Job Title: Senior Cyber Projects Specialist
Business Unit: Information Security & Resilience, D&I
Salary Range: £39,689 to £59,533 DOE plus great benefits
Location: UK Flexible
Employment Type: Permanent Full Time
In our quest to make things better, we never stop looking at how every bit of banking works. We sweat the small stuff, because we know it makes a big difference for our customers. But at the heart of this are our people – who we couldn’t do without. Our bold and brilliant colleagues who bring their A game every single day. The question is – are you ready to bring yours?
Within this in mind, we currently have an exciting opportunity within our Cyber Projects team a Senior Cyber Security Specialist to join our Cyber Projects team. If you like a fast-paced role that will challenge you, then you may have just found it! We're looking for self-motivated enthusiastic individuals, who have a real passion for cyber security, and are ready to make a real difference to a successful team.
As a Senior Cyber Projects specialist, you will become part of the dynamic Cyber Projects Team within the Information Security & Resilience function. The Cyber landscape is constantly evolving, and with this so too are security threats and risks. You will have an important role in protecting the Bank and its customers working across a number of the Bank’s change initiatives and provide security expertise to Business and Technical stakeholders at all levels. You will take a leading role in ensuring that security controls are delivered inside Projects and change initiatives in line with business risk appetite in relation to 3rd party supplier risk, as well as technology solutions.
The role is all about…
- Provision of end to end Cyber Security advice, guidance and direction to all projects and business change activities.
- Performing 3rd party due diligence and onboarding from a security perspective for new suppliers or where there are changes to existing supplier services, contract renewals and supplier exits, identifying any supplier risks and supporting key aspects of supplier governance from a security perspective.
- Working collaboratively across the Information Security & Resilience team, as well as the wider Bank, to ensure cyber risks and threats are appropriately managed on change initiatives.
- Defining appropriate security requirements and controls to mitigate identified security risks across change initiatives.
- Influencing the right security risk outcomes for the organisation in line with risk appetite.
- Lead Security Design Clinics and Project Security risk/issue reviews within the project lifecycle.
- Driving compliance with Information Security Standards, as well as Legal, Regulatory and Scheme security requirements.
- Ensuring that security requirements and controls are implemented by working closely with Design, Build and Test teams, as well as Business Stakeholders and suppliers.
- Ensuring robust assessments of proposed 3rd party services or software to ensure that security risks are identified and appropriately mitigated or managed within the Group’s risk appetite.
- Ensuring that relevant security risks are identified and articulated to a high standard for review in line with risk appetite.
- Assuring key controls through the coordination of 3rd party security testing.
- Supporting the development of the Technical Specialist team members by providing mentoring and SME support.
- Performing a lead role within the team and act as a point of escalation into the Cyber Projects Manager.
We need you to have…
- A passion for Cyber Security and risk.
- Experience of 3rd Party Risk Management from a security or IT perspective.
- Strong working knowledge of Information Security principles and key technical solution approaches.
- Practical experience of Information Security domains and control frameworks.
- Practical experience and application of risk management principles and methodologies.
- Knowledge of information security related policy, standards and methodologies and associated information security legislation.
- A strong delivery focus, able to balance and successfully deliver across a wide range of deliverables, to several stakeholders who may at times have competing priorities.
- A flair for influencing, persuasion and presentation.
- Excellent communication skills and ability to influence change at all levels.
- An aptitude to quickly assimilate and understand complex changes in order to efficiently present information to identify issues and consider solutions.
- The ability to engage a range of stakeholders to influence decisions to improve security across the company.
- Proven ability to make sound pragmatic decisions and judgements under tight timelines, within a dynamic and fast-moving environment.
We’d love it if you had, but not essential…
- Professional Information Security Qualification, for example CISSP, CISM, CISA, CompTIA Security+, CompTIA.
- Working knowledge of best practice Security Standards and Principles, including ISO/IEC 27001, NCSC Security Cloud Principles, NIST, PCI DSS etc.
- Experience of using Prevalent or similar 3rd Party Security management tool.
- Experience of working within an agile project development environment.
RED HOT Rewards...
- A generous holiday package and the option to buy more!
- Private Medical Insurance - with the option to extend to family members.
- Pension! A market leading pension – we’ll top up your contributions too.
- Flexible benefits – customise your rewards to work for you!
Inclusion at Virgin Money
Inclusion is at the heart of everything we do here at Virgin Money. It’s good for you, it’s good for us and it’s amazing for our customers. We know that great minds don’t think alike, so we rely on your diverse thoughts, feelings, beliefs and backgrounds to be the best we can possibly be. Got any questions about this or need some support with your application? We’d love to hear from you so get in touch with our friendly team at email@example.com or HRUKRecruitment@cybg.com
Point to note…
At the minute, depending on which team you are joining, lots of us are working from home. This is something that may change over time, and if so, we will come together in one of our hub locations, giving you the chance to meet your new colleagues in person. We will of course, make sure you have the IT equipment to access our systems and to interact digitally with your new team and colleagues, but we thought it best to let you know this in advance, so you can make sure you are set up to work safely and productively. If you have any questions on this let us know!
Now the legal bit…
If we offer you a job and you accept, there are some checks we need to complete before you can start with us. This will include a credit and criminal record check, as well as providing 3 years' worth of satisfactory references.