Lead Information & Cyber Security Specialist - Data Security

Lead Information & Cyber Security Specialist - Data Security

Team IT, IT & Change

Location Holborn Office

County Central London

Ref # 23987

Closing Date 14-Dec-2025

At Metro Bank, we believe the best banking experience starts with people who genuinely care. We're not just delivering banking services - we're building trust through authentic connections. Here, our people come first; our colleagues are part of a team that values individuality, collaboration, and long-standing relationships. We are also all about balance so most of our jobs offer the opportunity for hybrid working built around your role and home life, wherever possible.

• As the Lead Information and Cyber Security Specialist you will provide, information security support and oversight service to change initiatives at a variety of scales across the Bank. You will ensure that Information Security risk is managed in accordance with the Bank's Risk Management and Information Security policy frameworks, to inform and direct both tactical and strategic decision making.
• Collaborate with various first line of defence teams to ensure alignment of technology controls to relevant information security standards.
• Support and challenge Information Security control design across IT and the wider business to be as efficient and effective as possible given the dynamic nature of risk and threat within the banking industry.
• Ensure transparency in Information Security decisions made across all programmes and projects that you are supporting.
• Support a varied and demanding programme of bank‑wide change working with project teams to advise and guide on information security best practice. You will help ensure that final outputs comply with external best practice, regulation and internal governance, whilst balancing the specific delivery needs and challenges of the project.
• Identify security testing requirements, collaborate with appropriate stakeholders to scope these tests and to ensure that the business risk associated with any issues identified is incorporated into project risk management and treated in accordance with the Bank's risk management policies and processes.
• Information Security management reporting, specifically within the change and project environment.
• When required, deputise for the Head of Information Security Change.

And... we are a bank so risk is a part of everything we do. We love people who take responsibility, do the right thing for customers, colleagues and Metro Bank and have the ability to call out any concerns.

• You must have a strong understanding of information security within the project management lifecycle, alongside a solid working knowledge of enterprise technology.
• You must have a strong risk management background and experience in conducting security risk assessments on projects and developing security controls.
• Specific experience in secure design, build and control methodologies aligned to relevant security standards, e.g. ISO27001, PCI DSS, NIST.
• Demonstrable experience of Agile, DevSecOps, Cloud, containerization, microservices and similar technologies is desirable.
• Excellent stakeholder management skills with the ability to distil complex conversations into information that can be consumed by a non-technical audience to make decisions.
• You are able to critically assess regulatory risks applicable to systems and projects within the financial industry against the wider business and information security risks.
• Understand the risks associated with your job and what that means for you, Metro Bank and all our stakeholders.

• We will make sure that you are well-rewarded by providing you with a competitive salary, discretionary annual bonus, and a wide range of benefits, including generous holiday allowance, attractive pension scheme, healthcare, life assurance, and a number of colleague discounts!
• We will give you the training to ensure you succeed in your role and plenty of internal opportunities to progress your career (around 40% of our recruitment comes from internal promotions!).

Diverse teams really are the best teams. We know that candidates (especially women, research tells us) may be put off applying for a job unless they can tick every box. We also know that 'normal' office hours aren't always doable, and while we can't accommodate every flexible working request we are happy to be asked. So if you are excited about working with us and think you can do much of what we are looking for but aren't sure if you are 100% there yet... why not give it a whirl? Please note that sometimes we may close a job earlier for applications if we are inundated with amazing candidates.. Good luck!