Security GRC Consultant (12 month FTC)

at  Nationwide

This is an exciting opportunity for an Security GRC Consultant to help shape aspects of the Information Security Policy and Control activity specifically supporting changes to the security control environment; both monitoring Key Performance Indicators and leading on transformation and continuous improvement affecting Information Security.
We are therefore looking for a passionate Information Security Consultant with knowledge, skills, and experience of all aspects of Information Security management and the governance of data and information. We have ambitious plans to enable continuous control monitoring and automate our control reporting; this role is pivotal to our success in achieving these outcomes.
This role is within the Security and Resilience Function, which is a diverse team of people with a wide range of experience, specialisms, and remits. What unites us is our vision for operational excellence, protecting our customers’ services, money and data, and our focus to make sure (alongside our other colleagues) services, money and data are always available and secure. At Nationwide, we openly put our 16 million members at the centre of every decision we make as a business. Every role, no matter what it’s doing, is member focused.
At Nationwide we offer hybrid working wherever possible. More rewarding relationships are supported through our hybrid approach, bringing colleagues together across our UK wide estate, whilst also supporting generous access to home working. We value our time in the office to solve problems, to learn, and to feel connected.
For this job you’ll spend at least two days per week, or if part time you’ll spend 40% of your working time, based at either our London, Swindon, Bournemouth, Northampton or Dunfermline office. Whilst these locations are where we are primarily looking to fill the role, if you’re an internal applicant based in a different location we would welcome your application and if successful, your hiring manager will provide further details on how this could work for this specific role. You can also find out more about our approach to hybrid working here.
If we receive a high volume of relevant applications, we may close the advert earlier than the advertised date, so please apply as soon as you can.

ABOUT YOU

We are seeking a skilled and motivated Security GRC Consultant to join our team at Nationwide Building Society. As one of the largest financial institutions in the UK, we are committed to maintaining robust information security practices and ensuring compliance with industry regulations.

As a minimum, you’ll:

• Strong knowledge of information security governance, risk management, and compliance practices.
• Familiarity with relevant regulations and standards (e.g., GDPR, PCI DSS, NIST).
• Experience in conducting risk assessments, managing compliance programs, and analysing security audits.
• Ability to convey complex security concepts to both technical and non-technical stakeholders.
• Self-motivated with a desire to stretch yourself and seek out new challenges.

Our Customer First behaviours are all about putting customers and members at the heart of how we work together. You can strengthen your application by showing the behaviours that resonate with you, and how you might have already demonstrated these.

• Say it straight - This is about being honest and direct with good intent and saying what needs to be said in the room. It’s also about being clear, precise, and using language that we and, importantly, our customers and members can understand.
• Push for better - This is about aiming high and constantly looking for better in how we work together and serve our customers and members.
• Get it done - This is about prioritising what will have the greatest impact, being decisive and taking accountability for delivering on the end-to-end outcome.

We know applying for jobs can sometimes feel like you’re sending an application into a black hole. We review each application individually. So, it’s a good idea to call out your most relevant experience on your application to give yourself the best chance.

Governance and Policy Development: Contribute to the development and implementation of information security governance frameworks and policies, ensuring alignment with best practices and regulatory requirements.
Risk Assessment and Management: Identify and evaluate potential security risks, develop effective risk management strategies, and continuously monitor and update risk profiles based on evolving threats and business needs.
Compliance Management: Ensure compliance with applicable laws, regulations, and industry standards, including GDPR and PCI DSS. Assist in the establishment of compliance programs, conduct audits, and manage remediation efforts.
Security Metrics and Reporting: Define and track key performance indicators (KPIs) to measure the effectiveness of information security controls. Generate reports and provide regular updates on security status, risks, and compliance to stakeholders and senior management.
Continuous Improvement: Stay informed about the latest security trends, technologies, and regulatory changes. Recommend enhancements to policies, procedures, and technical controls to enhance our overall security posture.
Consulting and Advisory Services: Act as a subject matter expert on information security matters, providing expert advice, guidance, and support to internal teams, clients, and stakeholders. Participate in meetings, workshops, and presentations to effectively convey security concepts and recommendations.