Head of Cybersecurity

Who We Are

NEXT Ventures is a rapidly scaling global fintech company where ambition takes shape and momentum becomes movement. Headquartered in Bangladesh with operations across Sri Lanka, Malaysia, and Cyprus, we specialize in funded trading platforms, CFD brokerage, and futures trading, empowering over 220,000 daily users from 170+ countries.

Our two core divisions, FundedNext, our flagship and profitable brand, and FNmarkets, a next-generation CFD broker, are built to unlock potential and drive performance. With 500 dedicated professionals across five countries, we are managing complex financial flows, scaling global operations, and laying the groundwork for future fundraising and IPO ambitions.

Join us to help shape financial strategy in a dynamic and high-growth environment where dreamers become doers and performance defines success.

Your Role in Our Mission

As the Head of Cybersecurity, your mission is to architect, operationalize, and continuously evolve a security-first culture that protects our people, platforms, and data while enabling innovation. You will shape the strategy, governance, and execution of end-to-end cybersecurity practices across a high-growth, multi-entity fintech group.

From designing enterprise-wide policies and securing cloud native platforms to leading incident response and ensuring regulatory readiness, you will be the key driver of cyber resilience and trust at the core of our trading and brokerage ecosystem.

This is a high-impact leadership role where your decisions will directly influence business continuity, product delivery velocity, and our long-term credibility as a regulated global fintech player.

How You'll Make an Impact

You will be measured on your ability to establish, operationalize, and continuously improve the following:

• Security Baseline & Visibility: Complete multi-entity asset inventory; risk register; crown-jewel mapping. (KPI- % infra assets inventoried & risk-ranked; % critical apps with data flow diagrams)
• Application Security & VAPT Program: Secure SDLC gates, automated scanning, recurring penetration testing, tracked remediation SLAs. (KPI- High/Critical vuln mean remediation days; % code repos in SAST; # VAPT cycles)
• Security Operations (XDR/SIEM/SOAR): Centralized telemetry, 24x7 alerting/escalation model, threat detection metrics (MTTD/MTTR). Data Protection (DLP + MDM + IAM): Classified data handling, data loss prevention controls, device security enforcement across geos. (KPI- DLP incidents blocked; classification coverage)
• Enterprise Policy Framework: From zero to governed: Access Control, AI/ChatGPT, SaaS Collaboration (ClickUp/Discord/etc.), Secure Dev, Incident Response, Vendor Security, Acceptable Use, more.
• Regulatory & Audit Readiness: Map current controls to ISO 27001 or NIST families; build evidence and close high-risk gaps.

Core Responsibilities

Strategy & Governance

• Develop and own a 3-year global cybersecurity roadmap aligned to business scale and regulatory expectations.
• Establish and chair a cross-country Security Steering Committee (monthly risk review, KPI tracking).
• Build and maintain an enterprise risk register tied to business impact.

Policy Architecture & Rollout

• Author, socialize, and implement baseline global security policies (Access Control, AI & GenAI Use, SaaS Use Standards, Secure Development, Incident Response, Data Classification & DLP, Endpoint & MDM, Vendor Security, Business Continuity Plan and /Disaster Recovery).
• Translate policies into a practically implementable state.

Application Security & VAPT

• Implement secure SDLC practices with engineering & QA (threat modeling, SAST, DAST, SCA, IaC scanning, and secrets scanning).
• Lead recurring VAPT cycles (external, internal, red teaming) across trading portals, APIs, broker integrations, and back-office platforms. Drive remediation with measurable SLAs; report risk trending to execs.

Security Operations/Detection & Response

• Deploy and integrate XDR, SIEM across geographies.
• Centralize log ingestion from firewalls (Palo Alto), cloud, identity providers, trading infra, and collaboration platforms.
• Define alerting use cases, escalation matrix, and 24x7 coverage strategy. Lead incident command during security events; coordinate forensics, comms, and regulatory notifications.

Endpoint, Identity & Data Leak Protection

• Implement & Enforce MDM for corporate and regulated BYOD endpoints.
• Roll out data classification tiers and DLP policies across email, endpoints, cloud storage, and collaboration apps.
• Implement MFA everywhere and least-privilege role design; introduce PAM for high-risk systems (e.g., MT5 Manager API, Payment Orchestration).

Regional Security Alignment

• Conduct remote and onsite assessments; close gaps via country IT leads.
• Harmonize security tooling procurement and licensing across entities for cost efficiency.

Metrics & Reporting

• Publish quarterly Global Security Scorecard (risk heatmap, vuln aging, policy adoption, endpoint coverage, MTTD/MTTR).
• Present actionable insights to Executive Leadership and the Board Risk Committee.

What You Bring

• 6+ years progressive experience in cybersecurity, with 3+ years in a senior/lead role owning org-wide or multi-site security programs.
• Hands-on experience leading Vulnerability Assessment & Penetration Testing (VAPT) and driving remediation with engineering teams.
• Production experience implementing or operating XDR/EDR + SIEM (e.g., Cortex XDR, CrowdStrike, Microsoft Defender, Splunk, Elastic, Chronicle, etc.).
• Delivered enterprise policies & DLP: Access Control, Acceptable Use, Incident Response, Secure Development, Data Handling, SaaS/Collab Tools Governance.

Your X-Factor

• Driving strategy while staying hands-on with security technologies and operations.
• Leading through influence, collaboration, and evidence-based decision making.
• Aligning security controls with frameworks like ISO 27001, NIST CSF, and CIS, while keeping implementation pragmatic and lightweight.

Why Join NEXT

We offer a competitive salary aligned with industry standards, along with a comprehensive benefits package that includes performance incentives, health coverage, and professional development opportunities.

At NEXT Group, we foster a performance-driven culture that emphasizes agility, excellence and growth within a professional, balanced work environment across our global organization.