6 months ago
* Security Consultant – Governance, Risk & Control (GRC), Head Office Swindon
* £42,370 - £61,201 a year on a Full time, permanent contract.
* Send in your application by 20th February 2019.
Nationwide’s reputation depends on the trust of our members and the desire of staff to do the right thing. The ever-increasing importance of our member’s data and interactions bring exposure to a growing number of issues and challenges across the organisation, including the threat of a cyber-attack.
As a Security Consultant you will be working in a newly formed, ambitious, well-respected and fast paced team. You will be responsible for the execution of the information risk assessment methodology and aiding our Communities in the assessment and management of security risks within their business services. You’ll have well developed interpersonal skills and be able to build and maintain the right relationships within Nationwide Communities and our Security teams. This will ensure that risk assessments are performed on a BAU basis and during the significant changes planned in our Big Investment – all in accordance with recognised industry practices.
As a building society, we’re run for and on behalf of our members. Not shareholders. This means that we reinvest our profits back into products and services to improve our members’ lives. It also allows us to invest in the latest security technology whilst being at the cutting edge of API, Cloud, Agile and DevOps ecosystems.
Who we're looking for
The successful person will have or be able to demonstrate:
* Ability to simplify complex technical subjects into quantitative and qualitative business terminology
* Strong analytical and communication skills with the ability to advise, influence, persuade and prioritise and measure success
* Excellent and proven relationship management and stakeholder management skills, including the ability to provide constructive challenge to all stakeholders
* Demonstrable practical experience in information risk assessment
* Self-motivated with evidencable experience of embracing and managing security change
* Understanding of the relationship between security, operational resilience and control functions
* Flexible approach to working and embracing new working concepts
* Proven experience of providing, executing and overseeing security risk management methodologies in enterprise environments and advising on associated control requirements
* Strong attention to detail, with excellent analytical skills
* Demonstrable well developed written and presentation skills
* CISSP, CISM, CRISC or equivalent experience
It would be nice if you also had:
* Experience of the financial services sector
* Exposure to and knowledge of information assurance procedures
* Practitioner experience of Information and IT security controls
* Public Speaking experience
* Knowledge of Cloud Security
* Experience with GRC Technologies and Processes
* Experience with AGILE ways of working
What you'll be doing
Working alongside the Security Manager for Information Risk in Security, you will be an influencer in a mindset shift in the department and the wider organisation. You will have accountability for the implementation and execution of the information risk assessment methodology as part of department wide change initiatives.
You will be accountable for:
* support and accelerate the development of the information risk assessment toolkit and methodology
* deliver continued enhancement and operation of an appropriate risk management methodology and associated processes
* ensure appropriate risk management and technical responses are identified and prioritised
* support the development and performance of business impact assessments
* ensure information risk management processes are aligned with wider organisational risk management approach
* build effective relationships with stakeholders within the Society to establish the team as a trusted advisor in information risk management
* engagement with business communities to help embed and execute information risk assessments for the Society’s information assets
* support the maturation of the security governance, risk and controls framework
* management of central risk registers and influencing control improvements.