The ‘Technology and Cyber Risk’ team consists of a Director, supported by Risk Analyst(s). The team operates as specialists within a wider second line Risk team which includes Operational and Credit risk, reporting to Chief Risk Officer. We work very closely with our colleagues in the Technology and Information Security teams.
Job responsibilities
Risk Assessment (60%): Risk controls are continuously tested and developed as the bank grows, embracing technology and innovation and using evolving industry best practice
Produce regular risk assessment reports of people, process, and technology systems to identify key gaps and drive process improvement
Review information security policies and procedures, with support from subject-matter experts, to ensure strategic, regulatory, and operational goals are met.
Own risk assessment and assurance with respect to third-party suppliers, partners, and mission-critical technologies
Partner with cross-functional stakeholders to document identified risks, recommend treatment options, and validate technical mitigation
Threat Intelligence (20%): Be a trusted partner to the business, providing robust, constructive challenge and helpful guidance
Assess, research, and report on cyber risks relevant to mission-critical banking operations covering people, process and technology such as threat actors, TTPs and IOCs.
Develop and refine key metrics to measure Cyber Programme maturity against best-practice baselines, security control effectiveness, and excellence of security operations execution
Where possible, apply risk management approaches to categorise and quantify exposure to evolving threats
Process Improvement (20%): Apply strong but proportionate risk controls, in partnership with the business, to protect value and to maintain stakeholder confidence
Coordinate efforts between tactical and assurance-focused teams to execute on high-visibility compliance objectives, including ongoing management of ISO standards and alignment NIST best practices.
Directly support OakNorth Bank’s Director of Technology & Cyber Risk to deliver high-quality deliverables and research-based insights to the Chief Risk Officer and Board.
Review and support virtual security awareness training sessions to drive information security culture and reduce exposure to phishing, social engineering, and end-user attacks.
Desired skills
We are looking for experienced risk assessment professionals with a broad security knowledge:
Good general knowledge of infrastructure and application risks across cloud platforms (e.g., AWS), networks, desktop, servers and mobile.
Knowledge of security fundamentals, how they apply in real world situations, and how to gauge control effectiveness (e.g., agile development)
Experience in the practical application of information security technology, operations, and concepts – turning identified risks in actionable tasks.
Familiarity with technology and security concepts such as configuration hardening, MITRE ATT&CK Framework and vulnerability management
Familiarity with UK and EU-relevant regulations relating to information security and data privacy, such as GDPR.
Excellent communication skills, particularly report writing and written communication,
Ability to translate technical language for a wider audience, and a desire to bridge communication gaps between team members, the team and management, and with the larger security community.
Ability to translate finished reports from third-party auditors and consultants into actionable risk treatment plans to adequately address findings.
Relevant degree, and/or 5+ years relevant IT audit, risk, or security experience.
Ideally, we would like to evidence advanced skills in one or more of these areas:
Specialist knowledge in infrastructure security e.g., EDR, DLP, penetration testing, technical roles
Working knowledge of AWS cloud security, or similar cloud environments.
Expertise across various security control standards and risk management frameworks, such as NIST and ISO 2700x Series
Exposure to ISO or NIST risk management and governance technologies to support complex requirements and automate evidence collection.
Advanced technical or management degree, with security specialism.
One or more relevant technical certifications:
Risk Management e.g., SANS GCCC, SANS GEVA, SANS GSNA, ISACA CISA, ISACA CRISC
Security Certifications e.g., CISSP, CISM, CEH, ISO27001 Lead Auditor
Cloud Certifications: AWS, Azure, Google Cloud
Technical Certificates: Windows, Linux, Networks, Security Products
About Us
We’re OakNorth Bank and we embolden entrepreneurs to realise their ambitions, understand their markets, and apply data intelligence to everyday decisions to scale successfully at pace.
Banking should be barrier-free. It’s a belief at our very core, inspired by our entrepreneurial spirit, driven by the unmet financial needs of millions, and delivered by our data-driven tools.
And for those who love helping businesses thrive? Our savings accounts help diversify the high street and create new jobs, all while earning savers some of the highest interest on the market.
But we go beyond finance, to empower our people, encourage professional growth and create an environment where everyone can thrive. We strive to create an inclusive and diverse workplace where people can be themselves and succeed.
Our story
OakNorth Bank was built on the foundations of frustrations with old-school banking. In 2005, when our founders tried to get capital for their data analytics company, the computer said ‘no’. Unfortunately, all major banks in the UK were using the same computer – and it was broken.
Why was it so difficult for a profitable business with impressive cashflow, retained clients, and clear commercial success to get a loan?
The industry was backward-looking and too focused on historic financials, rather than future potential.
So, what if there was a bank, founded by entrepreneurs, for entrepreneurs? One that offered a dramatically better borrowing experience for businesses?
No more what ifs, OakNorth Bank exists.
Job Description you are responsible to provide technical support with high degree of Customer Happiness by meeting Service Level Agreements...
Apply For This JobAssociate in Computer Science or related field or experience equivalent. 1+ years of experience in help-desk or desk-side support environment...
Apply For This JobPosition Description: 12 ASE Positions : 0.3 – 2.5 years:08 SE Positions : 3.0 – 3.5 Years: Night Shift: Yes...
Apply For This JobWith a startup spirit and 90,000+ curious and courageous minds, we have the expertise to go deep with the world’s...
Apply For This JobDUTIES AND RESPONSIBILITIES: l Preparing PO in SAP system l IT vendor payment processing, l Vendor coordination l Sim card...
Apply For This JobDescription And Requirements “At BMC trust is not just a word – it’s a way of life!” We are an...
Apply For This Job