THE OPPORTUNITY

This is a brand new role and a key hire within the Partnership, responsible for supporting the embedding and maturing of the Security and Technology elements of the Group Risk Management Framework and supporting ongoing governance, assurance, and oversight across the first line Security and Technology functions.
Supporting the Information & Data Security Officer, you’ll be involved in the delivery of a programme of second-line assurance reviews, audits and tests to ensure the appropriate controls are effective with recommended actions reported to management to ensure risk levels remain within appetite and operations are compliant with policy, standards and regulatory requirements.
You’ll foster meaningful relationships across the business including first line security and technology, internal audit, first and our privacy & data protection teams to help them understand and mature their risk and control environments.

KEY ACCOUNTABILITIES:

• Security Governance - Represent the second line security function in security/technology risk forums and working groups, to offer input and challenge to first-line security policy, process, and strategy.
• Security & Technology Risk Management - Collaborate Group Risk function peers to ensure security and technology risk is represented within the Enterprise Risk Management.
• Security & Technology Risk Management - Work with first line security and technology functions to align control frameworks with best practice to mitigate risk.
• Security Assurance - Assist in the delivery of the annual second line assurance activity plans over first line security, reporting on findings and setting recommended actions.
• Technology Assurance - Assist in the delivery of the annual second line assurance activity plans over first line Technology, reporting on findings and setting recommended actions.
• Risk Reporting & Administration - Support the periodic Group Risk team reporting activities and facilitate the first line tracking and reporting of issues and minor risks.
• Advisory/Consultancy - The ability to advise/consult on all business initiatives In line with Information Security Risk while be an enabler wherever possible in line with the strategy of the business

QUALIFICATIONS: (DESIRABLE)

• BA/BSc degree or equivalent experience in the field of IT or IT Security.
• CISSP, CISM, CISA, CCSP, CRISK, ISO27001 or similar entry level to mid-level ISC2, ISACA or SANS.

EXPERIENCE:

• Working in financial services or with financial services clients that were subject to regulatory requirements such as FCA, PCI-DSS and GDPR.
• Delivery of audits, assurance reviews and risk assessments across complex environments.Experience of the tools, systems, services and techniques used for vulnerability scanning, penetration testing, firewalls, WAF, endpoint security, browsing and email controls.

KNOWLEDGE:

• Understanding and implementation of security and information technology fundamentals across multiple domains of information security, operational resilience, disaster recovery and business continuity; ideally in a Microsoft-dominated ecosystem.

SKILLS AND COMPETENCIES:

• Ability to confidently convey very technical concepts to non-technical audiences.
• Demonstrable experience of producing reports for management.
• Excellent communication skills to articulate security risk to Projects and Technical departments.
• Ability to operate in a fast-paced environment with the skills to deal with complex issues.