Reporting to the Head of Operational Risk and working closely with the Head of Information Security, the role will support in managing the Bank’s Second line of Defence (2LOD) for cyber security, assuring compliance with the Bank's Information Security Policies and Standards and overseeing the effective implementation of security controls through engagement with the Bank’s cyber security operations team (1LOD).

• Responsible to Head of Operational Risk for Information Security RCSA framework, in particular regulatory compliance, and tolerated risk exposure.
• Act as Cyber Security expert within the Second Line of Defence (2LOD), providing advice and guidance to 1LOD
• Working with the Bank’s Enterprise Architect to ensure solutions are delivered in accordance with BACB’s IT Security policies and Standards
• Ensure the Bank can effectively respond and recover from Cyber Security Incidents.
• Working with the Head of Information Security on ways to defend the Bank from current cyber threat landscape, identifying emergent threats and recommending innovative controls and mitigations.
• Work together with the 1LOD and provide evidence that IT Security operations are within risk tolerances (e.g., Evergreen IT, Patching, Vulnerability scanning and Pen Testing) (supported by a 2nd member of the 2LOD team)
• Oversee compliance with the Bank’s cyber security standards and policies liaising with CIO (1LOD) where responsibility spans Lines of Defence.
• Maintain security performance metrics/ KPIs, recommending improvements where appropriate.
• Effective use of specialist tools and logging to review the Bank’s cyber status and perform requested “deep dives” as necessary as well as define automated alerting mechanisms, ensuring that these alerts can be assessed and investigates independently by 1LOD and 2LOD.
• Engaging with the CIO and the Head of Information Security to ensure that sufficient/ effective cyber defences are implemented, giving the Bank value for money for any procured Cyber Security solutions, including Cyber

REQUIRED QUALIFICATIONS AND EXPERIENCE

• Educated to degree level (or equivalent), possessing at least one security accreditation (e.g., CISM or CISSP)
• Good working knowledge of cyber security standards (i.e. NIST, ISO 27001, Cyber Essentials, GDPR).
• Previous experience in the practical use and management of products such as Defender, Darktrace and Mimecast
• Familiarity of firewall rulesets and the requirements for effective cyber defence.
• Familiar with the Microsoft stack from Desktop products to server products to Azure
• Working in Financial Services or another regulated market, such as aviation or energy.
• Managing the delivery of an organization-wide information security related strategy
• Knowledgeable in common Data Leakage reasons and effective prevention.
• Working with on premise, public and/or hybrid cloud environments
• Proven ability to gain credibility with, persuade and influence operational managers, stakeholders and C-Suite.

Benefits

• Holidays between 25-30 days
• Hybrid working (3 days min office)
• Flexible benefits, starting from £5,670
• 10% employer pension contributions (With matching contributions up to 7.5%)
• 5 x Life cover
• Buying and Selling of Holidays
• Examination award of £2,500 (Criteria must be met)
• Introductory Award Scheme
• Long Service Awards
• Performance Awards

BACB is an Equal Opportunity Employer. There shall be no discrimination on the basis of age, disability, sex, race, religion or belief, gender reassignment, marriage/civil partnership, pregnancy/maternity, or sexual orientation.

We are an inclusive organisation and actively promote equality of opportunity for all with the right mix of talent, skills and potential. We welcome all applications from a wide range of candidates. Selection for roles will be based on individual merit alone.