Group Head of Security

Who are we?

CFI Financial Group is an award-winning trading provider, possessing more than 25 years of experience with multiple offices around the world including London, Larnaca, Beirut, Amman, Dubai, Kuwait, Port Louis, and others.

Check out more about CFI here.

CFI is hiring! Make your mark in the online trading industry.

Are you looking to pursue a career in finance? Do you want to work with a dynamic and growing team in the exciting world of online trading and investing? If you answered yes, then we have some amazing opportunities for you!

Description:

We’re seeking a Head of Security to lead and develop our cybersecurity function as an independent structure reporting directly to the CEO. This role requires a unique blend of offensive security expertise, hands-on engineering background, and the ability to implement pragmatic security controls that guard rather than block business velocity. You’ll work closely with the CTO and technology teams to build security into our delivery pipeline while preparing the organization for regulatory compliance in financial services.

Key Responsibilities:

• Build security frameworks based on ISO 27001, NIST CSF, CIS Controls, and SOC 2, Ensure compliance with DORA, EBA Guidelines, ISO 27001
• Implement information security governance structure, policies, and risk management processes
• Establish and maintain security metrics, KPIs, and reporting for executive leadership
• Secure Perimeter & Infrastructure Protection -Design and implement network segmentation and secure perimeter architecture
• Collaborate with development teams to establish secure SDLC practices: Integrate security into CI/CD pipelines with automated quality gates (SAST, DAST, SCA, container scanning, aplication security tools)
• Conduct penetration testing and API security assesments using Kali Linux, Metasploit, Burp Suite, and other offensive security tools
• Provide hands-on remediation guidance that developers can implement

Requirements:

• Required Certifications (minimum 2):

Offensive Security ( OSCP, OSCE, GPEN, or CEH), Security Management (CISSP or CISM),

Cloud Security (CCSP, AWS Security Specialty, or Azure Security Engineer), Audit (CISA)

• 8+ years in information security roles
• 3+ years in security leadership positions
• Mandatory: Experience in regulated financial services (banking, brokerage, payments, fintech)
• Hands-on penetration testing and vulnerability assessment experience
• Development or DevOps background with practical coding experience
• Successfully implemented DevSecOps practices and security automation
• Experience with regulatory audits and compliance assessments

Required Technical Skills:

• Offensive security tools: Kali Linux, Metasploit, Burp Suite, Nmap, Wireshark, SQLMap
• Programming: Proficient in Python (prefferable) or atl least one other language
• Scripting: Mandatory proficiency in Bash, Zsh, and PowerShell
• Pragmatic security mindset: Balance security with business enablement
• Collaborative leadership: Build trust with engineering teams
• Strong communication: Translate security risks into business impact

Nice to Have:

• Experience with trading platforms, payment systems, or financial infrastructure
• Knowledge of AI/ML/LLM security considerations
• Familiarity with MT5, trading APIs, payment processing systems

Why join CFI?

· We’re a fast-growing, multinational company

· Competitive salaries and benefits

· Work and learn with industry professions

· Supportive and collaborative environment

· Unlimited opportunities for growth and development