×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Information Security

Cyber Security Lead: Secure Delivery & Assurance; Hybrid

Job in Greater London, London, Greater London, W1B, England, UK
Listing for: Crown Agents Bank Ltd.
Full Time position
Listed on 2026-06-18
Job specializations:
  • IT/Tech
    Cybersecurity, Information Security
Salary/Wage Range or Industry Benchmark: 80000 - 100000 GBP Yearly GBP 80000.00 100000.00 YEAR
Job Description & How to Apply Below
Position: Cyber Security Lead: Secure Delivery & Assurance (Hybrid)
Location: Greater London

Crown Agents Bank is a vastly growing and regulated UK bank that connects emerging and frontier markets to the rest of the world, using FX and payments technology. We are transforming the way payments and FX move through emerging markets, reducing friction so that more money gets to those who need it. Emerging markets payments are usually challenging, expensive, unreliable and opaque.

Our solutions help fix these pain points. Ultimately, we connect traditionally hard-to-reach regions to global financial infrastructure, giving access to the best prices and the fastest, most reliable settlement.

FX and cross-border payments are often complex and expensive, especially when operating in emerging markets. Crown Agents Bank (CAB) wraps its deep and trusted relationships and strength of network around innovative digital capabilities, and cross-border transaction banking solutions to enable fintech, corporates, governments, development organisations and banks to move money to, from, and across often hard-to-reach markets.

Job Description

Role Purpose

This is a specialist dual-focus role at the intersection of secure delivery and security assurance. You will own two primary programmes of work for Crown Agents Bank:

• Security in Change:
Acting as the security voice in project delivery — conducting risk assessments, reviewing architecture, maintaining the Secure SDLC framework, and providing formal security sign-off on material changes.

• Security Assurance:
Running the Bank’s security testing and vulnerability management programme — commissioning and managing penetration tests, owning vulnerability reporting and trend analysis, managing attack surface visibility, and working collaboratively across the business to drive remediation.

You will be technically credible enough to challenge architects and developers, and clear and persuasive enough to land risk decisions with senior stakeholders. As part of a small, high-trust CISO team, you will also flex across the wider service catalogue beyond your primary accountabilities — this provides variety, genuine career breadth, and direct visibility of the firm’s full security posture that a siloed role in a larger team would not.

Role Responsibilities

PILLAR 1 — Security in Change

Primary accountability: own security throughout the project and change lifecycle

• Own and maintain the Secure SDLC framework, ensuring security requirements, controls, and standards are embedded across all material change programmes and project deliveries.

• Conduct security risk assessments on new projects, significant changes, architecture proposals, and new technology initiatives, producing clear risk documentation and recommendations.

• Provide architecture review and formal security sign-off for project delivery, acting as the gating authority for security acceptance of changes into production.

• Define and maintain application security standards including OWASP-aligned secure coding guidelines, security requirements, and application security testing criteria.

• Act as the embedded security adviser to project and engineering teams, providing practical, timely guidance that enables secure delivery without impeding pace.

• Contribute to third-party and vendor risk assessments for new solutions and integrations, ensuring security due diligence is conducted as part of onboarding.

PILLAR 2 — Security Testing & Vulnerability Management

Primary accountability: own the firm’s assurance and vulnerability posture

• Own the vulnerability management programme end-to-end: aggregate and analyse data from Tenable and other scanning tooling, maintain prioritisation logic based on exploitability, asset criticality, and business context, and produce governance-ready reporting for ORC and senior stakeholders.

• Commission, scope, and manage penetration tests (infrastructure, application, and where appropriate red team/social engineering), tracking findings through to remediation closure.

• Own attack surface management — maintain visibility of the firm’s externally exposed assets and services, identify unmanaged or unexpected exposure, and feed findings into the vulnerability management and pentest scoping…

Note that applications are not being accepted from your jurisdiction for this job currently via this jobsite. Candidate preferences are the decision of the Employer or Recruiting Agent, and are controlled by them alone.
To Search, View & Apply for jobs on this site that accept applications from your location or country, tap here to make a Search:
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search