Rodeo
ResourcesPartnersSign in

First Circle

InfoSec Manager

London
Posted about 2 months ago
Sign up to applySee more jobs like this

How your CV stacks up

1Upload CV
2Analyse CV
3Improve CV

Upload your CV to see how well it fits this job role

?%

InfoSec Manager

About First Circle

First Circle is a fast-growing, profitable, credit-led SME NeoBank in the Philippines whose shareholders include the World Bank Group (IFC). Today, our Business Credit Line and Business Bank Accounts are used by thousands of SMEs to grow and run their business. Our product velocity has accelerated — in the next few months we’ll release SME Corporate Cards, Payroll, Invoices, and Solar Financing — redefining the SME NeoBank category through software, financial products, and exceptional risk models.

Our culture emphasises building, problem solving, ownership / responsibility, and personal & professional growth. We balance a collegiate atmosphere with free & direct communication which enables us to move very quickly and avoid politics or toxicity. Our team continues to level up quickly, necessary for business to compound more than 100% per year, which we achieve through individual growth and bar-raiser hiring.

This is a unique opportunity for a high growth individual to become the first dedicated security professional at a high-growth, regulated bank whose market leadership position lies in its technology.

You will define strategy, priorities, and our security operating model aligned to business goals – reporting to the VP Engineering and supported in your development by our world-class CISO Board advisor.

As the company continues to grow you’ll have unparalleled opportunities for career growth and to build out our infosec team around you.

Your First Year: Building Foundations

Your first year is about building foundations, addressing primary risks, and ensuring the bar you set is consistently upheld by the wider technology organisation:

  • ISO 27001 certified. You own the certification from scoping to audit pass.
  • Implement external pen test & remediation. Every finding closed or formally risk-accepted.
  • MSSP/SOC live and producing alerts we act on. SLAs measured monthly. Escalation path drilled at least twice.
  • Engineering development processes aligned with security. Embed secure-by-design principles into technology and product development, working closely with engineering and DevOps teams. Full audit trail.
  • Regulatory compliance. Design, implement, and maintain security policies, standards, and procedures aligned to global standards and local regulations: BSP circulars, EPFS and PPMI (payments) requirements, and PCI DSS scope.
  • Mitigate user & device threats. Define, assess, and upgrade the law of least privilege across users & devices. No unmanaged device touches production.
  • A risk register used monthly by the exec team and Board. Internal and external (eg. vendor, supply chain) risks. Tied to mitigation owners and dates.
  • Develop a strong culture & training practice. Phishing simulation, secure-coding standards, IR runbook drilled live at least once.
  • Tooling. Evaluate and implement security tools and technologies, optimising for a lean, scalable security stack. Oversee vulnerability management and remediation, ensuring regular scanning, prioritisation, and tracking of fixes.

Reasons to use Rodeo

I’m in my final year doing Economics and I don’t know whether to apply for grad schemes now or do a masters first. What do you think?

Honest answer — it depends on where you want to end up. A lot of top grad schemes (Big 4, civil service, banking) don’t need a masters. Let’s look at the ones you’d be competitive for now, and we can decide if a masters actually adds anything.

Also worth knowing: most autumn 2026 applications are open now. Timing matters more than you think.

Start with a chat, not a search bar

Grad scheme, placement, apprenticeship? Not sure what you want yet — that's fine. Your agent talks it through with you and turns "I have no idea" into a shortlist.

P

Graduate Consultant — 2026 Scheme

PwC·London, UK
£35,000/yr

Why you're a good match

Strong

Your economics background and your summer at a regional bank line up with what PwC looks for on the consulting scheme. Applications close in four weeks.

See breakdown
Save jobNot relevant
View details

It searches the market for you

Every day your agent scans the market matching roles against what actually matters to you, not just keywords on a CV.

Why you're a good match

You’ve got the grades and the economics background, and your bank internship is exactly the experience this scheme looks for. Apply soon — deadlines close within the month.

See breakdown
Strong

Experience fit

Your summer at the bank plus your econometrics coursework map directly to the day-one responsibilities on this scheme — client modelling, market briefings, and deal support.

See breakdown
Strong

Only hits

No noise. No "maybe this fits." Just roles with a clear explanation of why they're right — and where to focus when applying.

What You Own Steady State

  • The strategy and roadmap with the exec team and Board Risk Committee.
  • The MSSP relationship.
  • Incident response.
  • Vulnerability management.
  • Third-party risk — particularly card processors, payment rails, KYC providers.
  • BSP cybersecurity engagement and PCI DSS scope where it applies.
  • Security culture — making it easier to do the right thing than the wrong thing.

About You

  • You've built a security function before, hands-on. Not advised — built. At a regulated fintech, payments business or bank. Be ready to walk us through what was there when you arrived and what was there when you left.
  • You've led a Sev-1 from page to post-mortem. Tell us about one.
  • You've taken an organisation through ISO 27001 as the responsible owner, not a consultant on the sidelines.
  • You've stood up an MSSP — chosen the vendor, defined the use cases, tuned the alerts, fired one when it underperformed.
  • You've written IAM policy that survived contact with real engineers. Azure-native (that's our stack).
  • You're hands-on enough to read Terraform, open a PR, and debug events. If your last line of code was 5+ years ago, this isn't your role.
  • Certifications — CISSP, CISM, CRISC, or ISO 27001 Lead Implementer/Auditor are useful signals. They're a tiebreaker, not the bar.

Get help with your application

Your very own career expert that helps elevate your application to the next level.

Get help applying for this job

What This Role Is Not

  • Not a CISO inheriting a team — you'll build it. Year 1 you may have one or two hires.
  • Not a paper-driven compliance role — we expect you in the codebase, in the cloud console, on the on-call rotation when it matters.
  • Not for someone who needs a clean SOC 2 starting point. We're earlier than that, by design, and moving fast.

What We Offer

  • No fixed budget for this role, we hire globally and adjust offers based on experience and market rate.
  • Equity ownership in a 150%+ growing, profitable NeoBank with a market which supports a business 50-100x today’s size.
  • Flexibility around working hours and location. The role can be worked remotely, with the option to work from one of our offices in London, Manila, Singapore, Hong Kong & Belgrade.
  • Macbooks, private health insurance, training budgets and more!
  • Periodic travel to HQ in Southeast Asia.
Trusted by 25,000+ job seekers

“It took my CV and asked me questions relevant to understanding what kind of jobs to suggest for me. Suggestions were almost perfect. Jobs were exactly what I’ve been looking for.”

Jessica, London

Get help applying for this job

Skills

Information Security Strategy
ISO 27001 Certification
Vulnerability Management
Incident Response
Azure
Terraform
IAM Policy
Risk Management
PCI DSS Compliance
MSSP Management
Secure-by-Design
Regulatory Compliance

Location

London, England, United Kingdom

Sign up to applySee more jobs like this