Head of Information Security

XTX Markets is a leading algorithmic trading company partnering with counterparties, exchanges and e-trading venues globally to provide liquidity in the Equity, FX, Fixed Income, and Commodity markets. We provide consistent liquidity, helping market participants throughout the world obtain the best prices in the various assets classes we cover, regardless of changing market conditions.

At XTX Markets technology is our business and we are a diverse organisation which attracts outstanding talent from across all industry backgrounds. We are focused on teamwork and our people collaborate on all aspects of the business, working openly and with respect for each other, our clients and the market. Our culture is non-hierarchical and one where everyone is valued. We strive for excellence in everything we do.

XTX is looking for a Head of Information Security to lead XTX’s Information Security Program.

The XTX Information Security Program is designed to ensure the firm is able to identify information security risks, protect the firm against attacks, detect and respond to cybersecurity events, recover from any incident.

Led by the Head of Information Security, the Information Security Team engages closely with teams across XTX, and provides complementary expertise, support, monitoring, and challenge related to the management of Information Security risk, including: 

• Ownership of the firm’s Information Security Risk Framework and associated policies, ensuring XTX has a best-in-class security posture that meets all relevant regulatory requirements.
• Lead on technical tools to proactively detect and respond to weaknesses, threats and compromise.
• Understanding the people, data, systems and processes of a global algorithmic trading firm, and the threats that could arise to the business.
• Partnering with development teams to provide expert analysis and ensure information security-focused development delivers on the key information security goals of the business.
• Working with external service providers, partners, and counterparties to ensure that new and existing relationships continue to meet necessary information security standards for XTX.  
• Achieving key information security risk management objectives, such as: compliance with laws, regulations, and acceptable ethical behaviour; strong internal controls, including the safeguarding of personal information under GDPR
• Key contact to interface with global clients, partners, service providers, and regulators on matters related to information security.
• Leading the conversation and culture on the development, implementation, and continuous improvement of information security practices from low-level to high-level across all teams in a highly technical firm, from day-to-day SDLC to longer-term architectural changes.

The team ensures the adequacy and effectiveness of XTX’s information security posture and framework, working with various internal and external stakeholders including the firm’s management and governance bodies, as well as regulatory bodies. 

XTX is a technical firm and the Head of Information Security will be expected to develop code and data analytics in a collaborative environment on a day-to-day basis.  

• Understanding the security requirements of a leading global algorithmic trading firm.
• Lead a focused team, prioritising work and agreeing key information security goals for the wider business. 
• Owning and maintaining the firm’s Information Security Risk Framework.
• Collaborate with technical stakeholders across the firm as various teams improve all aspects of XTX’s information security posture.
• Perform technical security assessments, penetration tests, code audits, and design reviews, utilising third-party resource where appropriate. 
• Design controls and improvements to sharpen XTX’s capabilities to defend against attack, in close cooperation with the teams responsible for implementing them.
• Utilise deep understanding in software engineering and its processes to advocate for secure engineering practices throughout XTX Markets.
• Information security risk assessment of third-party service providers, partners, and counterparties.
• Communicate key concepts both to highly technical engineers, and to less-technical team members.  Ownership the firm’s Information Security training program for new staff, with regular updates.
• Prepare and present and information regarding the firm’s information security program to: internal governance stakeholders including boards and other committees, and external stakeholders such as clients, partners, and global regulators and counterparties undertaking due diligence on XTX.

• Experience in driving forward an Information Security Program in a regulated financial institution.
• 10+ years of relevant, practical work experience in a technical security role.
• Ability to assess risk profiles and propose effective strategies to strengthen Information Security both at a technical and at organisational levels.
• Ability to collaborate constructively with various team on proposals to enhance Information Security.
• Strong communication skills: both written and verbal.   
• Knowledge of: 
  • Common information-security requirements set by financial markets regulators and associated certifications.
  • Security fundamentals, common vulnerability classes, attack patterns and root-cause analysis.
  • Computer Science fundamentals (operating systems, data structures, algorithms, networking, etc).
  • Data Management of information security assets.
• Ability to perform design reviews and/or technical assessments of software and infrastructure.
• Solid programming and data analytics skills in a collaborative coding environment (no specific language requirement).

• Offensive security mindset and bug hunting skills
• Related development experience in a security monitoring, security testing, security response, vulnerability research, cryptography engineering or other security role.

APPLY HERE