Information Security Executive

The Information Security Executive will be responsible for managing day-to-day information and cyber security activities, ensuring the bank's systems, data, and networks remain secure and compliant. This role requires a proactive, analytical professional with a strong understanding of security methodologies, infrastructure, and operations. Knowledge of AWS cloud environments is desirable.

• Monitor security events, anomalies, and alerts across the organization, reporting findings to relevant teams
• Act as the primary point of contact and participate in information security incidents and breaches, coordinating responses following established incident management protocols
• Support regulatory and stakeholder incident and breach notifications, including material incident assessments
• Assist in identifying, assessing, and mitigating security vulnerabilities, threats, and weaknesses
• Maintain security records, dashboards, and reports to provide insight into the organization's security posture

• Implement, manage, and monitor technical and procedural security controls to protect the bank's data, systems, and networks:
• Network and application security
• Identity and access management
• Cloud security controls (particularly AWS)
• Data privacy and protection
• Logging and monitoring
• Assist in conducting vulnerability assessments, penetration testing, and risk evaluations:
• Review of vulnerability scans and penetration testing results
• Assessment of risk severity and business impact
• Tracking and validation of remediation actions
• Provide security inputs, engage in technical reviews and remediation actions in new products, change initiatives, and technology projects, including cloud and third-party solutions
• Support compliance with relevant regulations, standards and frameworks (e.g., ISO27001, PCI-DSS, NIST, SWIFT CSP, FCA/PRA expectations)
• Stay informed on emerging security threats, breaches, and industry best practices, providing recommendations for remediation and enhancements
• Ensure proper controls are in place to maintain the confidentiality, integrity, and availability of information

• Assist in risk assessments to identify, evaluate, and prioritize controls to mitigate information security risks. Support the documentation and tracking of technical risk treatment plans and remediation actions
• Propose and document technical and procedural controls to secure internal, external, and public network information flows
• Support both internal and external audits, providing detailed security input for regulatory, scheme, and payment system reviews
• Evaluate the adequacy and effectiveness of security policies, processes, and controls, advising on risk mitigation measures
• Provide expert guidance on compliance with information security regulations, including event resolution and breach notifications

• Liaise with internal teams, peers, and third parties to ensure security measures are aligned and effective
• Contribute to internal committees on information security risks and emerging issues

• Academic qualification or equivalent certifications in information or cyber security
• Strong analytical skills and understanding of cybersecurity methodologies
• Practical experience with security operations, monitoring, and incident management
• Understanding and knowledge of threat intelligence and related activities
• Understanding and knowledge of security technologies such as Firewalls, SIEM, IAM, DLP, PAM, AV/AM, etc. is essential
• Knowledge of ISO27001 or relevant security frameworks is desirable
• Knowledge of AWS cloud security and cloud-native security practices is desirable
• Knowledge in technical risk assessments, vulnerability management
• Understanding of regulatory requirements is desirable
• Excellent communication skills with the ability to collaborate across technical and non-technical teams
• Ability to respond confidently and effectively to security incidents

• Competitive salary (depending on skills, knowledge and experience)
• 25 days annual leave entitlement plus 8 bank holidays
• Performance-based bonus aligned to individual and organisational objectives
• Pension scheme with employer contribution
• Private medical insurance to support your health and wellbeing
• Hybrid working flexibility, supporting a balance between office collaboration and remote work
• Supportive and collaborative working environment within a growing financial services organisation
• Opportunities for professional development and career progression in information security and cyber resilience