Information Security Assurance Officer

Working at the Cumberland, you become part of something special. We’re a Mutual organisation, committed to improving the lives of our colleagues, customers, and community. Our values are incredibly important to us.

We’re on an exciting transformational journey with our people firmly at the forefront of our plans. If you want to work for a team integral in helping to drive cultural change, a team where you can bring your whole self to work bringing your energy and creativity to make a positive difference, then this is the job for you.

As our Information Security Assurance Officer, you'll be responsible for assisting in the oversight and control of all aspects of the Information Security Management System, ensuring controls and reviews are in place to prevent/minimise threats such as security breaches, computer viruses or attacks by cyber criminals. This covers Risk Management, External Assurance, Supplier Management, Training and Awareness, Policy Management.

You’ll also play a pivotal role in providing subject matter expertise to projects to ensure they have security controls included by design.

You’ll have depth of knowledge in information security, with an excellent understanding of the technical side, having very good experience of compliance such as ISO27001, NIST, CBEST & CQUEST requirements.

The Benefits

• Competitive salary – depending on skills and experience.
• Holidays - 25 days holiday plus public holidays and the opportunity to buy and sell up to 2 days.
• Learning and Development opportunities - We want you to grow in your role. We’ll work together to support your personal and professional development.
• Hybrid Working - the tools and equipment you need to be able to work from home when you need to, depending on your role.
• Health and Wellbeing - a calendar of events and activities throughout the year, Mental Health & Wellbeing champions, and Cycle to Work scheme.
• Community Day - We offer our people an extra paid day off every year to help local charities and community organisations.
  
  

The Role

Main Responsibilities Include

• Engagement with projects to provide advice, guidance and non-functional requirements to ensure security is being built in by design.
• Support and execute all group-wide Assurance tasks, initiatives and assignments, including monitoring the assurance inbox and responding to queries.
• Assist in the ongoing program of information security assurance covering all aspects of ISO27001 and the controls set out in the Society.
• Support the management of the Information Security Management System on behalf of the Society and ensure compliance with its components.
• Support the Information Security Assurance Manager in working with information security operations to maintain acceptable levels of control and risk throughout the Society.
• Carry out assurance reviews in line with the schedules calendar, producing reports, feedback and managing actions/non-conformities through to satisfactory conclusion.
• To assist in the maintenance of the Information Security (COO) Risks and Controls register and work closely with other information security colleagues and carry out actions to mitigate the risks identified.
• To keep up to date with security trends, threats and control measures and recommend new solutions and initiatives that will enhance the protection of the Society’s assets and data.
• Support in phishing campaigns and the management the outcomes and necessary training.
• Identify risks and ensure these are presented in accordance with procedures and are given the appropriate level of attention.
• Conducting third party supplier reviews.
• Work closely with key stakeholders including Risk, Audit, Technology and Information Security Operations to assist and provide input to ensure that Society policies and procedures for Information/Cyber Security Operations are effective and adhered to. To be proactive in making recommendations for updates to policies and procedures as required
  
  

All potential candidates should read through the following details of this job with care before making an application.

About You

You’ll have strong, demonstrable experience in an Information Security role, ideally within a Financial Services led environment or equivalent highly regulated industry. You’ll ideally have a formal qualification in an Information Security discipline, e.g. CISM or equivalent significant experience, as well as experience of ISO27001 audits, NIST audits or similar, ideally being a Certified ISMS Lead Auditor (CIS LA).

In Addition To This We’d Love To See

• A strong technical understanding and background
• Full UK driving license
• Excellent interpersonal, written and verbal communication skills and the ability to work well with people at every level.
• Ability to work with autonomy, flexibility, be organised and able to work under pressure.
• Strong relationship management and influencing skills.
• Attention to detail to ensure accurate assessment and management of risk.
• Strong analytical skillset.
• A good level of understanding on general IT security concepts and principles.
• Ability to effectively prioritise situations requiring urgent attention.
• Ability to work as a team and on own initiative to think ‘outside of the box’ and go the extra mile.
• Pro-activity and self-motivated with the proven ability to drive results and provide excellent customer services to all levels of the organisation.
• High level of motivation to see success delivered through own personal efforts and those around them.
  
  

About Us

We’re here to create a banking experience that’s kinder to people and planet.

Unlike banks, we don’t have public or private shareholders which means we can invest 100% of our profits back into our business. As a result, our business is purpose-led, financially strong, socially responsible and always focused on our people, planet and communities.

Recently we were presented with a Highly Commended award in the Financial Services Company of the year category at the British HR Awards in London. Our entry was recognised for our continued commitment to wellbeing.

Where you will work

Our aim is to keep the great balance we have achieved with hybrid working. The successful candidate would therefore be willing to work remotely and be able to work from Cumberland House as and when required.

The closing date for completed applications is 20th March 2025, however it may be closed earlier if enough applications are received.

We’re here to create a banking experience that’s kinder to people and planet.

Unlike banks, we don’t have public or private shareholders which means we can invest 100% of our profits back into our business. As a result, our business is purpose-led, financially strong, socially responsible and always focused on our people, planet and communities.