Director, Technology and Cyber risk

Reports to: Chief Risk Officer  Outcomes You are responsible for providing independent, effective, and proportionate ‘second line’ assurance of the design and operation of the Bank’s IT platform, and the adequacy and effectiveness of the framework of controls and defences, in order to ensure both its resilience and the adequacy of its cyber defences.  You will be responsible for delivery of the related V2MOMs.  Activities  This is a key senior leadership role in the ‘second line of defence’ of the Bank which exists to deliver vital outcomes in the following areas:  1.       To assure IT strategy and its implementation   ·       Provide guidance and advice on the Bank’s IT Strategy and IT Architecture, and review it from a ‘second line’ assurance perspective, in order to support the CTO, CISO, the Director Cybersecurity, and the Director IT Operations in the ‘first line’ who lead its development. The objective is to ensure its resilience, using up-to-date best practice·       Provide assurance over design compliance with relevant standards, including NIST and (in due course) ISO27001·       Review governance, policies, procedures, systems, tools and controls for IT operations and cyber security, to ensure their adequacy and effectiveness in protecting the Bank’s infrastructure and its data security ·       Assure new products, tools and systems at design and implementation stage as they are developed by the ‘first line’ business·       Maintain an independent assessment of the Bank’s overall maturity and status against the NIST and CQUEST frameworks, and report regularly to senior management ·       Educate and inform the Bank’s Board and EXCO on IT resilience and cyber risk, and promote a team effort on cyber defence across the whole Bank through advice and influence 2.       Identify and protect ·       Provide an independent view of existing and emerging threats and risks to the Bank, and overview the adequacy of cyber threat intelligence activity. Liaise with industry bodies as appropriate to undertake this. ·       Manage an on-going programme of ‘second line’ assurance of IT resilience and cyber security, including independently monitoring and analysing data / MI on IT operations and cyber activity, and the progress of new projects·       Undertake thematic reviews of key aspects of the Bank’s infrastructure and controls in a regular cycle·       Provide assurance of the management control framework, including management of both BAU activities / maintenance, and change management / the introduction of new systems, tools and processes. This will include oversight and assurance of regular testing (such as Pen Testing) and the pre-launch testing of new systems, tools and processes. It will also include assurance of controls over Outsourced Service Providers, including the Security Operations Centre service·       Ensure the maintenance of standards and compliance with frameworks including NIST and (in due course) ISO27001 ·       Review and risk assess new systems, processes and change projects at the design stage in close liaison with the ‘first line’, providing a ‘second line’ review, and later provide an assurance review at the go-live stage  ·       Deliver independent reports on IT operations and cyber defences to ISMS, ERC, and Board on a monthly and quarterly cycle  3.       Respond and recover  ·       Oversee incident response planning and recovery arrangements from a ‘second line’ perspective, in order to protect the Bank’s IT and data assets and the ability to restore operations. Ensure that back-up and recovery plans are adequate, and are tested regularly including a full review of the output ·       Jointly lead with the CTO on the response to any breaches or Events ·       Investigate after breaches or Events and make recommendations for avoiding similar vulnerabilities Competencies  ·     Energy, pace, and strong work ethic. Able to effectively manage and prioritise a substantial workload (‘Momentum’)·     Commitment to excellence (‘10x’)·     Ability to partner with stakeholders in different parts of the business (‘OneTeam’)·     Strong written and verbal communication skills; able to present technical issues effectively to senior management·     Analytical skills, able to analyse complex issues in a methodical and structured way with appropriate attention to detail. ·     Logical thinking, ability to get to the simplest answer as opposed to a convoluted one, and an approach to risk management which is proportionate (‘Challenge & Simplify’)·     Confidence to be able to challenge the ‘first line’ business and to apply influencing skills, and to hold fast to risk principles and standards. To do so firmly but not aggressively to achieve a good, co-operative working relationship (‘Trusted Partner’) Job-Specific ·     Several years ‘hands on’ experience in cybersecurity, some of which is in the financial services industry in a bank or consultancy;·     University degree (computer science or cybersecurity degree is an advantage, but applicants with degrees in other disciplines are welcome to apply);·     Solid experience in security monitoring or audit as well as international exposure is an advantage;·     Proven knowledge and expertise in business fields such as cybersecurity and IT risk; audit and compliance, with a broad strategic vision across the IT architecture and cyber security landscape·     Knowledge of threat analysis·     Knowledge of the latest technologies and practices, and of current best practice in IT architecture design, cybersecurity, and data protection·     Knowledge of IT and cybersecurity standards and frameworks including NIST and ISO27001 Benefits and Perks:
·       Equity. We want people to have a stake in the business so that all our interests are aligned. It’s your baby too ·       25 days holiday – and we really want you to take it. Burnout is not big or clever ·       Personalised benefits – opt-in to what matters to you ·       Enhanced family leave ·       Wellbeing and social events ·       Barista bar in the London office 
About UsWe’re OakNorth Bank and we embolden entrepreneurs to realise their ambitions, understand their markets, and apply data intelligence to everyday decisions to scale successfully at pace.  Banking should be barrier-free. It’s a belief at our very core, inspired by our entrepreneurial spirit, driven by the unmet financial needs of millions, and delivered by our data-driven tools. And for those who love helping businesses thrive? Our savings accounts help diversify the high street and create new jobs, all while earning savers some of the highest interest on the market.  But we go beyond finance, to empower our people, encourage professional growth and create an environment where everyone can thrive. We strive to create an inclusive and diverse workplace where people can be themselves and succeed. Our story OakNorth Bank was built on the foundations of frustrations with old-school banking. In 2005, when our founders tried to get capital for their data analytics company, the computer said ‘no’. Unfortunately, all major banks in the UK were using the same computer – and it was broken.  Why was it so difficult for a profitable business with impressive cashflow, retained clients, and clear commercial success to get a loan?  The industry was backward-looking and too focused on historic financials, rather than future potential. So, what if there was a bank, founded by entrepreneurs, for entrepreneurs? One that offered a dramatically better borrowing experience for businesses? No more what ifs, OakNorth Bank exists.  
For more information regarding our Privacy Policy and practices, please visit: https://www.oaknorth.com/privacy-policy