Are you passionate about technology and safeguarding digital landscapes while driving innovation? Do you thrive on tackling complex security challenges and have a knack for translating technical risks into actionable insights? Then this interesting opportunity in the intersection of technology and risk is for you!
We are looking for a dynamic and experienced professional to join our team and spearhead our technology and cyber risk initiatives. Working within the second line of defense Risk Function, this role is pivotal in providing independent oversight and assurance across the organization's cybersecurity, information security and IT risk landscape. The ideal candidate will possess an in-depth understanding of infrastructure and application security risks, particularly within cloud platforms (AWS), networks, servers, application development, desktop environments, and mobile platforms. The role emphasizes ensuring the effectiveness of security controls, compliance with regulations, and continuous monitoring and mitigation of emerging cyber threats.
Ready to make a real difference? Apply now and help us protect our digital assets while fostering innovation and resilience!
Job Responsibilities
- Working with the Director of Technology and Cyber Risk and the wider Risk Team:
- Provide expert risk advice, oversight and challenge of the management of technology risk across the development, architecture, testing or our internal and external technology estate.
- Provide risk advice, oversight and challenge and guidance of cyber security risk across cloud platforms, network infrastructure, desktop environments, servers, and mobile devices.
- Collaborate with development teams to review code, ensuring best practices are integrated throughout the software development lifecycle (SDLC).
- Review the implementation and enforcement of robust information technology and security policies across all IT functions, ensuring alignment with industry best practices and frameworks.
- Deliver the risk assurance monitoring plan for technology and cyber risk including independent risk assessments of critical systems and applications, ensuring timely resolution of vulnerabilities ensuring effective corrective and preventive actions are implemented to address findings.
- Ensure organisational compliance with relevant UK, EU, and global regulations (e.g., GDPR and Prudential Regulation Authority (PRA) requirements and leading security frameworks, such as NIST and ISO 27001
- Review risk mitigation strategies, ensuring appropriate treatment of identified risks and providing oversight on residual risks.
- Serve as a bridge between the technical risk team, senior management, and the broader technology and cybersecurity community to ensure a holistic approach to risk management.
- Identify, assess, and effectively communicate complex technology and cyber risks, translating them into actions for cross-functional technical teams.
Skills, Competencies and Preferred Qualifications
-
Proven experience in a technology focused Second Line of Defense or similar risk management role, with an emphasis on information security, technology risk, and cybersecurity.
-
Deep technical expertise in IT infrastructure security, with hands-on experience in network security, cloud platforms (e.g., AWS), servers, mobile devices, and desktop environments.
- In-depth understanding of security frameworks and best practices such as NIST, ISO 27001, and MITRE ATT&CK, along with regulatory requirements like GDPR and PRA requirements
- Strong ability to independently audit complex IT systems, identify vulnerabilities, and implement effective security solutions.
-
Hands-on experience with secure coding practices and security assessments within an SDLC environment.
- Experience with security testing tools, such as static code analysis tools, dynamic application security testing (DAST), and automated vulnerability scanning tools.
-
Excellent communication skills with the ability to translate highly technical cyber risks and audit findings into business-friendly language for executive leadership and non-technical teams.
-
Demonstrated ability to lead thematic reviews through collaboration with internal and external stakeholders.
- Relevant risk management, security certifications and cloud security certifications.
About Us
We’re OakNorth Bank and we embolden entrepreneurs to realise their ambitions, understand their markets, and apply data intelligence to everyday decisions to scale successfully at pace.
Banking should be barrier-free. It’s a belief at our very core, inspired by our entrepreneurial spirit, driven by the unmet financial needs of millions, and delivered by our data-driven tools.
And for those who love helping businesses thrive? Our savings accounts help diversify the high street and create new jobs, all while earning savers some of the highest interest on the market.
But we go beyond finance, to empower our people, encourage professional growth and create an environment where everyone can thrive. We strive to create an inclusive and diverse workplace where people can be themselves and succeed.
Our story
OakNorth Bank was built on the foundations of frustrations with old-school banking. In 2005, when our founders tried to get capital for their data analytics company, the computer said ‘no’. Unfortunately, all major banks in the UK were using the same computer – and it was broken.
Why was it so difficult for a profitable business with impressive cashflow, retained clients, and clear commercial success to get a loan?
The industry was backward-looking and too focused on historic financials, rather than future potential.
So, what if there was a bank, founded by entrepreneurs, for entrepreneurs? One that offered a dramatically better borrowing experience for businesses?
No more what ifs, OakNorth Bank exists.