Security Engineering & Operations Manager

Overview We are currently looking for a strategic Security Engineering & Ops Manager to lead our security operations and engineering functions. This role combines hands-on security expertise with leadership responsibilities across people, process, and technology in a high-growth, cloud-native fintech environment.

You will be responsible for managing a blended team of Security Engineers and Security Operations Analysts. Together, your team will ensure the secure design, operation, and monitoring of our platforms. You will drive the evolution of our DevSecOps practices, oversee core security operations capabilities, and maintain compliance with industry security standards.

This is both a technical and leadership role with authority to shape the security roadmap, define standards, and improve our security maturity in alignment with business objectives.

Day to day Line-manage a cross-functional team of Security Engineers and Security Operations Analysts.

Set team OKRs, manage performance, and foster individual professional development.

Create a collaborative, high-trust environment that values learning and continuous improvement.

Responsibilities Security Engineering (DevSecOps & AppSec) Oversee secure software development lifecycle (SDLC) practices, including design reviews, threat modelling, and code scanning.

Ensure security is embedded in CI / CD pipelines through integration of SAST, DAST, SCA, and secrets scanning tools.

Govern encryption, key management, and data protection mechanisms across the business.

Provide security guidance on cloud infrastructure (primarily GCP), Kubernetes environments, and application architecture.

Security Operations Manage cyber events and incident response playbooks and escalation processes.

Oversee vulnerability management and ensure effective remediation practices across cloud, containers, applications and infrastructure.

Maintain and monitor endpoint security, SIEM, privileged access (PAM), and jumpbox services.

Process & Compliance Lead security control implementation and validation aligned with ISO 27001 and NIST CSF.

Manage CMDB accuracy and asset inventory in collaboration with IT and engineering teams.

Oversee security awareness campaigns and phishing simulation programs.

Technology Ownership Serve as product owner for the security tooling stack, including EDR, SIEM, SCA, PAM, CSPM, and encryption services.

Evaluate emerging technologies, drive proofs of concept, and define tool selection criteria.

Define and track security KPIs and metrics, integrated into dashboards and reporting platforms.

Strategy & Roadmap Develop and maintain a forward-looking 18–24 month roadmap for security engineering and operations.

Align roadmap with business priorities, security risks, and emerging threats.

Present roadmap, metrics, and risks to senior stakeholders and executive leadership.

Stakeholder Engagement Collaborate with engineering, architecture, product management, and data teams to embed security by design.

Work closely with compliance, risk, and audit partners to support security assessments and audits.

Communicate risk reduction, security posture, and improvement initiatives to technical and non-technical audiences.

What we’re looking for from you Enterprise experience of cyber security with at least 2 years in a team leadership role

Proven experience implementing DevSecOps practices in modern CI / CD environments

Hands-on experience with security tooling for code scanning, cloud security, EDR, SIEM, or PAM

Familiarity with ISO 27001, SOC 2, or NIST CSF frameworks

Demonstrated success in building and executing a security roadmap

Strong communication and stakeholder management skills across technical and executive audiences

Participate in an on-call rota (typically every 4 to 6 weeks) providing out-of-hours support for critical incidents only – covering weekdays from 5pm to 8am and 24 / 7 at weekends; non-critical issues are handled during standard office hours

Bachelor’s degree in Cyber Security, Computer Science, or a related field (or equivalent experience)

Preferred certifications include :

CISSP, CISM, CCSP, or CSSLP

Google Cloud Security Engineer or other cloud provider certifications

DevSecOps or Kubernetes security certifications (e.g., KCNA, CKS)

Non-essential but desirable

Experience in fintech or a regulated industry (e.g., PCI DSS, DORA, PSD2).

Working knowledge of Kubernetes security and infrastructure-as-code security practices.

Experience with threat modelling methodologies such as STRIDE or PASTA.

Familiarity with integrating security metrics into developer experience platforms (e.g., Atlassian Compass).

What we offer you 25 days holiday + Bank Holidays

Pension Scheme

Private Healthcare

My Learning Pocket

Referral Scheme

Work from Anywhere

Volunteering days

Bitcoin Programme

Spanish Language Classes

Gym membership - Spain only currently

Holiday buying- UK only currently

3-day onsite hybrid working model

Referrals increase your chances of interviewing at Clavium by 2x.

Interview Process Our interview process consists of; a short call with our internal talent team, followed by a 1- hour technical interview, 1- hour competency interview and finally a 30 minute call with our function leader. Our talent team will be there to give guidance and support you through the process.

Seniority level Not Applicable

Employment type Other

Job function Management and Manufacturing

Industries Software Development

#J-18808-Ljbffr