Description
We're looking for an ambitious information security or cyber specialist to join our team as an Information Security Director. As a key member of our Office of the CISO, you will lead the continuous improvement of our Information Security capabilities and governance. You will be responsible for managing and maintaining the Information Security Policy Framework across Starling Group, establishing and maintaining standards for control implementation procedures, and liaising with external bodies and organisations to keep abreast of emerging trends, technologies, and legislation that have an impact on Information Security.
You will also support security controls assessment, and accreditation, e.g. ISO/IEC 27001, manage the input to the Information Security Risk Register and ensure coherence with the Bank's Risk Management framework, and act as point of contact for the second, third line of defense and other stakeholders (e.g. Legal, Regulatory Affairs) and coordinate audit and request response.
In addition, you will manage the creation of Board, committees and regulatory engagement meeting material and communication, establish a framework and manage the Information Security reporting capability incl. regular revision of Key Risk and Performance Indicators, and support the CISO in the yearly Information Security strategy review and roadmap definition.
You will also manage the Information Security related budget, and have previous experience working in a complex IT organisation encompassing service delivery, application development and IT infrastructure.
You will have an understanding of best practice within Information Security and risk management including standards such as ISO/IEC 27001, NIST, Cyber Essentials and COBIT, and an understanding of legislation and regulations that impact information Security. E.g. Data Protection Act and GDPR, DORA, Freedom of Information Act, PCI DSS.
You will also have previous experience in leading, developing and motivating a team, and an understanding of current and emerging threats and countermeasures and the organisational challenges to addressing these threats.
You will have a good knowledge of security technologies and wider business solutions including Identity and access management, security monitoring, and data security technologies, and a good understanding of financial services and awareness of broader requirements.
You will share knowledge and provide guidance on internal bank first line related processes, and take responsibility and do the right thing for customers, colleagues and partners.
It would be great if you have one or more of the following qualifications, but it's not essential; Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP), or Certified Information Systems Auditor.