Information Security Officer

Social network you want to login/join with:

MUST HAVE PREVIOUS BANKING EXPERIENCE TO BE CONSIDERED

The Information Security Officer works within the Information Security Office of the Bank to ensure all information and cyber risks are identified, analysed, mitigated, and monitored, ensuring the smooth operation of the Bank. Where improvements are needed, the ISO will contribute to the Information/Cyber Security Strategy and Roadmap, enabling both defence-in-depth and, where appropriate, defence-in-breadth to safeguard normal banking operations.

The ISO will collaborate closely with Security Engineering, Security Operations, and Business Resilience Teams across the bank.

The ISO addresses external attacks, mitigates zero-day vulnerabilities, and identifies security operating flaws. It ensures that Executive Management's risk targets are met and contributes to the continual improvement of the Bank's Cyber Assurance Framework, enhancing the control measures that defend the Bank.

• Collaborate with Information Security Engineering and Operations Teams to integrate security measures into business processes.
• Advise business units on security-related issues and initiatives.
• Oversee Second Line project activities to evaluate information security risks for new projects, products, systems, and other significant changes within the bank.
• Supervise the resolution of risks and issues identified during audits or external assessments.
• Develop, review, and maintain information security governance documents, including policies, standards, frameworks, and procedures.
• Create and deliver Information/Cyber Security Awareness training, educating NBKI staff on best practices.
• Maintain comprehensive records and documentation of ISO activities.
• Provide regular updates and reports to the Information Security Management System (ISMS) governance committee.
• Manage internal and external information security requirements, liaising with relevant parties.
• Support the ISO in annual budgeting and planning.
• Participate in Cyber Incident Response as part of the ISO Team.
• Coordinate with vendors to evaluate new technologies and lead Proof of Concept evaluations as needed.

Evaluate, recommend, and implement cloud security controls in line with emerging technologies and practices across group entities.

• Experience in Information Assurance and/or working within a highly regulated UK sector for at least five years.
• Relevant Information Security qualification (degree, CISSP, or CISM) obtained or in progress.
• Strong technical acumen with broad knowledge across Information/Cyber Security, Software Development, and IT systems.
• Working knowledge of NIST CSF.
• Willingness to learn and expand skills in both Information Security and Financial Services.
• Ability to work autonomously and flexibly within a team, contributing to an improved Bank security posture.
• Analytical skills to interpret data and provide insights into threats facing the bank.
• Awareness of common Cyber Incidents and Security breaches (OWASP).
• Knowledge or experience in SOC2, ISO 27001, PCI DSS, and GDPR.
• Previous experience working within an organisation's Cyber Incident Response function.

Hands-on experience with Information Security tools.

Please contact me if you would like to discuss the role. [emailprotected] or 0207 337 0045