PRIMARY OBJECTIVES

The primary focus of this role is to oversee cyber and information security measures within the bank. Daily responsibilities include actively monitoring security systems, promptly identifying potential vulnerabilities, and taking remedial actions to uphold the bank's security standards.

The ideal candidate will possess a sharp analytical mindset and a comprehensive understanding of cyber security practices. Familiarity with security infrastructure and operations, along with experience in AWS, is advantageous.

Key duties encompass:

• Planning, implementing, managing, and overseeing security measures to safeguard the bank's data, systems, and network.
• Identifying, evaluating, reporting, and monitoring cyber security incidents and breaches.
• Conducting routine security assessments, vulnerability scans, and assurance reviews to detect and address potential weaknesses, vulnerabilities, and threats.
• Staying abreast of the latest security threat intelligence, data breaches, and recommending appropriate remediation strategies, industry best practices, and protocols.
• Ensuring the organization's data and infrastructure remain secure by implementing necessary security controls.
• Reporting any security-related anomalies to relevant departments and stakeholders.
• Serving as the primary contact for all information security alerts and breaches, and coordinating responses through incident management procedures.
• Performing daily administrative tasks, generating reports, and maintaining communication with relevant departments within the organization.
• Documenting security controls, maintaining security dashboards, and compiling reports to track security measures effectively.

General duties:

• Assist in conducting risk assessments to identify, evaluate, justify, and prioritize controls aimed at preserving the confidentiality, integrity, and availability of information.
• Propose and document technical and procedural controls to safeguard information flows across internal, external, and public networks.
• Collaborate and engage with peers and other technical stakeholders within the organization as well as third parties.
• Participate in the change management process to ensure security considerations are adequately addressed.
• Aid in the development, maintenance, and execution of incident response activities and procedures to mitigate the impact of security incidents.
• Support both internal and external auditors by providing detailed information and cyber security insights for reviews and attestations conducted by regulators, payment schemes, and payment systems governing bodies.
• Evaluate the adequacy and effectiveness of information protection policies, procedures, processes, systems, and internal controls across the Bank to manage information security risks. Demonstrate agility and confidence in responding to and managing incidents.
• Offer expert guidance on all aspects of the Bank's compliance with information security regulations, including event resolution and breach notifications.
• Provide input to relevant internal committees regarding information security risks and concerns.

Requirements

Education and Training:

• Bachelor's degree in computer science, cyber security or equivalent is desired.
• Relevant and specialized certifications in cybersecurity is desired
• Technology-centric training and certification is an advantage

Experience and Skills:

• The role is for fresh/graduate, candidates with experience can apply.
• Should possess knowledge of security technologies and tools such as firewalls, intrusion detection/prevention systems, security information and event management (SIEM), anti-malware and related solutions.
• Strong analytical skills to determine, evaluate and provide solutions to address security events
• Knowledge of threat intelligence / hunting processes and related activities
• Knowledge of IAM, PAM solutions desired
• Knowledge and skills to carry out security assessments such as application penetration testing, vulnerability assessments is preferred
• Knowledge of cyber incident management, processes and frameworks desired
• Understanding of banking and payment systems and security is an advantage
• Knowledge of UK's banking regulatory and payment schemes, such as CHAPS, Faster Payments is desired
• Knowledge of information security and compliance frameworks, such as ISO27001, NIST CSF and PCI-DSS is an advantage
• Excellent verbal and written communications skills, strong interpersonal skills, with the ability to engage with a range of senior stakeholders both internal and external
• Committed to continuous learning and development

Benefits

• 25 days annual leave entitlement
• Pension scheme, 4% employer contribution
• Private Medical Insurance
• 60-40 Hybrid working after successful probation period