What is our mission?

Orbital is on an exciting mission to revolutionise global cross-border payments by innovatively combining traditional fiat banking rails with stablecoins over blockchain rails for a variety of use cases. Our class leading B2B payments platform offers multi-currency e-money accounts (corporate IBANs) combined with a suite of digital assets services. Our company sits at the frontier of payments & fintech, by intersecting blockchain and traditional (fiat) financial services, and is leading the way to bridging those two worlds for corporate enterprises globally.

We believe blockchain technology is firmly here to stay, and we want to be the first to bring a combined offering of fiat & crypto payment services under one exciting platform. Learn more about our team and company story here.

What is the purpose of this role in the delivery of our mission?

The Cyber Security Manager is responsible for ensuring the confidentiality, integrity, and availability of the organisation’s information and assets. This role oversees operational security activities and process assurance to ensure adherence to the company’s information security policies and standards.

The successful candidate will demonstrate a strong focus on security governance, risk management, and compliance. They will work collaboratively with cross-functional teams to identify and assess vulnerabilities, evaluate associated risks, and develop effective preventive and mitigating controls. This role requires a proactive approach to strengthening the organisation’s security posture through continuous improvement, clear communication, and the effective implementation of security best practices.

What are the key responsibilities / activities of the role?

• Provide day‐to‐day guidance on cyber security, ICT risk, and operational resilience matters across the organisation.

• Lead the development, implementation and continuous improvement of the organisation’s cyber security and ICT risk management framework.

• Conduct regular cyber and ICT risk assessments to identify vulnerabilities, threats, and resilience gaps, ensuring risks are evaluated and addressed appropriately.

• Oversee ICT incident management processes, including classification, escalation, reporting, and post‐incident reviews, ensuring lessons learned are embedded.

• Maintain and enhance information security policies, standards and procedures aligned with industry frameworks (e.g., ISO 27001, SOC 2, NIST CSF).

• Develop, maintain and test operational resilience capabilities, including Business Continuity Plans (BCP), Disaster Recovery (DR), scenario exercises and service continuity arrangements.

• Monitor security tooling, alerts and external intelligence sources to identify emerging risks and recommend proactive mitigations.

• Manage ICT and security third‐party risk, including due diligence, oversight, and ongoing assurance of suppliers and critical service providers.

• Support internal and external audit activities relating to cyber security, ICT risk and operational resilience.

• Lead organisation‐wide security and resilience awareness activities, ensuring staff understand their responsibilities and behave securely.

• Work closely with engineering, product and operational teams to embed secure‐by‐design and resilient‐by‐design practices.

• Maintain and evolve the organisation’s ISMS to drive continual improvement and maturity uplift.

• Liaise with external stakeholders including partners, auditors, regulators and service providers on cyber and resilience‐related matters.

• Provide mentorship, leadership and guidance to team members and internal stakeholders involved in security and resilience activities.

What are the essential skills, qualifications and experience required for the role?

• Demonstrable expertise with SOC 2, ISO 27001, NIST CSF, CSA CCM and ICT risk frameworks.

• Strong understanding of DORA requirements and digital operational resilience principles.

• Experience in cyber security governance, ICT risk management, and operational resilience.

• Proven experience conducting ICT risk assessments and developing mitigation plans.

• Strong track record supporting internal/external audits and regulatory engagements.

• Excellent communication and stakeholder‐management skills.

• Ability to operate independently and collaboratively in a fast‐paced, international environment.

• Proactive, structured, and detail‐oriented working style.

What are the desirable skills, qualifications and experience that would be beneficial for the role?

• Experience within financial services, fintech, payments, or digital assets.

• Professional certifications (e.g., CISSP, CISM, CRISC).

• Experience with operational resilience frameworks (DORA etc.).

• Knowledge of cloud security and digital asset security considerations.

• Experience in incident response and crisis management exercises.

• Involvement with UK‐wide cyber security or resilience bodies and professional groups.

• Experience working in a scale‐up or high‐growth environment.

• Understanding of secure software development lifecycle (SSDLC) principles.