NIST Cyber Assurance Analyst

OSB Group is a leading specialist mortgage lender, primarily focused on carefully selected segments of the mortgage market. Our specialist lending is supported by our Kent Reliance and Charter Savings Bank retail savings franchises. Diversification of funding is provided by sophisticated securitisation platforms. OSB’s unique cost-efficient operating model is supported by our wholly-owned subsidiary OSBIndia.

The key purpose of this role is to support the Information Security programme and framework. You will focus on core areas such as risk management, third-party security due-diligence reviews, ensuring compliance with legal, regulatory and relevant security standards such as ISO 27001, PCI DSS and the UK data protection act / GDPR.

You will also support the security awareness and training activities as defined by an annual schedule of targeted training and testing across the Group.

• Support the Vulnerability Management reporting and IT remediation planning
• Support a pre-defined schedule of work to conduct third party risk management reviews through security questionnaires and on-site security reviews
• Assist with implementation, monitoring and assurance reviews of IT security controls
• Maintain information security frameworks, policies, standards and guidelines
• Implement process improvements and efficiencies as defined by the agreed service improvement plans
• Assist with the definition and enforcement of configuration standards and policies for security technologies

We offer a base salary dependent on experience of between £38,000 - £55,000 and a competitive benefits package including :

• Discretionary annual bonus opportunity of up to 15%
• 28 days annual leave plus bank holidays
• Contributory pension (8% employer 5% employee)
• Life Assurance (4x salary) plus Group Income Protection
• Access to Private Medical Insurance and Medical Cash Plan
• Additional benefits such as Hybrid working, Cycle Purchase scheme, Technology Purchase scheme, Season Ticket Loan, Holiday purchase / sell schemes, Employee Perk Portals, Payroll giving and Save as you Earn scheme

We are looking for talented individuals who have the experience and knowledge set out below :

• Previous work experience in an Information Security role within financial services with the following experience : Performing security assessments for IT systems and processes Conducting 3rd party risk assessments Creating a security awareness training programme Use of vulnerability management tools and remediation planning
• Strong knowledge of IT Security technologies, principles and practices
• Strong knowledge of the NIST framework
• Qualifications in or working towards any SANS GIAC Security certifications (Administration, Software, or GSE Expert), ISC2 CISSP, or any security systems vendor administration-level certifications

If this sounds like you, please apply now! For internal applications please visit the internal careers page to apply.

If shortlisted from your initial application we operate a personalised recruitment process. Interviews are a two way street, we aim for them to be relevant and conversational to get the best out of you!