Security Risk Specialist

Sling aims to create a world where sending and receiving money is effortless. The app allows users to pay people, not numbers - no account numbers, IBAN or sort code needed, all you need is the recipient's name to send them money. The app leverages blockchain technology to allow for almost instant money transfers in any currency for a negligible fee. Sling is available in 50+ countries and is available in the Android and iOS app stores. Sling is a product by Avian Labs, Inc.

Sling Money are seeking a highly skilled individual to lead the operational resilience, cybersecurity, data and privacy risk management strategies and implementation, in line with DORA, GDPR, and global privacy and security regulations. This is an exciting new role in an industry in its infancy. This role is essential to ensure our ICT infrastructure is resilient, compliant, and able to protect customer data across multiple jurisdictions.

• Operational Resilience:
  • Implement the operational resilience strategy ensuring the availability and recovery of ICT services in compliance with DORA.
  • Design and implement advanced digital operational resilience testing programs, automation, stress testing, including threat-led penetration testing, vulnerability assessments, and scenario-based testing.
• Data & Privacy Compliance:
  • Data Protection Management: Ensure that ICT systems and processes comply with GDPR, CCPA, and other relevant privacy laws, including ensuring privacy-by-design in system architecture and processes.
  • Data Breach Management: Oversee the incident management process for data breaches, ensuring that breaches are detected, contained, mitigated, risk assessed, reported and notified, and resolved within breach reporting windows.
• Business Impact Assessment: Conduct regular Business Impact Assessments and manage Privacy Risk Assessments to ensure compliance with GDPR and mitigate data privacy risks.
• Penetration & Vulnerability Testing: Lead and manage continuous penetration testing (incorporating threat-led penetration testing techniques, simulations of advance cyber-attacks) and vulnerability assessments to identify and mitigate risks in our ICT systems, particularly in the crypto and payments environments (including third party providers).
• Cybersecurity Oversight:
  • Manage the implementation of cybersecurity controls, including encryption, secure access management, and monitoring systems to safeguard customer data from unauthorized access or cyberattacks.
  • Establish security KPIs and reporting mechanisms that provide clear visibility into the organization's security posture.
• Incident Response & Recovery:
  • Lead the ICT incident response team, with a focus on security and privacy-related incidents, ensuring the timely resolution of security vulnerabilities in line with GDPR and operational resilience standards.
  • Planning, implementing and managing incident response and business continuity programs, including regular drills and simulations.

• Experience: 7+ years in ICT risk management, cybersecurity, product engineering and data privacy within fintech, crypto, or payments sectors.
• Privacy Expertise: Strong understanding of GDPR, CCPA, and global privacy regulations, including the ability to manage data breach incidents and risk assessments.
• Operational Resilience: Proven experience in implementing resilience testing, penetration testing, and disaster recovery simulations to ensure compliance with DORA and other operational resilience frameworks.
• Technical Skills: Expertise in data encryption, AWS, GCP, Terraform/Pulumi, infra as code.
• Education: Bachelor's or Master's in Information Security, Data Privacy, Risk Management, or a related field. Certifications such as CIPP/E, CISM, CISSP, or CISA are highly preferred.
• Strong understanding of crypto infrastructure, blockchain technologies, and data protection challenges would be ideal.
• Certifications such as CISM, CRISC, CISSP, CGRC, OSCP, and CIPP/E (Certified Information Privacy Professional/Europe) are highly desirable.

• Competitive salary and equity package.
• Opportunity to be a core part of a fast-growing fintech startup.
• Collaborative and innovative work environment with autonomy.
• Free lunch in the office and flexible working arrangements.
• Professional growth opportunities, team offsites, and events.