team that's eager to create, innovate and make an impact on the world? Read on. What You’ll Do Work with a team of engineers to implement Morgan Stanley specific security policies in the CI/CD security tools including but not limited to SAST, DAST and SCA applications. Work with Development, DevOps and Security teams to identify and develop automated security and compliance capabilities in support of DevOps processes. Define the security rules that needs to be adhered to at a code level in web and mobile applications written in Java, React, Objective C, SWIFT, Kotlin etc. With your development background and security knowledge, provide security guidance to developers in the form secure coding standards and guidelines. Support security standards, create templates and patterns to increase the efficiency and adoption of security program. Work with our partners to implement, manage, and optimizing security measures within our GitHub repositories and pipelines to continuously improve code security and protect against vulnerabilities. These Skills Will Help You Succeed In This Role Bachelor’s degree with 10+ years of work experience in the IT field 3+ years software development experience using Python, Java or JavaScript 3+ years of cumulative experience across the following: OWASP Secure Coding Practices Common software and web application security vulnerabilities Application security scanning tools Continuous Integration/Continuous Deployment (CI/CD) processes and concepts using relevant technologies and tools (e.g., Jenkins) Even Better If You Have A degree in Cybersecurity or CISSP/CSSLP certification or keen desire to move to security field Business acumen to support the implementation of SAST, DAST, SCA, Container Security, API Security and IaC tools across the enterprise Ability to perform code reviews with minimal assistance A self-starter, with a strong desire for learning new technologies and applying them to solve problems Expertise in monitoring, alerting, reporting, data analysis is desired. Experience with two or more of the application build environments like Jenkins, Gradle, Maven. Familiarity with public cloud services a plus Experience with two or more of the Secure SDLC tools like Github Advanced Security, Snyk, WhiteSource, Sonatype, X-Ray, Wiz. Experience with Threat Analysis. Experience with DevSecOps, Secure SDLC. DevOps container/orchestration tools (Kubernetes, Docker, Puppet, etc) is a plus Experience with evaluation, integration and onboard of application security tools is a plus What You Can Expect From Morgan Stanley We are committed to maintaining the first-class service and high standard of excellence that have defined Morgan Stanley for over 85 years. At our foundation are five core values — putting clients first, doing the right thing, leading with exceptional ideas, committing to diversity and inclusion, and giving back — that guide our more than 80,000 employees in 1,200 offices across 42 countries. At Morgan Stanley, you’ll find trusted colleagues, committed mentors and a culture that values diverse perspectives, individual intellect and cross-collaboration. We Firm is differentiated by the caliber of our diverse team. While our company culture and commitment to inclusion define our legacy and shape our future, helping to strengthen our business and bring value to clients around the world. Learn more about how we put this commitment to action: morganstanley.com/diversity. We are proud to support our employees and their families at every point along their work-life journey, offering some of the most attractive and comprehensive employee benefits and perks in the industry. We're committed to bringing passion and customer focus to the business. Certified Persons Regulatory Requirements If t his role is deemed a Certified role and may require the role holder to hold mandatory regulatory qualifications or the minimum qualifications to meet internal company benchmarks. Flexible work statement Interested in flexible working opportunities? Morgan Stanley empowers employees to have greater freedom of choice through flexible working arrangements. Speak to our recruitment team to find out more. Morgan Stanley is an equal opportunities employer. We work to provide a supportive and inclusive environment where all individuals can maximize their full potential. Our skilled and creative workforce is comprised of individuals drawn from a broad cross section of the global communities in which we operate and who reflect a variety of backgrounds, talents, perspectives, and experiences. Our strong commitment to a culture of inclusion is evident through our constant focus on recruiting, developing, and advancing individuals based on their skills and talents.

Glasgow, United Kingdom

On site

Full Time

26-02-2025

Company Name: Telefónica Tech
Job Title: Information Security Analyst – Level 3
Job Description: Company Description Telefónica Tech is a leading provider of innovative tech services for the B2B market with a worldwide presence and strategic hubs in Spain, Brazil, UK and Germany. The company helps leading brands and organisations across the UK and Ireland unlock the power of integrated technology for all businesses, bringing together in one place a unique combination of, the best people, with the best tech and the best platforms in a simplified manner, to make a real difference to every business, every day. We have an end-to-end portfolio of market leading services and develops integrated technology solutions to accelerate tech adoption through its two core divisions of Tech Cyber security & Cloud and Tech Intelligence of Things. The company has a diverse, highly trained and globally located talent pool of over 2000 employees and serves more than 5.5m customers every day with a service reach in 175 countries. Its dynamic partner ecosystem includes over 300 cutting edge businesses, as well as strategic agreements with all market leaders. Job Description This is a full-time role for a Level 3 Information Security Analyst to join a mature managed services Cyber team who manage the security posture of critical infrastructure and services under an ISO27001 and Cyber Essentials + certified managed service environment. You will be responsible for conducting Adversary Emulation which include penetration tests as well as red-teaming exercises for health care enterprises. This is a technical, hands-on role, and the successful candidate will be responsible for showcasing how an adversary can take advantage of vulnerable systems in an organization to get initial access to enterprise assets and then move laterally to widen the impact. They will also be responsible for providing very specific guidance to mitigate these security gaps/mis-configs/vulnerabilities. The successful candidate will be responsible for conducting Adversary emulation on various enterprise environments including but not limited to On-prem Infrastructure, Cloud, Web Apps, Non-Web Apps, IOT, Mobile Apps and Devices, Scada environments, etc. Skills & Experience: Extensive experience in conducting penetration tests for Applications, IT Infrastructure Services, Cloud, IOT, Scada, Network devices, Mobile Platforms, Hardware appliances, etc. Experience in planning and executing Whitebox, Blackbox, and Greybox penetration testing. Experience in planning and executing red teaming exercises including general reconnaissance, social engineering, breach simulations etc. Experience in conducting automated as well as manual penetration tests. Experience in conducting manual config reviews for Network devices, Servers, IOT devices, Applications etc. In depth understanding for general security principles. In depth understand of how security technologies like firewalls, EDR, SIEM, TVM operate in a coherent manner, and how to avoid unnecessary alerts while executing an Adversary Emulation exercise. Excellent communication, reporting, and presentation skills. Ability to plan, prioritise, be proactive and manage own workload. Understand up-to-date security threats and common exploits. Have an open attitude to sharing knowledge and information. Excellent analytical and problem-solving skills. Desire to learn new technologies. A motivated attitude to learn and challenge comfort zone. To keep up to date with the latest security and technology developments. Desirable Cyber security certification (e.g. OSCP, CRTO, OSCE, OSWP, etc). Scripting Experience. Additional Information Must have the right to live and work in the UK or Republic of Ireland. Due to our location, access to own transport is essential. Must meet Security Clearance requirements if this is a requirement of the role and any offer would be conditional upon the successful candidate passing BPSS which includes a criminal record check. We don’t believe hiring is a tick box exercise, so if you feel that you don’t match the job description 100%, but would still be a great fit for role, please get in touch.

Belfast, United Kingdom

On site

Full Time

26-02-2025