Security + Cyber Security



You are responsible for providing independent, effective, and proportionate 'second line' assurance of the design and operation of the Bank's IT platform, and the adequacy and effectiveness of the framework of controls and defences, in order to ensure both its resilience and the adequacy of its cyber defences. You will be responsible for delivery of the related V2MOMs.


This is a key senior leadership role in the 'second line of defence' of the Bank which exists to deliver vital outcomes in the following areas:

1. To assure IT strategy and its implementation

Provide guidance and advice on the Bank's IT Strategy and IT Architecture, and review it from a 'second line' assurance perspective, in order to support the CTO, CISO, the Director Cybersecurity, and the Director IT Operations in the 'first line' who lead its development. The objective is to ensure its resilience, using up-to-date best practice
Provide assurance over design compliance with relevant standards, including NIST and (in due course) ISO27001
Review governance, policies, procedures, systems, tools and controls for IT operations and cyber security, to ensure their adequacy and effectiveness in protecting the Bank's infrastructure and its data security
Assure new products, tools and systems at design and implementation stage as they are developed by the 'first line' business
Maintain an independent assessment of the Bank's overall maturity and status against the NIST and CQUEST frameworks, and report regularly to senior management
Educate and inform the Bank's Board and EXCO on IT resilience and cyber risk, and promote a team effort on cyber defence across the whole Bank through advice and influence

2. Identify and protect

Provide an independent view of existing and emerging threats and risks to the Bank, and overview the adequacy of cyber threat intelligence activity. Liaise with industry bodies as appropriate to undertake this.
Manage an on-going programme of 'second line' assurance of IT resilience and cyber security, including independently monitoring and analysing data / MI on IT operations and cyber activity, and the progress of new projects
Undertake thematic reviews of key aspects of the Bank's infrastructure and controls in a regular cycle
Provide assurance of the management control framework, including management of both BAU activities / maintenance, and change management / the introduction of new systems, tools and processes. This will include oversight and assurance of regular testing (such as Pen Testing) and the pre-launch testing of new systems, tools and processes. It will also include assurance of controls over Outsourced Service Providers, including the Security Operations Centre service
Ensure the maintenance of standards and compliance with frameworks including NIST and (in due course) ISO27001
Review and risk assess new systems, processes and change projects at the design stage in close liaison with the 'first line', providing a 'second line' review, and later provide an assurance review at the go-live stage
Deliver independent reports on IT operations and cyber defences to ISMS, ERC, and Board on a monthly and quarterly cycle

3. Respond and recover

Oversee incident response planning and recovery arrangements from a 'second line' perspective, in order to protect the Bank's IT and data assets and the ability to restore operations. Ensure that back-up and recovery plans are adequate, and are tested regularly including a full review of the output
Jointly lead with the CTO on the response to any breaches or Events
Investigate after breaches or Events and make recommendations for avoiding similar vulnerabilities


Energy, pace, and strong work ethic. Able to effectively manage and prioritise a substantial workload ('Momentum')
Commitment to excellence ('10x')
Ability to partner with stakeholders in different parts of the business ('OneTeam')
Strong written and verbal communication skills; able to present technical issues effectively to senior management
Analytical skills, able to analyse complex issues in a methodical and structured way with appropriate attention to detail.
Logical thinking, ability to get to the simplest answer as opposed to a convoluted one, and an approach to risk management which is proportionate ('Challenge & Simplify')
Confidence to be able to challenge the 'first line' business and to apply influencing skills, and to hold fast to risk principles and standards. To do so firmly but not aggressively to achieve a good, co-operative working relationship ('Trusted Partner')


Several years 'hands on' experience in cybersecurity, some of which is in the financial services industry in a bank or consultancy;
University degree (computer science or cybersecurity degree is an advantage, but applicants with degrees in other disciplines are welcome to apply);
Solid experience in security monitoring or audit as well as international exposure is an advantage;
Proven knowledge and expertise in business fields such as cybersecurity and IT risk; audit and compliance, with a broad strategic vision across the IT architecture and cyber security landscape
Knowledge of threat analysis
Knowledge of the latest technologies and practices, and of current best practice in IT architecture design, cybersecurity, and data protection
Knowledge of IT and cybersecurity standards and frameworks including NIST and ISO27001

Benefits and Perks:

Equity. We want people to have a stake in the business so that all our interests are aligned
25 days holiday
Personalised benefits - opt-in to what matters to you
Enhanced family leave
Paid volunteering days off
Wellbeing and social events
Barista bar

Back to List Apply now