Key Responsibilities
Security Governance, Policy & Reporting
Cyber Security
Security Awareness & Training
Data Loss Prevention & Insider Risk
Data Protection & Privacy
IT Infrastructure Oversight
Incident Management & Operational Resilience
Risk Leadership
Corporate Responsibilities
Read and follow all relevant company policies and procedures
Adhere to all risk-related responsibilities applicable to your role, as set out in the Risk Management Policy
Abide by all compliance and financial crime related policies, procedures and reporting obligations applicable to your role
- A Material Risk Taker for the bank you will need to act in accordance with regulatory expectations of a Certified individual
Required Skills & Experience
A minimum of 5 years’ experience in a second line information security, GRC or data protection role within a UK regulated financial services firm.
Working knowledge of PRA and FCA expectations, UK GDPR, PECR and operational resilience requirements.
Experience running security awareness programmes, including phishing simulations and e-learning platforms.
Working knowledge of Microsoft Purview 9DLP< Insider Risk management, Communication Compliance) and the wider Microsoft E5 security stack.
Experience responding to internal and external audits and drafting Board and committee papers.
Experience of third-party security due diligence and supplier risk assessments
Relevant certifications such as CISSP, CISM, CRISC, CIPP/E or ISO 27001 Lead Auditor (desirable).