Information Security Officer

Description:

The Information Security Officer (ISO) will work within the Information Security Office of the Bank to ensure all information and cyber risks are identified, analysed, mitigated, and monitored, ensuring smooth banking operations. The ISO will also contribute to the Information/Cyber Security Strategy and Roadmap, enabling both defence-in-depth and, where appropriate, defence-in-breadth to safeguard banking operations. This position collaborates closely with Security Engineering, Security Operations, and Business Resilience Teams to address external attacks, mitigate zero-day vulnerabilities, and identify security flaws. The ISO will ensure that risk targets set by Executive Management are met, contributing to the continual improvement of the Bank's Cyber Assurance Framework.

Key Responsibilities:

• Collaborate with Information Security Engineering and Operations Teams to integrate security measures into business processes.

• Advise business units on security-related issues and initiatives.

• Oversee Second Line project activities to evaluate information security risks for new projects, products, systems, and changes.

• Supervise the resolution of risks and issues identified during audits or external assessments.

• Develop, review, and maintain information security governance documents such as policies, standards, frameworks, and procedures.

• Create and deliver Information/Cyber Security Awareness training for bank staff.

• Maintain records and documentation of ISO activities.

• Provide updates and reports to the Information Security Management System (ISMS) governance committee.

• Manage internal and external information security requirements, liaising with relevant parties.

• Support the ISO in annual budgeting and planning.

• Participate in Cyber Incident Response as part of the ISO Team.

• Coordinate with vendors to evaluate new technologies and lead Proof of Concept evaluations.

• Evaluate, recommend, and implement cloud security controls aligned with emerging technologies.

Qualifications and Experience:
Essential:

• At least five years of experience in Information Assurance and/or working within a highly regulated UK sector.

• Relevant Information Security qualifications (degree, CISSP, or CISM) obtained or in progress.

• Strong technical acumen with broad knowledge across Information/Cyber Security, Software Development, and IT systems.

• Working knowledge of NIST CSF.

• Analytical skills to interpret data and provide insights into threats.

• Awareness of common Cyber Incidents and Security breaches (OWASP).

• Ability to work autonomously and within a team.

Desirable:

• Knowledge or experience in SOC2, ISO 27K, PCI DSS, and GDPR.

• Previous experience in a Cyber Incident Response function.

• Hands-on experience with Information Security tools.