We're at our best when we have something to drive us forward, a belief that underlines who we are and what we do. Our Purpose. We want to make people happier about money - and that idea starts with every single one of us. Feeling Insatiably Curious about your next adventure? You might have just found it.
Maintaining the security of our customer and bank systems and data is crucial to making everyone happier about money and the Chief Information Security & Resileince Office team are at the heart of this. This is a multifactiated role as the team are involved in a range of projects and change programmes, including solutions created internally by the Group, externally by third parties and those hosted in the Cloud.
Reporting to the Cyber Projects Team Manager you will work in a fast paced, energetic environment to solve difficult business challenges whilst maintaining the Bank's security posture. As a Security Consultant, you will provide a specialist Cyber security service by performing third party security reviews on new to bank suppliers, which will range from well established IT firms to fledging Fin-techs. You will provide advice to projects, change initiatives and Senior Management across the Group that are building customer and internal solutions. As a consultant you will provide advice and guidance to skillfully balance the customer and user experience with Cyber security risks to ensure that solutions remain within the Group's risk appetite.
Day to day you will .…
- Conduct robust assessments of proposed third party services or software to ensure that security risks are identified and appropriately mitigated or managed within the Group's risk appetite.
- Report your findings and and define recommendations to remediate any control gaps identified through the course of the review.
- Develop Information Security focussed questions for the initial RFI / RFP process (based on the type of service being provided).
- Provide an information security opinion on each proposal, ensuring the key risks are identified and articulated to the project.
- Prepare the security element of the contract, and work with Legal Services in tailoring the contract as required to address any findings / risks identified during the security review.
- Provide advice and Guidance to Legal/Procurement on the content of the security provisions when the contract is being drafted or produced by the supplier.
- Manage a number of varied stakeholders involved in on-boarding new suppliers to the Bank e.g. CISRO, Procurement, Legal and Project Manager.
- Develop and build relationships internally and externally with key business and technical stakeholders, central functions and key third parties and supplier contacts supporting onboarding.
- Ensure that security requirements and controls are implemented by working closely with Design, Build and Test resources, as well as Business Stakeholders and suppliers.
- Represent the Cyber Projects team at Programme/Workstream level Design Authorities and Workstream daily stand ups providing security advice in relation to the solution/s being proposed.
- Drive compliance with Information Security Standards, as well as Legal, Regulatory and Scheme security requirements.
- Ensure that relevant security risks are identified and articulated to a high standard for review in line with risk appetite.
- Design security tests to a granular level and work closely with the business to manage any remedial activity
- Taking difficult business issues and creating win-win outcomes for Security and the Business.
To be brilliant you will bring…
- Extensive knowledge and understanding of the security related technical controls which prevent / mitigate Cyber Security risks.
- Working knowledge and demonstrable experience of information security related policy, standards and methodologies and associated information security legislation and scheme standards, particularly the ISO27001 Framework.
- Understanding of the attack vectors, methods and actors in relation to Cyber security
- Strong analytical skills and the ability to work across a wide variety of frameworks and models.
- The ability to identify and communicate risk at the Enterprise level.
- Superb stakeholder management & influencing skills across a broad range of technical and non-technical stakeholders and all levels within the Group.
- Great presentation, oral and written communication skills with an ability to convey complex technical concepts and issues to non-technical colleagues.
We would love it if you had…
- A creative and curious mind
- Formal Cyber security accreditations
- Knowledge of current information security standards and regulations such as PCI-DSS, ISO27000 series, GDPR, PSD2