Responsibilities

:

* Support the delivery of the Information Security Management System and drive continuous improvement in information security.

* Evaluate and assess cybersecurity controls across the business and third-party vendors to ensurepliance with the NIST Cyber Security Framework (CSF).

* Conductprehensive risk assessments using the NIST CSF.

* Identify cyber threats, risks, and issues using risk management techniques.

* Develop and conduct third-party vendor security assurance activities.

* Collaborate with cross-functional teams to develop and implement risk management activities.

* Respond to security support tickets and provide information security support and escalation.

* Create and collect metrics, validate security control performance, and identify emerging cyber risks.

* Collaborate with the Enterprise Risk Management (ERM) team to maintain, develop, and deliver cyber risk reporting and appetite statements.

* Maintain and develop Information Security policies and procedures relevant to the current cyber threat landscape.

* Maintain, develop, and test the Cyber Incident Response Plan.

* Monitor and managepliance with relevant cybersecurity regulations.

* Manage actions and output from stakeholder engagements, including customers, regulators, and auditors.

* Stay current with emerging security trends, threat intelligence, industry standards, and security-enhancing technologies.

Essential Skills, Knowledge & Experience:

* Proven experience in an Information Security role.

* Experience working in a professional or financial services environment.

* Hands-on experience conducting cyber risk assessments and developing mitigation strategies.

* Experience with cybersecurity control assessments and maintaining risk reporting and appetite statements.

* Knowledge and experience with recognized security frameworks such as NIST CSF, ISO27001, etc.

* Experience managing and maintaining cybersecuritypliance with regulatory frameworks such as FCA, PRA, NYDFS.

* Experience developing aernance framework by maintaining policies and procedures.

* Ability to meet agreed deadlines and work independently or collaboratively.

* Strong interpersonal andmunication skills, both written and verbal, with the ability to interact with technical and non-technical stakeholders.

* Strong analytical, problem-solving, organization, and planning skills.

* A proactive and enthusiastic approach.

* Knowledge of Microsoft systems (on-premise and Azure cloud), technologies, infrastructure, and systems management tools.

* Ability to respond positively to exceptional events in information security.

This is a fantastic opportunity to contribute to apanymitted to continuous improvement in information security during a time of digital transformation and growth. If you are passionate about cybersecurity and meet the above criteria, we would love to hear from you.

Job ID BBBH106782