Description:
This role requires strong technical breadth, excellent problem-solving skills, and the ability to context-switch rapidly. You’ll be the go-to person for resolving a wide range of security and privacy issues across the change lifecycle. This is not a traditional advisory role — you will be actively participating in solving information security problems, working closely with engineers, product managers, and business stakeholders to identify, assess, and collaboratively solve security challenges and ensure the team can continue to deliver a pace. This role is all about helping technology teams deliver securely.
You’ll act as the first (and often final) point of call for your team, so a broad and deep understanding of security and privacy domains is essential — from secure architecture and threat modelling to data protection and regulatory compliance. You will need to be adept at handling complex problems that will require you to balance technical, security, regulatory and risk considerations alongside delivery timelines and stakeholder management.
If you thrive on autonomy, love leading teams, solving complex problems, and want to see the real-world impact of your work in a critical industry — this is the role for you.
Main Responsibilities
- People Management – You will lead and direct a team of 5 – 10 embedded information security consultants providing support, development, coaching and performance management.
- Relationship Management – You will build deep, trust based relationships with key stakeholders within the portfolio delivery leads and tech leads. You will attend key delivery forums such as project steerco’s, acting as the senior security representative. You will hold regular 1-2-1s with delivery leads and tech leads, fostering strong inter-personal relationships. You will interface with key stakeholders across the bank including 2LoD, Compliance, CIOs office, line of business teams and audit.
- Problem Solving – You will sit across the change portfolio supporting your team of embedded security consultants and their stakeholders with a wide range of issues from information security to privacy to stakeholder management.
- Risk Management – You will support your teams to identify and articulate risks, steering them towards appropriate treatment plans, documenting mitigating controls and ensuring these are actions within agreed timeframes. You will operate in line with the Bank's Risk Management framework (including sub-frameworks) and relevant risk and compliance policies and procedures, ensuring appropriate and timely escalation of any concerns to your line manager.
- Advisory – You will provide specialist advice and interpretation of Information Security best practice and UK regulatory requirements to a range of different stakeholders as new products, processes and systems are developed. You will need to be aware of your own knowledge gaps and when & where to seek specialist input to solve a particular problem or query
- Subject Matter Expertise – You will develop a deep knowledge of the Banks secure change processes and procedures, shepherding your workstream through various assessments and approval gates
Ideal Candidate
Research (by Harvard University) shows that women are particularly likely to second guess themselves and not apply - so if you are worried you don't meet all the criteria, get in touch anyhow and let us do the worrying…
- You are a confident leader, able to set the tone and direction for a diverse team of subject matter experts, offering coaching and support as required
- You are a skilled communicator, able to convey complex security issues to a wide audience, including non-technical colleagues.
- You love building strong interpersonal relationships across engineering, product, compliance, and business teams to foster a culture of shared security ownership.
- You are great at identifying information security risks and you enjoy finding creative solutions problems.
- You have a wide range of information security knowledge and, crucially, you are aware of your own knowledge gaps and able to seek support and guidance as required.
- You understand the intersection of Risk Management and Information Security and how these relate to each other in a Financial Service business (3LoD model)