FNZ Group
We provide a global, end-to-end wealth management platform that integrates technology, business & investment operations all in a regulated financial institution.
At FNZ, our purpose is to make wealth management more accessible, bringing easier, fairer, and more inclusive solutions to people worldwide. Here in the Global Cyber & Information Security team, we are on a mission to embed cyber resilience across FNZ, protecting the platforms that support investment solutions for over 20 million people.
We are looking for a lead Penetration Tester, reporting within the Cyber Resilience and Operations function. You will be responsible for the creation and oversight of a new penetration security testing service that will provide greater coverage of security testing of our infrastructure, applications, mobile devices, cloud platforms, and endpoints that support regulatory, client, and threat-led requirements. The service will use a mix of internal resources and 3rd parties.
Specific Role Responsibilities
1. Offer global vulnerability assessment and penetration testing services, detecting system weaknesses and making recommendations for mitigation.
2. Design and perform penetration tests to simulate cyber-attacks with integration of threat and incidents into penetration testing priorities.
3. Document findings including detailed reports on test results.
4. Develop and engineer penetration testing services, including automation scripts.
5. Train colleagues on penetration testing techniques; providing oversight of penetration testing results.
6. Maintain security testing operating procedures.
7. Support in the delivery of initiatives to mature security controls, services, and processes.
8. Support in the delivery of the Information Security strategy.
9. Support in the creation and delivery of security reporting and MI.
10. Support in the development and delivery of consistent global services that enable delivery of the business goals.
Experience Required
1. Proven technical knowledge of web applications, applications, and infrastructure components e.g., cloud platforms, mobile devices, networks, and infrastructure endpoints.
2. Deep exploit and vulnerability knowledge beyond automated approaches.
3. Scripting and coding skills.
4. Strong operating system understanding and understanding of network protocols.
5. Good knowledge of the practical implementation of information security and risk frameworks such as NIST CSF, ISO27001, NIST 800-53, and COBIT, and good knowledge of auditing frameworks such as ISAE3402 and SOC2.
6. Experience in developing and managing formal security documents.
7. Proven ability to manage internal stakeholders through a journey of improving information security maturity.
8. Good ability to communicate information security and risk concepts to stakeholders at all levels.
Our culture is what drives us. It's at the heart of who we are and everything we do. It's what inspires, excites, and moves us forward. Our ambition is to create a culture for growth, one that opens up limitless opportunities for our employees, customers, and the wider world. At FNZ we know that great impact is only possible with great teamwork.
At FNZ, we recognize that diversity, equity, and inclusion are important factors contributing to our success. We embrace the unique perspective and capabilities of our current and future employees, which will help us continue to drive innovation and achieve our business goals. Recruitment decisions at FNZ are made in a non-discriminatory manner without regard to gender, ethnicity/race, faith, age, nationality, gender identity, sexual orientation, marital status, socio-economic background, disability, or military veteran status where all applicants and employees are valued and respected.
In addition, we want to ensure accessibility needs are well supported; if you require specific support, please advise us.
#J-18808-Ljbffr