Key skills
AzureCloudCyber SecurityAgileCI/CDRisk ManagementCommunicationPenetration Testing
About this role
Role Overview
- Provide second-line oversight of first‑line cyber controls, assessing their design, implementation and effectiveness.
- Identify and report cyber risks, supporting formal risk processes (RCSAs, assurance actions) to ensure timely closure.
- Plan and manage second-line red team programmes and where required support regulatory or auditor testing (e.g., CBEST/FCA/PRA) to drive resilience improvements.
- Plan and deliver second-line scheduled and ad‑hoc assurance testing (penetration, red team, vulnerability sampling) to validate first line remediation and control effectiveness.
- Challenge first-line to track and drive remediation of findings from testing, reviews and incidents, ensuring clear remediation plans and closure.
- Analyse first-line cyber processes and technical incident responses to identify gaps, root causes and pragmatic remedial actions.
- Oversee cyber risk mitigation projects and control improvement initiatives to reduce exposure and strengthen defences.
- Communicate risk findings and recommendations clearly to stakeholders, enabling timely, informed decision‑making.
Requirements
- Experience in financial services, consulting or technology roles in cyber security or technology risk (essential)
- Broad cyber security expertise: risk management, security architecture, engineering, threat intelligence, vulnerability management and incident response (essential)
- Understanding of second-line assurance: risk taxonomy, appetite, KRIs and controls (essential)
- Experience with red teaming, penetration testing or vulnerability scanning (essential)
- Knowledge of enterprise security products and cloud (primarily Microsoft Azure) (essential)
- Familiar with CI/CD, DevSecOps, SAST/security scanning and Agile ways of working
- Comfortable with risk/issue tracking tools, risk reviews and clear stakeholder reporting
- Able to produce gap analyses against policies/standards using industry best practice
- Experience in SOC or incident response teams
- Excellent report-writing and communication skills
- Knowledge of national/international cybersecurity laws, regulations and ethics relevant to financial services
- Able to work in diverse, multi-cultural teams with international exposure
- Curious, analytical and pragmatic problem-solver
Tech Stack
- Azure
- Cloud
- Cyber Security
Benefits
- Pension scheme of 18%
- Share Save and Share Incentive Plan
- Financial wellbeing and support services
- 38 days annual leave including bank holidays
- Opportunity to purchase up to 5 extra days
- Time Off When You Need It policy
- Comprehensive support and paid parental leave
- Health & Protection cover including Private Healthcare, Critical Illness cover and Life Assurance for you, with family options