About Us:

The FT has an uncompromising mission: delivering independent, quality information, news and services to individuals and companies around the globe. It’s the cornerstone of our reputation and the heart of our ambitions for the future. But for our people, the FT offers so much more than what we do. FT people come from all kinds of backgrounds and work across a huge range of disciplines and locations, and find empowering, warm and welcoming culture that values curiosity and rewards smart, ambitious thinking. Those who are willing to unite around our mission and live our values will find plenty to challenge, inspire and interest them. Like the audiences we serve, no two FT people are the same; but together we help our audience be better informed and understand the world around them. It’s a job that’s never mattered more, and a career that can take you anywhere you want to go.

Our commitment to diversity and inclusion in the workplace:

At the FT, we give all employees a voice so that diverse perspectives are heard and valued. We believe that a supportive workplace is one where employees feel they can be themselves at work. We'll continue to remove barriers for all, and in particular barriers facing employees from underrepresented groups.

About the role:

The Information Security Manager will be responsible for leading and coordinating information security governance, risk, and compliance activities across assigned business areas. The role will provide oversight of security controls, regulatory alignment, risk management, and stakeholder engagement, ensuring that information security practices support business strategy and global standards.

The position will be based in Manila and work closely with UK and international stakeholders.

Key responsibilities:

Information Security Governance & Risk Management

• Lead the implementation and oversight of information security policies, standards, and control frameworks, with reference to recognised industry standards/frameworks (e.g., ISO 27001, NIST CSF).
• Ensure alignment between business objectives and security, privacy, and regulatory requirements.
• Identify, assess, and manage information security risks, providing clear reporting and escalation where required.
• Support regional and global risk management processes, including risk register maintenance and remediation tracking.

Compliance & Control Assurance

• Oversee control assurance activities across systems and applications, ensuring appropriate security controls are implemented and operating effectively.
• Coordinate internal and external audit engagements, including preparation, evidence gathering, and remediation management.
• Maintain oversight of compliance-related system inventories and documentation.
• Track and report on remediation activities to ensure closure within agreed timelines.

Security Oversight of Systems & Data

• Collaborate with IT and business teams to maintain accurate data inventories and system documentation.
• Ensure appropriate data protection, classification, and handling practices are embedded in operational processes.
• Provide guidance on secure system design, implementation, and change management activities.

Stakeholder Engagement & Advisory

• Act as a trusted security advisor to regional business and technology stakeholders.
• Communicate security risks, control gaps, and compliance issues clearly to technical and non-technical audiences.
• Support business initiatives by providing security input during project planning and delivery.

Incident & Issue Management

• Support investigation and management of security incidents from a governance and compliance perspective.
• Ensure lessons learned and control improvements are captured and implemented.
• Escalate material risks or control failures appropriately.

Continuous Improvement

• Drive improvements in security processes, documentation, and assurance activities.
• Monitor regulatory and threat landscape developments relevant to the organisation and region.
• Contribute to the maturity and evolution of the information security programme.

Analytical & Reporting Capabilities

• Experience building executive-ready risk dashboards and metrics.
• Ability to translate technical findings into business risk narratives.
• Comfort working with structured reporting and KPIs/KRIs.

Standards, Frameworks & Assurance

• Working knowledge of additional frameworks (e.g., CIS Controls, COBIT, SOC 2, PCI DSS where relevant).
• Experience with PCI DSS compliance in  media, financial, or global organisations.
• Experience with Information Security Supply chain assurance life cycle design and implementation
• Familiarity with control testing methodologies and evidence-based assurance practices.

Scope & Seniority Indicators

• Operates with a high degree of autonomy.
• Responsible for regional coordination (Manila/APAC time zone alignment).
• Engages directly with senior technology and business stakeholders.
• Accountable for risk visibility and control assurance across defined domains.

Desirable:

• Exposure to GRC platforms (e.g., Archer, ServiceNow GRC, OneTrust, MetricStream or similar).
• Exposure to GRC Engineering tooling and practices.
• Foundational understanding of cloud security concepts (e.g., AWS/Azure control models).
• Understanding of data protection regulations (e.g., GDPR) and data lifecycle management.
• Experience supporting ISO 27001 certification or surveillance audits.
• Experience with regulatory environments relevant to media, financial, or global organisations.

What’s in it for you? Our Benefits:

Our benefits vary depending on location, but we are committed to providing best in class perks across all our offices as well as an inclusive environment to develop your career. Examples of our benefits include; generous annual leaves, flexible working (including working from home), health coverage (medical & dental), and company match and enhanced family leave packages. Full details of our benefits can be found here. 

Further Information:

The FT is committed to providing an inclusive working environment for all. We are an equal opportunities employer who seeks to recruit and appoint the best talent regardless of age, gender, ethnicity, disability, sexual orientation, gender identity, socio-economic background, religion and/or belief. We also promote flexible working and will consider specific requests around flexibility for all roles where it can be accommodated. Please let us know if you require any adjustments as part of the application process or to enable you to attend an interview. If you would like to discuss your requirements, or have any questions, please contact a member of our HR team who will be happy to help.

About Us

The Financial Times is one of the world’s leading news organisations, globally recognised for its authority, integrity and accuracy, with a mission to deliver quality information and services worldwide. At the FT, curiosity thrives and ambitious thinking is rewarded. Here, you’re given the chance to reach millions, create work that matters and deliver impartial journalism in a polarised world. In our warm, collaborative culture, you’ll connect with a diverse community of experts who support your growth, career aspirations and wellbeing Your future at the FT will be filled with opportunities that challenge and inspire you. With no fixed path, you’ll discover new skills and forge a career that can take you anywhere. Build a newsworthy career at the FT.

Our Commitment to Diversity, Equity and Inclusion

We believe in the power of unique perspectives and want all voices in our organisation to be heard, respected and valued. A supportive workplace is one where employees feel they can be themselves and operate to their full potential. We are committed to removing barriers for everyone, with a focus on addressing those faced by underrepresented groups.

The Role Overview

We’re looking for a Senior Cyber Security Engineer to help mature application and cloud security across the FT’s cloud-native, AWS-hosted technology estate. This role has an approximate 50/50 focus across application security and cloud security, working closely with product, platform and engineering teams to make secure delivery easier by default.

You’ll shape and improve developer-friendly guardrails across GitHub-based CI/CD pipelines, AWS environments and infrastructure-as-code workflows. This includes improving SAST, software composition analysis, secret scanning, IaC scanning, vulnerability management and AWS misconfiguration management so that findings are actionable, low-noise and owned by the right teams.

Day to day, you’ll run practical threat-modelling sessions, review application and cloud designs, improve security playbooks, support vulnerability and misconfiguration remediation, and build automation that reduces toil. We’re looking for someone who has demonstrably improved security outcomes in real engineering environments, not just someone with theoretical knowledge of tools or frameworks.

Depending on team structure, you may also mentor or line-manage one or two security engineers, while remaining hands-on and close to the technical work.

What you’ll bring to the role

Application and cloud security experience: practical experience across both application security and cloud security, ideally in AWS-hosted, cloud-native environments.

Developer-friendly security mindset: you know how to work with engineers, explain risk clearly and design controls that help teams move securely without unnecessary friction.

Vulnerability management at scale: experience improving how application vulnerabilities, dependency risks, bug bounty findings, penetration test findings and advisories are identified, prioritised, owned and remediated across engineering teams.

Cloud misconfiguration & vulnerability management: experience identifying and reducing infrastructure-as-code and AWS vulnerabilities & misconfigurations at scale through pragmatic guardrails, tooling and clear remediation paths.

Threat modelling: confidence running lightweight, practical threat-modelling sessions that lead to useful engineering decisions and risk reduction.

CI/CD and code security: hands-on experience with security tooling such as SAST, software composition analysis, secret scanning and IaC scanning.

Automation mindset: ability to write scripts or small tools, ideally in Python, to reduce toil, improve visibility and surface meaningful risk.

Security leadership: ability to mentor other security engineers and influence engineers across the wider organisation. Depending on team structure, this may include line management.

AI security awareness: experience of leveraging AI to improve and scale appsec and cloud sec controls would be useful, but is not essential.

Key Responsibilities

Improve application security guardrails
Tune and evolve SAST, software composition analysis, secret scanning and related controls so they are actionable, low-noise and useful to engineering teams.

Improve cloud and IaC security guardrails
Help identify, prioritise and reduce AWS and infrastructure-as-code misconfigurations and vulnerabilities at scale.

Drive vulnerability management
Improve how application vulnerabilities, dependency risks, bug bounty findings, penetration test findings and third-party advisories are triaged, prioritised and remediated.

Drive cloud misconfiguration management
Help teams understand, own and remediate cloud security issues using pragmatic, developer-friendly workflows.

Run practical threat modelling
Facilitate lightweight threat-modelling sessions for new products, features, services and architectural changes.

Build automation and tooling
Create or improve scripts, integrations, dashboards and workflows that reduce manual effort and make risk easier to understand.

Support secure architecture decisions
Provide application and cloud security input into design reviews, AWS architecture decisions and larger technical changes.

Partner with engineering teams
Work closely with product, platform and software engineering teams to embed security into design, delivery and operational practices.

Support incidents and lessons learned
Provide application and cloud security expertise during incidents and feed lessons learned back into patterns, tooling and guidance.

Mentor others
Coach security engineers and engineering teams on practical security approaches. Depending on team structure, this may include line management of one or two security engineers.

Required Experience, Essential: 

• Strong practical experience in application security and cloud security, ideally with a balanced focus across both.
• Hands-on AWS security experience, including common misconfiguration patterns and practical remediation approaches.
• Experience improving vulnerability management across engineering teams, including prioritisation, ownership, remediation tracking and noise reduction.
• Experience in improving cloud or IaC misconfiguration management at scale in a developer-friendly way.
• Experience integrating, tuning or improving security tooling in CI/CD workflows, such as SAST, software composition analysis, secret scanning or IaC scanning.
• Experience running practical threat-modelling sessions that influence design, delivery or remediation decisions.
• Ability to write scripts or small tools, ideally in Python, to automate security workflows or improve visibility.
• Strong communication and collaboration skills, with the ability to influence engineers and technical leaders without relying on gatekeeping.
• Evidence of improving application security, cloud security or vulnerability management practices in a real engineering environment.
• Familiarity with Agile or Scrum ways of working.

Desirable

• Experience with leveraging AI for AppSec and CloudSec.
• AWS Certified Security – Speciality or equivalent practical AWS security experience.
• Terraform or CloudFormation expertise.
• Incident-management or incident-response experience.
• Experience with Splunk or similar logging/SIEM platforms.
• Experience with security metrics, dashboards or reporting that helped drive measurable risk reduction.
• Experience mentoring or line-managing security engineers.

What’s in it for You?

Our benefits vary by location but we are committed to providing best-in-class perks across all our offices. These include generous annual leave, medical cover, inclusive parental leave packages, subsidised gym memberships and opportunities to give back to the community. Full details of our benefits are available here.

We’ve embraced a 50% hybrid working model (averaging two to three days onsite) that fosters trust and remote adaptability while encouraging in-person camaraderie and peer learning. Additionally, we are open to accommodating specific flexible working pattern requests for all roles where feasible.

Accessibility

We are a disability confident employer and Valuable 500 signatory.

Please let us know if you require any reasonable adjustments/personalisation as part of the application process or to enable you to attend an interview. If you would like to discuss your requirements or have any questions, email talent@ft.com and a member of our team will be happy to help.

Further information

At the FT, we embrace innovation and the use of technology and appreciate that individuals may leverage AI tools as part of their job application process. Whilst we are happy for you to use AI to assist with your application, it is essential that all information provided is authentic and accurately represents your skills, experience, and qualifications.

Candidates should be aware that the use of AI throughout the application process may be monitored to ensure a fair and transparent hiring process for all.

About Us

The Financial Times is one of the world’s leading news organisations, globally recognised for its authority, integrity and accuracy, with a mission to deliver quality information and services worldwide. At the FT, curiosity thrives and ambitious thinking is rewarded. Here, you’re given the chance to reach millions, create work that matters and deliver impartial journalism in a polarised world. In our warm, collaborative culture, you’ll connect with a diverse community of experts who support your growth, career aspirations and wellbeing. Your future at the FT will be filled with opportunities that challenge and inspire you. With no fixed path, you’ll discover new skills and forge a career that can take you anywhere. Build a newsworthy career at the FT.

Our Commitment to Diversity, Equity and Inclusion

We believe in the power of unique perspectives and want all voices in our organisation to be heard, respected and valued. A supportive workplace is one where employees feel they can be themselves and operate to their full potential. We are committed to removing barriers for everyone, with a focus on addressing those faced by underrepresented groups.

The Role Overview

We’re looking for a Cyber Security Engineer to help improve application security across the FT’s cloud-native technology estate. This is a hands-on role focused on making secure engineering easier for product, platform and software engineering teams.

Application security experience is essential for this role. You’ll help improve developer-friendly security guardrails across GitHub-based CI/CD pipelines, application repositories and engineering workflows. This includes working with SAST, software composition analysis, secret scanning, vulnerability management and secure coding guidance so that security findings are clear, actionable and owned by the right teams.

You’ll work closely with engineers to support practical threat modelling, triage application vulnerabilities, improve security playbooks and help teams remediate issues in a pragmatic way. You do not need to be a deep AWS or cloud security specialist, but some exposure to AWS, cloud security or infrastructure-as-code security would be useful.

We’re looking for someone with practical AppSec experience who wants to grow their impact - someone who enjoys working with engineers, improving tooling and helping security become part of normal delivery rather than a last-minute checkpoint.

What you’ll bring to the role

Application security experience: practical experience identifying, explaining and helping remediate application security risks in modern engineering environments.

Developer-friendly security mindset: you enjoy working with engineers, explaining risks clearly and helping teams adopt secure practices without unnecessary friction.

Vulnerability management experience: experience triaging and tracking application vulnerabilities from sources such as SAST, dependency scanning, secret scanning, penetration tests, bug bounty reports or third-party advisories.

CI/CD and code security awareness: familiarity with security tooling in development workflows, such as SAST, software composition analysis, secret scanning or repository security controls.

Threat modelling awareness: experience participating in, supporting or facilitating lightweight threat-modelling sessions for applications, services or new features.

Automation mindset: ability to write scripts or small tools, ideally in Python, to reduce manual effort, improve visibility or make security workflows easier.

Cloud security awareness: Some exposure to AWS, cloud security or infrastructure-as-code security would be useful, but is not essential.

Growth mindset: willingness to keep developing across application security, cloud security, secure development and modern engineering practices.

Required Experience, Essential

• Practical experience in application security.
• Experience working with software engineers to explain and remediate security issues.
• Familiarity with common web application security risks and secure coding practices.
• Experience with vulnerability triage, prioritisation and remediation tracking.
• Experience using or interpreting findings from tools such as SAST, software composition analysis, secret scanning or similar.
• Experience participating in or supporting threat-modelling activities.
• Ability to write scripts or small tools, ideally in Python, to automate tasks or improve visibility.
• Strong communication and collaboration skills.
• Familiarity with Agile or Scrum ways of working.

Desirable

• Exposure to AWS security, cloud security or infrastructure-as-code security.
• Experience with Terraform or CloudFormation.
• Experience with container or Kubernetes security.
• Experience with bug bounty, penetration testing or security testing programmes.
• Experience with Splunk or similar logging/SIEM platforms.
• Exposure to AI security, such as LLM-enabled applications, AI-assisted development workflows or prompt/data leakage risks.
• Experience building dashboards, metrics or reports to support vulnerability management.
• Relevant security certifications or training, such as AWS security training, secure coding training, GIAC, ISC2, CREST or equivalent practical experience.

What’s in it for you? Our benefits

Our benefits vary by location but we are committed to providing best-in-class perks across all our offices. These include generous annual leave, medical cover, inclusive parental leave packages, subsidised gym memberships and opportunities to give back to the community. Full details of our benefits are available here.

We’ve embraced a 50% hybrid working model (averaging two to three days onsite) that fosters trust and remote adaptability while encouraging in-person camaraderie and peer learning. Additionally, we are open to accommodating specific flexible working pattern requests for all roles where feasible.

Accessibility

We are a disability confident employer and Valuable 500 signatory.

Please let us know if you require any reasonable adjustments/personalisation as part of the application process or to enable you to attend an interview. If you would like to discuss your requirements or have any questions, email talent@ft.com and a member of our team will be happy to help.

Further information

At the FT, we embrace innovation and the use of technology and appreciate that individuals may leverage AI tools as part of their job application process. Whilst we are happy for you to use AI to assist with your application, it is essential that all information provided is authentic and accurately represents your skills, experience, and qualifications.

Candidates should be aware that the use of AI throughout the application process may be monitored to ensure a fair and transparent hiring process for all.