IT and Cyber Risk Assurance
Gurugram
OakNorth
OakNorth Credit Intelligence Suite transforms commercial lending, giving banks 360° views of borrowers, with deeply granular, forward-looking insight, to improve efficiencies, lower credit risk, and drive profitable growth through economic...Job Responsibilities
- This role will specifically focus on our risk profile, in the following key areas:
- Risk Assessment (60%): Risk controls are continuously tested and developed as the bank grows, embracing technology and innovation and using evolving industry best practice
- Produce regular risk assessment reports of people, process, and technology systems to identify key gaps and drive process improvement
- Review information security policies and procedures, with support from subject-matter experts, to ensure strategic, regulatory, and operational goals are met.
- Own risk assessment and assurance with respect to third-party suppliers, partners, and mission-critical technologies
- Partner with cross-functional stakeholders to document identified risks, recommend treatment options, and validate technical mitigation
- Threat Intelligence (20%): Be a trusted partner to the business, providing robust, constructive challenge and helpful guidance
- Assess, research, and report on cyber risks relevant to mission-critical banking operations covering people, process and technology such as threat actors, TTPs and IOCs.
- Develop and refine key metrics to measure Cyber Programme maturity against best-practice baselines, security control effectiveness, and excellence of security operations execution
- Where possible, apply risk management approaches to categorise and quantify exposure to evolving threats
- Process Improvement (20%): Apply strong but proportionate risk controls, in partnership with the business, to protect value and to maintain stakeholder confidence
- Coordinate efforts between tactical and assurance-focused teams to execute on high-visibility compliance objectives, including ongoing management of ISO standards and alignment NIST best practices.
- Directly support OakNorth Bank’s Director of Technology & Cyber Risk to deliver high-quality deliverables and research-based insights to the Chief Risk Officer and Board.
- Review and support virtual security awareness training sessions to drive information security culture and reduce exposure to phishing, social engineering, and end-user attacks.
Desired Skills
- We are looking for experienced risk assessment professionals with a broad security knowledge:
- Good general knowledge of infrastructure and application risks across cloud platforms (e.g., AWS), networks, desktop, servers and mobile.
- Knowledge of security fundamentals, how they apply in real world situations, and how to gauge control effectiveness (e.g., agile development)
- Experience in the practical application of information security technology, operations, and concepts – turning identified risks in actionable tasks.
- Familiarity with technology and security concepts such as configuration hardening, MITRE ATT&CK Framework and vulnerability management
- Familiarity with UK and EU-relevant regulations relating to information security and data privacy, such as GDPR.
- Excellent communication skills, particularly report writing and written communication,
- Ability to translate technical language for a wider audience, and a desire to bridge communication gaps between team members, the team and management, and with the larger security community.
- Ability to translate finished reports from third-party auditors and consultants into actionable risk treatment plans to adequately address findings.
- Relevant degree, and/or 5+ years relevant IT audit, risk, or security experience.
- Ideally, we would like to evidence advanced skills in one or more of these areas:
- Specialist knowledge in infrastructure security e.g., EDR, DLP, penetration testing, technical roles
- Working knowledge of AWS cloud security, or similar cloud environments.
- Expertise across various security control standards and risk management frameworks, such as NIST and ISO 2700x Series
- Exposure to ISO or NIST risk management and governance technologies to support complex requirements and automate evidence collection.
- Advanced technical or management degree, with security specialism.
- One or more relevant technical certifications:
- Risk Management e.g., SANS GCCC, SANS GEVA, SANS GSNA, ISACA CISA, ISACA CRISC
- Security Certifications e.g., CISSP, CISM, CEH, ISO27001 Lead Auditor
- Cloud Certifications: AWS, Azure, Google Cloud
- Technical Certificates: Windows, Linux, Networks, Security Products
For more information regarding our Privacy Policy and practices, please visit: https://www.oaknorth.com/privacy-policy
Tags: Agile Analytics Audits AWS Azure Banking CEH CISA CISM CISSP Cloud Compliance CRISC EDR Finance GCP GDPR Governance GSNA ISACA ISO 27001 Linux MITRE ATT&CK NIST Pentesting Privacy Risk assessment Risk Assessment Report Risk management SANS Threat intelligence TTPs Vulnerability management Windows
Perks/benefits: Startup environment
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Senior Security Analyst jobs
- Open Manager Pentest H/F jobs
- Open Information Security Specialist jobs
- Open Staff Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Senior Information Security Analyst jobs
- Open Senior Cyber Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Principal Security Engineer jobs
- Open Product Security Engineer jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Chief Information Security Officer jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open Senior Information Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open Security Specialist jobs
- Open Cybersecurity Specialist jobs
- Open Senior Penetration Tester jobs
- Open Sr. Security Engineer jobs
- Open Security Researcher jobs
- Open Senior Security Architect jobs
- Open Security Operations Analyst jobs
- Open CISM-related jobs
- Open ISO 27001-related jobs
- Open Windows-related jobs
- Open Application security-related jobs
- Open Network security-related jobs
- Open Agile-related jobs
- Open Pentesting-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open Analytics-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open Security assessment-related jobs
- Open DevOps-related jobs
- Open Malware-related jobs
- Open Kubernetes-related jobs
- Open CI/CD-related jobs
- Open Security Clearance-related jobs
- Open IDS-related jobs
- Open EDR-related jobs
- Open CEH-related jobs