Information Security Analyst - Third Party Assurance

Starling is the UK's first and leading digital bank, built to fix banking with technology that helps people save, spend and manage their money. We are a fully licensed UK bank with the culture of a fast-moving, disruptive tech company and a team of over 3,000 people across London, Southampton, Cardiff and Manchester.

Our technologists work in a fast-paced environment focused on building and innovating with cutting-edge fintech. We operate a flat structure to empower decision-making and encourage collaboration, with support across the business. Our values are Listen, Keep It Simple, Do The Right Thing, Own It, and Aim For Greatness.

Hybrid Working

We have a Hybrid approach. We prefer you to be located within a commutable distance to an office so we can interact in person. In Technology, you are expected to attend the office a minimum of 1 day per week.

We are growing and our cyber security team is looking for someone passionate about making a difference. As an Information Security Analyst, you will help protect Starling information, assets and systems using current technologies and techniques, while collaborating with stakeholders across the business, including second and third line.

You will work on a variety of projects and activities with opportunities to own deliverables from start to finish and gain exposure to a broad range of security domains and best practices.

• Participating in and supporting the design, implementation and continuous improvement of security solutions and processes aligned to Starling's strategy, industry best practice, and risk appetite.
• Supporting the continuous development of security resilience capabilities, embedding measures to protect Bank systems and assets.
• Sharing knowledge, advice, and guidance with the wider organisation.

• Have at least 1 year of experience in a relevant Information Security Analyst, or similar, role.
• Competent technical IT knowledge including a high-level understanding of network and operating system security and resiliency controls.
• Identify where third-party vendors may fall short of security best practices and communicate why this may introduce risks.
• Ability to articulate security risks to both technical and non-technical stakeholders.
• Knowledge of basic risk management.
• Attention to detail and willingness to get involved.
• Enjoy problem solving and be self-motivated to learn and develop skills.

• Understanding of security in a cloud environment (AWS, GCP).
• Information or cyber security qualification or degree.
• Strong understanding of business continuity and disaster recovery.
• Strong understanding of industry standards and frameworks such as ISO 27001, SOC 2, NIST CSF and PCI-DSS.
• Knowledge of AI / Large Language Models risks and mitigations.
• Secure system and software development lifecycle knowledge.

Interviews are a two-way process. They are conversational and you should come with questions. Expect a series of stages as follows:

• First stage with the Third Party Infosec Team Lead
• Second stage with additional team members
• Final stage with the Infosec Director

• 33 days holiday (including public holidays, with flexible timing).
• Extra day’s holiday for your birthday.
• Annual leave increases with length of service; option to buy or sell up to five extra days.
• 16 hours paid volunteering time per year.
• Salary sacrifice, company-enhanced pension; life insurance at 4x salary and group income protection.
• Private Medical Insurance with VitalityHealth, mental health support and cancer care; partner discounts.
• Generous family-friendly policies and a refer-a-friend scheme.
• Perkbox membership for retail discounts and wellness benefits.
• Access to initiatives like Cycle to Work, salary-sacrificed gym partnerships and EV leasing.

You may not tick every box. If you’re excited to work with us, we’d love to hear from you. We’re on a mission to reshape banking and welcome people from diverse backgrounds and experiences who enjoy solving problems.

Starling Bank is an equal opportunity employer. We are committed to diversity and inclusion in the workplace.

When you provide information, you consent to data processing under our Privacy Notice. By submitting your application, you agree that Starling Bank will collect your personal data for recruiting and related purposes.