Jobs Companies Cmgx Senior Security Engineer

About this Senior Security Engineer role at Cmgx

Cmgx · Hybrid · London
The Company
 
Capital Markets Gateway LLC (CMG) is a financial technology firm, uniquely focused on the equity capital markets (ECM), connecting investors and underwriters via a neutral platform. CMG delivers integrated ECM data and analytics, unrivaled transparency into deal flow, and workflow efficiencies for an otherwise fragmented and inefficient process. Providing a digital system of record for firm-wide deal activity, CMG helps clients make more timely, better-informed decisions. Launched in 2017 by a team of ECM practitioners, CMG has completed two successful fundraising rounds and is backed by a group of the world’s most prestigious financial institutions. The CMG platform is currently relied upon by nearly 150 buy-side firms representing $40 trillion in AUM and 22 global investment banks. For more information, please visit www.cmgx.io.  
 
The Role 
 
We are hiring a Senior Security Engineer to lead our security risk management and governance work. This is a senior individual-contributor role for someone who thrives on owning large, ambiguous initiatives end-to-end and turning them into shipped, operationalized programs. You will report directly to the CISO, own cross-program initiatives, and collaborate closely with senior leadership across the firm. 

The core of the role is hands-on security risk management, threat modeling, security risk assessments, and security design and architecture reviews, paired with the governance and process work that scales the program. You will partner on customer due-diligence and SOC 2 evidence and turn security controls into repeatable workflows that fit how the business already works. You will apply that lens across the full control landscape: cloud security, supply-chain and vulnerability management, endpoint and identity, detection and response, and AI security. 

CMG operates in a highly regulated, client-facing market, so scope and impact here are unusually large for the level. We value strong collaboration and a deep sense of ownership: you will be trusted to take initiatives and run with them, often without an established process or a big team behind you. The defining shift for the program is moving from reactive to proactive, and this role is central to it. This is a high-growth-potential role: we expect the right person to start as a senior individual-contributor and grow into broader leadership, including people's leadership, as the function scales.

Responsibilities

Security Risk Management 
  • Lead threat modeling across products, infrastructure, and new initiatives, identifying and prioritizing risks, attack surfaces, and vulnerabilities. 
  • Conduct security risk assessments and translate findings into pragmatic, risk-based remediation prioritized by impact and blast radius.
  • Run security design and architecture reviews, partnering with Engineering and DevOps to reduce risk through secure design and simplicity, not just added controls.
  •  
    Governance, Risk & Compliance 
  • Partner on customer due-diligence (DDQ) and SOC 2 Type II evidence gathering, keeping compliance sustainable rather than fire-drilled.
  • Build repeatable security workflows that embed controls into existing engineering processes instead of creating parallel ones.
  • Develop and maintain clear, role-relevant security policies, standards, and procedures, and drive consensus without direct authority.
  •  
    Security Controls and Technical Program Execution 
  • Understand and implement controls for supply-chain risk and vulnerability management, including CI/CD enforcement and dependency hygiene, and build vulnerability triage workflows that score real risk by exploitability, reachability, and compensating controls rather than raw CVSS.
  • Harden and secure our cloud environment (Azure), partnering with platform engineering on secure configuration, reviewing and remediating vulnerabilities, identity and network controls, posture management, and logging and detection. 
  • Strengthen endpoint and identity controls across a global, remote workforce: least privilege, phishing-resistant MFA, and privileged access controls.
  • Support detection and response, partnering with our DFIR and MDR relationships and helping mature toward a proactive posture.
  • Address AI security risks (prompt injection, data poisoning, model and agent governance) and help keep AI controls ahead of adoption.
  •  
    Cross-functional Leadership and Program Ownership 
  • Take ownership of large, loosely defined initiatives and drive them from problem framing to operationalized program.
  • Work closely with senior leadership across the firm, bringing structure to ambiguity and sequencing work against risk.
  •  Surface risk early, challenge assumptions, and communicate clearly to both technical teams and senior stakeholders.
  • Qualifications

  • Have 6+ years of hands-on security experience, with real depth in security risk management: threat modeling, risk assessments, and security design and architecture review.
  • Have run governance, risk, and compliance work in practice, including audit and customer due-diligence support (SOC 2 or similar), and made it operational rather than just documented.
  • Have thrived in a startup or other small, fast-paced environment, owning large, ambiguous initiatives end-to-end with little scaffolding and shipping them.
  •  Have working breadth across the control landscape: cloud security, supply-chain and vulnerability management, endpoint and identity, and detection and response.
  • Are genuinely technical: comfortable in cloud environments (Azure preferred), CI/CD, and at least one scripting language (e.g. Python, Bash, PowerShell), so your controls hold up in engineering reality.
  • Lead with empathy and influence, and distill complex security concepts into clear, actionable guidance for technical and non-technical audiences alike.
  • Thrive navigating ambiguity and make sound, risk-based calls with incomplete information.
  • Work effectively in a remote-first setup: most of the team is remote, with a small London in-office presence, so you communicate crisply and operate well asynchronously.
  • Navigate an organization to get things done you know who to pull in for information or alignment, and you drive that alignment without formal authority.
  • Nice to have

  • Have banking, fintech, or other regulated industry experience.
  • Use AI tooling fluently in your own day-to-day work and are eager to integrate it into security workflows as a force multiplier. 
  • Have a bias toward automating repeatable security work — scripting, tooling, and process — to scale your impact.
  • Be familiar with AI and agentic security risks (prompt injection, data poisoning, model and agent governance).
  • Have experience mapping security frameworks (NIST CSF, ISO 27001, OWASP, NIST AI RMF).
  • Have hands-on exposure to detection and response, red-team, or pen-test work.
  • Have experience with our stack: Azure / Entra ID, GitHub Enterprise Cloud (GHAS, Actions, Dependabot), Sentinel, Zscaler, Intune, Vanta, and the Atlassian suite.
  • Hold relevant certifications (e.g. CISSP, CRISC, OSCP) — valued but not required.
  • Our Values

  • We innovate with purpose  
  • We focus on outcomes vs. output  
  • We believe diverse and inclusive teams fuel innovation  
  • We are humble yet candid  
  • We do right by the customer 
  • What We Offer

    • Equity 

    • Unlimited PTO (28 days including bank holidays + unlimited additional paid leave) 

    • Comprehensive benefits program managed by Globalization Partners 

    • Premium life and income protection 

    • Top private medical and dental insurance 

    • Employee Assistance Program (EAP) 

    • Pension contributions 

    • Hybrid work environment (initially remote until office setup is complete) 

    • Education reimbursement 

    • Continuous learning opportunities 

    • Employee referral bonus 

    • Parental leave 


    CMG embraces our ongoing commitment to building a culture reflecting the people, perspectives, and passions it represents. We will accept nothing less than equity, inclusion, and belonging for all. With the only constant in life being change, we will always listen, learn, and improve for the betterment of our teams, customers, and communities. CMG is proud to be an Equal Opportunity Employer. 
    Ready to apply to Cmgx?
    Apply to Cmgx

    Similar jobs

    Sign up for suggestions tailored to the jobs you open and the searches you save.

    More jobs at Cmgx

    See all jobs at Cmgx →

    Apply now
    🤖

    Whoa — hold up

    JobsRadar was built for real people having a rough time in their job search — not for automated requests. You're clicking way too fast and you're now temporarily blocked.

    Come back later. If you're genuinely job hunting, we've got your back — just act like a human.

    Catch your next role the second it’s posted.

    Create a free account and we’ll watch the boards for you — the instant a job matches your search, it lands in your inbox or Telegram. No digging, no refreshing.

    Create free account

    Free forever · takes 30 seconds · already have one?

    Get an edge on your job hunt.

    Join our Telegram channel for the stuff that helps you land the role — salary benchmarks, the weekly market pulse, and new-feature drops. No spam, just signal.

    Join the channel — it's free