Wealth Dynamix
Information Security & Data Privacy Manager - Fintech - Hybrid

How your CV stacks up
Upload your CV to see how well it fits this job role
?%
Information Security & Data Privacy Manager - Fintech - Hybrid
Calling highly motivated, bright candidates who are looking for a career at an exciting award-winning FinTech firm!
Company: Wealth Dynamix
Role: Information Security & Data Privacy Manager
Location: London
Start Date: August 2026
Would you like to join one of the fastest-growing FinTech firms in Europe? We are looking for an analytical self-starter with experience in product-focused software delivery. If you are passionate about digital transformation and keen to learn about delivering the market-leading Client Lifecycle Managing solution to the Wealth Management industry, apply now!
Who are we?
Wealth Dynamix helps to relieve the burden of client management issues for wealth management and private banking firms with innovative technology. We provide Relationship Managers with a multi-award-winning digital Client Lifecycle Management (CLM) platform, offering 360-degree access to their client. We are a global leader in end-to-end CLM, Wealth Dynamix has offices and clients in three continents with headquarters in the UK.
What is the role?
The role is accountable for defining, operating, and evidencing the information security governance framework. Technology and Engineering teams remain responsible for implementing and operating technical controls, subject to oversight, assurance, and challenge from the Information Security function.
Purpose of Role
The Information Security Manager owns the company’s information security governance, risk, and compliance programme, including the ISMS, client security assurance, security policy framework, incident governance, supplier security assurance, and security reporting. The role works closely with Technology, Product, Operations, Legal, and senior leadership to ensure the company’s products, services, and operations meet internal, regulatory, contractual, and client security expectations.
The role provides security input into privacy compliance activities and works with the DPO on UK GDPR and EU GDPR obligations, DPIAs, data protection by design, and incident response. The role is not the statutory DPO unless separately appointed. The role reports to the COO and ultimately to the WDX Board.
Responsibilities
ISMS & IS Programme
- Maintain and continuously improve the Information Security Management System, firmwide information security programme, security policies, certifications, and control framework, aligned to ISO 27001, SOC 2, DORA-related customer obligations, applicable financial services expectations, and Crédit Agricole Group requirements.
- Partner with Product, Engineering, and Technology teams to embed security into the software development lifecycle, including secure design reviews, threat modelling, secure coding standards, dependency scanning, SAST/DAST tooling, secrets management, application/API penetration testing, vulnerability remediation tracking, and release security governance.
- Support DORA-related client and contractual obligations for EU financial services customers, including ICT risk management evidence, incident response and notification processes, resilience testing, ICT third-party risk controls, subcontractor oversight, exit planning, and audit evidence.
- Provide security governance over cloud and SaaS environments, including identity and access management, logging and monitoring, encryption, key management, backup, tenant segregation, environment segregation, secure configuration, and cloud security posture management.
- Own and test the security incident response framework, including severity classification, escalation, communications, evidence preservation, lessons learned, and remediation tracking.
- Support Legal and Sales teams in reviewing client and supplier contract clauses relating to information security, privacy, audit rights, incident notification, resilience, subcontracting, and data protection.
Reasons to use Rodeo
I’m in my final year doing Economics and I don’t know whether to apply for grad schemes now or do a masters first. What do you think?
Honest answer — it depends on where you want to end up. A lot of top grad schemes (Big 4, civil service, banking) don’t need a masters. Let’s look at the ones you’d be competitive for now, and we can decide if a masters actually adds anything.
Also worth knowing: most autumn 2026 applications are open now. Timing matters more than you think.
Start with a chat, not a search bar
Grad scheme, placement, apprenticeship? Not sure what you want yet — that's fine. Your agent talks it through with you and turns "I have no idea" into a shortlist.
Graduate Consultant — 2026 Scheme
Why you're a good match
StrongYour economics background and your summer at a regional bank line up with what PwC looks for on the consulting scheme. Applications close in four weeks.
See breakdownIt searches the market for you
Every day your agent scans the market matching roles against what actually matters to you, not just keywords on a CV.
Why you're a good match
You’ve got the grades and the economics background, and your bank internship is exactly the experience this scheme looks for. Apply soon — deadlines close within the month.
Experience fit
Your summer at the bank plus your econometrics coursework map directly to the day-one responsibilities on this scheme — client modelling, market briefings, and deal support.
Only hits
No noise. No "maybe this fits." Just roles with a clear explanation of why they're right — and where to focus when applying.
Audit & Budgets
- Coordinate internal, external, client, and certification audits, including audit planning, evidence collection, stakeholder coordination, findings remediation, and management reporting.
- Manage the information security budget, including security tooling, external assurance, certifications, training, and specialist advisory support, in line with agreed financial controls.
- Operate a risk-based third-party security assurance framework covering supplier onboarding, periodic reassessment, critical supplier classification, contractual security controls, subcontractor/sub-processor oversight, supplier incident monitoring, and exit arrangements.
- Own the client security assurance process, including security questionnaires, RFP/RFI responses, client audits, evidence packs, ISO 27001/SOC 2 artefacts, penetration test summaries, contractual security schedules, and remediation tracking.
Security Awareness & Planning
- Plan and maintain the annual security roadmap for the company.
- Determine whether emerging technology or market trends pose a security risk to the company.
- Provide quarterly security updates to the Board, including risk posture, material vulnerabilities, incident trends, control maturity, and alignment to risk appetite.
- Provide monthly updates to the Executive Committee on security roadmap delivery, key risks, incidents, audit actions, supplier risks, and control performance.
- Provide security awareness training to employees to help them identify potential threats and understand how to protect themselves from harm.
- Support the Board and Executive Committee in understanding cyber risk, regulatory expectations, risk appetite, material control gaps, and their governance responsibilities.
Others
- Undertake any such duties required to continuously improve the Company Information Security Management System and set high standards and levels of compliance related to Information Security.
- Develop and report security KPIs/KRIs, including vulnerability remediation, patch compliance, access review completion, audit action closure, supplier assurance status, incident trends, phishing performance, training completion, and control exceptions.
- Partner with Technology and Operations to maintain and evidence business continuity, disaster recovery, and digital operational resilience controls, including dependency mapping, backup/restore testing, RTO/RPO validation, and remediation tracking.


Get help with your application
Your very own career expert that helps elevate your application to the next level.
Why should you apply?
This is a fantastic opportunity to work in a growing FinTech environment with excellent career progression available. With a global client base, the role offers an opportunity to experience a wide variety of digital transformation projects – each with their own unique requirements and opportunities. We take career progression seriously, with investment into the WDX Academy for new and existing employee learning and development. You will learn a lot with exposure to multiple complex client needs.
Who is best suited to this role?
Essential
- Demonstrable experience owning or materially operating an ISO 27001-aligned or certified ISMS.
- Experience supporting SOC 2, client security assurance, external audits, or certification evidence processes.
- Strong understanding of information security risk management, control assessment, risk treatment, and governance reporting.
- Experience coordinating security incident response governance, including escalation, communications, and remediation tracking.
- Experience operating or improving supplier security assurance and third-party risk processes.
- Ability to report security risks, control performance, and remediation priorities to senior stakeholders, including ExCo or Board-level audiences.
- Experience in a SaaS, fintech, financial services, regulated technology, or B2B enterprise software environment.
Desirable
- Exposure to DORA, FCA operational resilience, outsourcing/third-party risk, or financial services client assurance requirements.
- Experience with Microsoft Dynamics, Azure security, SaaS platforms, or Microsoft cloud security controls.
- Working knowledge of UK GDPR/EU GDPR and privacy-by-design principles.
- Familiarity with secure SDLC, application security testing, DevSecOps, or product security governance.
Qualifications
- Relevant professional certification such as CISSP, CISM, CISA, CRISC, ISO 27001 Lead Implementer/Lead Auditor, or equivalent experience.
- Degree in cybersecurity, computer science, risk management, or a related discipline, or equivalent practical experience.
We believe we offer career-defining opportunities and are on a journey that will build awesome memories in a diverse and inclusive culture. If you are looking for more than just a job, get in touch.
“It took my CV and asked me questions relevant to understanding what kind of jobs to suggest for me. Suggestions were almost perfect. Jobs were exactly what I’ve been looking for.”
Jessica, London
Skills
Location