We don't wait for the future—we build it. We are Clavium.
Clavium is a developer-centric, tech-forward company dedicated to solving complex problems in the blockchain space. By harnessing advanced technologies, we build tools and capabilities that enable individuals to securely manage their digital assets. We foster a culture of innovation and constant challenge, empowering our team to grow, experiment, and drive impactful solutions.
We are currently looking for a strategic Security Engineering & Ops Manager to lead our security operations and engineering functions. This role combines hands-on security expertise with leadership responsibilities across people, process, and technology in a high-growth, cloud-native fintech environment.
You will be responsible for managing a blended team of Security Engineers and Security Operations Analysts. Together, your team will ensure the secure design, operation, and monitoring of our platforms. You will drive the evolution of our DevSecOps practices, oversee core security operations capabilities, and maintain compliance with industry security standards.
This is both a technical and leadership role with authority to shape the security roadmap, define standards, and improve our security maturity in alignment with business objectives.
Day to day:
- People Leadership
Line-manage a cross-functional team of Security Engineers and Security Operations Analysts.
Set team OKRs, manage performance, and foster individual professional development.
Create a collaborative, high-trust environment that values learning and continuous improvement.
- Security Engineering (DevSecOps & AppSec)
Oversee secure software development lifecycle (SDLC) practices, including design reviews, threat modelling, and code scanning.
Ensure security is embedded in CI/CD pipelines through integration of SAST, DAST, SCA, and secrets scanning tools.
Govern encryption, key management, and data protection mechanisms across the business.
Provide security guidance on cloud infrastructure (primarily GCP), Kubernetes environments, and application architecture.
- Security Operations
Manage cyber events and incident response playbooks and escalation processes.
Oversee vulnerability management and ensure effective remediation practices across cloud, containers, applications and infrastructure.
Maintain and monitor endpoint security, SIEM, privileged access (PAM), and jumpbox services.
- Process & Compliance
Lead security control implementation and validation aligned with ISO 27001 and NIST CSF.
Manage CMDB accuracy and asset inventory in collaboration with IT and engineering teams.
Oversee security awareness campaigns and phishing simulation programs.
- Technology Ownership
Serve as product owner for the security tooling stack, including EDR, SIEM, SCA, PAM, CSPM, and encryption services.
Evaluate emerging technologies, drive proofs of concept, and define tool selection criteria.
Define and track security KPIs and metrics, integrated into dashboards and reporting platforms.
- Strategy & Roadmap
Develop and maintain a forward-looking 18–24 month roadmap for security engineering and operations.
Align roadmap with business priorities, security risks, and emerging threats.
Present roadmap, metrics, and risks to senior stakeholders and executive leadership.
- Stakeholder Engagement
Collaborate with engineering, architecture, product management, and data teams to embed security by design.
Work closely with compliance, risk, and audit partners to support security assessments and audits.
Communicate risk reduction, security posture, and improvement initiatives to technical and non-technical audiences.
What we’re looking for from you:
Enterprise experience of cyber security experience with at least 2 years in a team leadership role
Proven experience implementing DevSecOps practices in modern CI/CD environments.
Hands-on experience with security tooling for code scanning, cloud security, EDR, SIEM, or PAM.
Familiarity with ISO 27001, SOC 2, or NIST CSF frameworks.
Demonstrated success in building and executing a security roadmap.
Strong communication and stakeholder management skills across technical and executive audiences.
Bachelor’s degree in Cyber Security, Computer Science, or a related field (or equivalent experience).
- Preferred certifications include:
CISSP, CISM, CCSP, or CSSLP
Google Cloud Security Engineer or other cloud provider certifications
DevSecOps or Kubernetes security certifications (e.g., KCNA, CKS)
Non- essential but desirable:
Experience in fintech or a regulated industry (e.g., PCI DSS, DORA, PSD2).
Working knowledge of Kubernetes security and infrastructure-as-code security practices.
Experience with threat modelling methodologies such as STRIDE or PASTA.
Familiarity with integrating security metrics into developer experience platforms (e.g., Atlassian Compass).
What we offer you:
25 days holiday + Bank Holidays
Pension Scheme
Private Healthcare
My Learning Pocket
Referral Scheme
Work from Anywhere
Volunteering days
Bitcoin Programme
Spanish Language Classes
Gym membership - Spain only currently
Holiday buying- UK only currently
3-day onsite hybrid working model
