Head of Information, Cyber & Physical Security Risk​ Specialist

End date

Wednesday 01 May 2024

Salary range

We support agile working

Click here for more information on agile working options.

Agile Working Options

Job Share; Hybrid Working

Job description

What will you be doing?

• Leads a diverse team of risk specialists, coaching and inspiring them to drive optimal risk outcomes for our customers, in collaboration with a wider team of risk and control experts
• Owns an effective policy and suite of control objectives to manage this risk type effectively across the Group. Owns the policy with complete traceability back to legal and regulatory requirements.
• Manages relationships with risk and control owners acting as primary Operational Risk specialist business partner, utilising their team to help deliver against customer, business and strategic outcomes.
• Takes responsibility for design and implementation of risk policies and appetite to enable the Group to meet regulatory and operational risk objectives, providing consistent, fair outcomes for customers.
• Leads continuous review and enhancement of risk policies & appetite through the identification & assessment of emerging & growing risks, ensure policies and appetite reflect new opportunities or threats.
• Establishes continuous monitoring and reporting of the Group's exposure relative to risk appetite, highlighting any significant deviations. Identifies and develops key risk indicators and key performance indicators to enable appropriate monitoring.
• Develops effective, ongoing data-led Operational Risk control objectives to meet the needs or risk and control owners, control specialist teams, Audit and external regulators.
• Supports control owners and specialists to implement control measures that are designed to achieve the control objectives, including advising on optimal implementations where appropriate. Regularly monitors and validates the effectiveness of the design of control measures to ensure they are achieving the control objectives.
• Leads the development and implementation of a risk and control oversight plan to assess compliance to relevant laws, regulations, industry standards and established controls.
• Interprets new operational risk regulation and emerging technology opportunities and threats accurately and adeptly. Forethinking the direction of travel and anticipating the impact of the proposed changes on the Group.
• Drives automation of risk and control measurement, monitoring, and reporting, in coordination with technology, data, and analytics teams, raising and defining action plans in pursuit of sustainable risk management.
• Innovates, ensuring we're future fit: build scenarios for different approaches to risk management and strategies for controls that tackle emerging and horizon risks, with clear options and recommendations.
• Provides pragmatic advice to support informed key risk decisions and trade-offs (balancing commerciality and risk appetite), being bold to ‘call it', and influence senior decision makers.

What will you need to bring?

• Detailed knowledge of the key security risks facing a financial services group, with a proven ability to assess and manage security risk and threats (e.g. using ISMS, MITRE ATT&CK, PASTA/STRIDE/DREAD frameworks and methodologies), set policy and manage compliance, design controls, provide assurance oversight and challenge, and offer advice balancing risk and reward.
• Experienced in the domains of information, cyber and physical security, with applied knowledge across key elements including identity and access management, data security, threat and vulnerability management, security architecture and design, security engineering and application development (inc. devsecops), cloud services and shared responsibility models (inc. native and microservices architecture), infrastructure security, people security, cryptography, security operations, and physical and environmental security. Demonstrable curiosity and understanding of the emerging technologies shaping the risk landscape (inc. AI, Digital Ledger Technology, Quantum).
• Considered a deep subject matter expert with a strong depth of understanding of the latest Operational Risk frameworks and technology being used across financial and non-financial services to enable them to lead a specialist risk centre of excellence.
• Experience of developing and owning group-level policy and setting risk-appetite, with expertise in continuous monitoring and reporting on group exposure. Able to set control objectives and set performance indicators.
• Demonstrates good and timely decision making that keeps the organisation moving forward and skilfully balances difficult trade-offs with the ability to understand business strategy and opportunity risks. Has examples where they have assimilated different sources of data and complex information to effectively problem solve and make relevant conclusions and recommendations.
• Demonstrates ability to interpret new operational risk regulation, emerging risks and technology innovations with forethinking to anticipate the impact of changes on the Group and act accordingly.
• Has acted as a Risk Specialist business partner, using strong communication skills to build partnerships and work collaboratively with others, including Risk Owner, Control Owner and Control Office to meet shared objectives.
• Able to work effectively with all other lines of defence and understands the different but complimentary roles. Seen as the primary Operational Risk specialist and expert across the Group to help deliver against aligned customer, business and strategic outcomes.
• Has examples of building effective, ongoing data-led Operational Risk control objectives working with others, including external regulators.
• Inspires others by gaining followership and commitment to future action through personal integrity and collaboration; demonstrating an inclusive approach. Coaches to go faster by demonstrating commitment to create an environment that builds teams with skills aligned to our Group Strategy and Purpose creating new and better ways for the organisation to change at pace.

What's in it for you?

You'll have both opportunity and profile - we'll provide you with a diverse, energising and lively environment that focuses on equal opportunity and real career progression in a leading digital organisation. We'll take your personal and professional development very seriously and enable you to make a genuine difference to millions throughout your career with us.

We also offer a wide-ranging benefits package, which includes:

• A generous pension contribution of up to 15%
• An annual performance-related bonus
• Share schemes including free shares
• Benefits you can adapt to your lifestyle, such as discounted shopping
• 30 days' holiday, with bank holidays on top
• A range of wellbeing initiatives and generous parental leave policies

Our focus is to ensure we're inclusive every day, building an organisation that reflects modern society and celebrates diversity in all its forms. We want our people to feel that they belong and can be their best, regardless of background, identity or culture. We were one of the first major organisations to set goals on diversity in senior roles, create a menopause health package, and a dedicated Working with Cancer initiative. And it's why we especially welcome applications from under-represented groups.

We're disability confident. So if you'd like reasonable adjustments to be made to our recruitment processes, just let us know.

So if you have a desire to work in an ambitious role in a dynamic environment, whilst gaining skills and experience within a friendly and motivated team then get in touch, we'd love to hear from you.