Information Security, Assistant Manager

Overview

The Assistant Manager Information Security will play a critical role in safeguarding the bank's information assets, infrastructure, and customer data against evolving cyber threats. This role is responsible for driving and managing information security operations, ensuring continuous monitoring, identification, and timely remediation of security vulnerabilities to uphold a resilient security posture, and provide management with up-to-date reports on the bank's security posture.

The role will proactively support the bank's compliance with UK regulatory requirements, industry standards, and best practices, while contributing to the development and enhancement of security frameworks, policies, and controls. Using strong analytical skills, deep knowledge of cyber security methodologies, and understanding of security infrastructure, including AWS cloud environments, the role will ensure the bank maintains cyber resilience, protects against financial and reputational risks, and fosters a culture of sound security across the organization.

• Provide proactive security oversight and assurance for new initiatives and ongoing projects, ensuring that information security and regulatory requirements are embedded from design through implementation.
• Collaborate with senior stakeholders, regulators, and external partners to align on security standards, communicate risks, and deliver solutions that balance business objectives with compliance obligations.
• Actively participate in governance forums and internal committees, presenting emerging risks, security trends, and strategic recommendations to strengthen resilience and maintain the bank's security posture.
• Advise on regulatory compliance requirements, data protection obligations, and breach notification processes, ensuring the bank meets FCA, PRA, PSR, and other applicable regulatory expectations.

• Lead and conduct comprehensive information security risk assessments to identify, evaluate, and prioritize threats, ensuring effective controls are implemented and maintained.
• Establish, document, and enforce security controls that safeguard information flows across internal systems, third parties, and public networks.
• Develop, maintain, and execute incident response and crisis management procedures, ensuring swift and effective mitigation of security events while minimizing business disruption.
• Monitor security operations to identify anomalies, investigate incidents, and coordinate timely remediation with internal teams and external providers.
• Keep up-to-date with evolving threat intelligence, security breaches, and industry developments, recommending proactive remediation measures and best practices to protect the bank's systems and data.

• Partner with auditors, regulators, and payment schemes by preparing evidence, delivering subject matter expertise, and supporting internal and external audits, certifications, and reviews.
• Evaluate and enhance the effectiveness of the bank's information security policies, procedures, and controls, driving continuous improvement and compliance with internal standards and regulatory frameworks.
• Support management reporting by providing timely, accurate, and risk-focused updates on security posture, incidents, and compliance activities.

• Be the primary point of contact for all information security alerts and breaches within the Bank and coordinate responses via incident management protocols.
• Daily administrative tasks, reporting, and communication with the relevant departments in the organization.
• Maintain security records and documents of controls, security dashboards and reports.
• Assist in conducting reviews and assessments to identify and report potential vulnerabilities, weaknesses and threats.
• Implement, manage and monitor security controls to protect the bank's data, systems and network.
• Ensure that the organization's data and infrastructure are protected by enabling the appropriate security controls.

• CONDUCT RULE 1:
  You must act with integrity.
• CONDUCT RULE 2:
  You must act with due skill, care and diligence.
• CONDUCT RULE 3:
  You must be open and cooperative with the FCA, the PRA and other regulators.
• CONDUCT RULE 4:
  You must pay due regard to the interests of customers and treat them fairly.
• CONDUCT RULE 5:
  You must observe proper standards of market conduct.

• Information Technology
• Risk and Compliance
• Business departments
• Internal forums, groups and committees

• Suppliers and Vendors
• Regulators
• Authorities and focused groups

The holder of this job must sign a Data Confidentiality agreement. He/she shall not disclose, allow access to, transmit or transfer confidential information to a third party without prior written consent. He/she may only disclose confidential information to employees on a "need to know" basis. Prior to disclosing, issue…