Security Risk Specialist (Manager) - Advisory & Oversight

We’re on an exciting journey and there couldn’t be a better time to join us. We’re putting in place a fresh operating model for non-financial risk management. Empowering our people to take end-to-end accountability for managing the risks that they face!

We're seeking a Security Risk Specialist to join the Risk Specialist Centre of Excellence. It involves supporting robust risk management aligned with the Group’s Enterprise Risk Management Framework (ERMF). This will include giving our leaders and Risk Owners businesses advice on their risk appetite decisions, safely, and at pace.

Candidates will need a strong understanding and passion for information, cyber, physical security and risk management. Prepare to challenge conventions to enable the Group to safely go faster for both customers and staff.

We strive for excellent, safe, customer experiences but to achieve this we focus on our people. We are building a culture around continued learning and support and will give you opportunity to share new ideas and solutions.

You'll have deep operational risk knowledge and provide insight and oversight. You'll contribute to providing independent security risk technical expertise to advise, guide, challenge, oversight, support and inform decision making to help ensure Security risks are appropriately managed, and compliance obligations met across the Group.

What will you be doing?

• Building relationships with risk and control owners acting as security risk specialist business partner to help deliver against customer, business and strategic outcomes.
• Providing pragmatic advice to support informed key risk decisions and trade-offs (balancing commerciality and risk appetite), being bold to ‘call it’, and influence senior decision makers.
• Proposing solutions to business problems, delivering oversight with insight and innovative thinking to address security risk challenges.
• Input into the implementation of a risk and control oversight plan to assess compliance to relevant laws, regulations, industry standards and established controls.
• Interpret new operational risk regulation and emerging security opportunities and threats accurately and adeptly. Forethinking the direction of travel and anticipating the impact of the proposed changes on the Group.
• Support control owners and specialists to implement control measures that are designed to achieve the control objectives. Regularly monitoring and validating the effectiveness of the design of control measures to ensure they are achieving the control objectives.
• Drive automation for risk and control measurement, monitoring, and reporting. Collaborate with security, data, and analytics teams to call out issues and define action plans, all in pursuit of sustainable risk management.
• Perform continuous monitoring and reporting of the Group’s exposure relative to risk appetite, highlighting any significant deviations. Identifies and develops key risk indicators and key performance indicators to enable appropriate monitoring.
• Support Security Risk Specialist colleagues, contributing to the design, implementation and continuous review and enhancement of risk policies and appetite, as well as the ongoing data-led Operational Risk control objectives to meet the needs of risk and control owners, control specialist teams, Audit and external regulators.

What will you need to bring?

• Deep operational expertise aligned to Information, Cyber, and Physical Security risk.
• The ability to assess and manage Security risk, including identification, establishing risk appetite, developing policies, ensuring compliance, designing effective controls, providing assurance oversight, and offering advice that balances risk and reward.
• Expertise in Information Security covering key areas such as asset security, security architecture and engineering, communication and network security, identity and access management, security assessment and testing, security operations and software development.
• Demonstrable curiosity and understanding of the emerging technologies shaping the risk landscape (inc. AI, Digital Ledger Technology, Quantum).
• Experience of data analysis and statistical methods to interpret and quantify risk (e.g. Cyber Risk Quantification)
• Knowledge of relevant laws, regulation, industry standards and established practice in technical subject area.
• Effective decision-making, skilfully balancing trade-offs while understanding business strategy and opportunity risks.
• Experience of assimilating a range sources of data and complex information to effectively problem solve and make relevant conclusions and recommendations.
• Effective communication skills to build partnerships and work collaboratively with others, including Risk Owner, Control Owner and Control Office to meet shared objectives.
• The ability to work effectively with all other lines of defence and understands the different but complimentary roles.
• A future-focused mentality by being able to conceptualise and articulate a customer centric desired end state that has clear line of sight to our Group Strategy.

What’s in it for you?

You'll have both opportunity and profile. We'll provide you with a diverse, energising and lively environment that focuses on equal opportunity and real career progression in a leading digital organisation.

We'll take your personal and professional development very seriously and enable you to make a genuine difference to millions throughout your career with us.

We also offer a wide-ranging benefits package, which includes:

• A generous pension contribution of up to 15%
• An annual performance-related bonus
• Share schemes including free shares.
• Benefits you can adapt to your lifestyle, such as discounted shopping.
• 30 days’ holiday, with bank holidays on top
• A range of wellbeing initiatives and generous parental leave policies

Our focus is to ensure we're inclusive every day, building an organisation that reflects modern society and celebrates diversity in all its forms. We want our people to feel that they belong and can be their best, regardless of background, identity or culture. We were one of the first major organisations to set goals on diversity in senior roles, create a menopause health package, and a dedicated Working with Cancer initiative. It’s why we especially welcome applications from under-represented groups.

We’re disability confident. So, if you’d like reasonable adjustments to be made to our recruitment processes, just let us know.

So, if you have a desire to work in a challenging role in a dynamic environment, whilst gaining skills and experience within a friendly and motivated team then get in touch, we'd love to hear from you.