IT and Cyber Risk Assurance

Our vision is to promote an open, collaborative, risk-aware culture where proportionate risk management supports long-term sustainable growth. The ‘Technology and Cyber Risk’ team consists of a Director, supported by Risk Analyst(s). The team operates as specialists within a wider second line Risk team which includes Operational and Credit risk, reporting to Chief Risk Officer. We work very closely with our colleagues in the Technology and Information Security teams.

Job Responsibilities

• This role will specifically focus on our risk profile, in the following key areas:
• Risk Assessment (60%): Risk controls are continuously tested and developed as the bank grows, embracing technology and innovation and using evolving industry best practice
• Produce regular risk assessment reports of people, process, and technology systems to identify key gaps and drive process improvement
• Review information security policies and procedures, with support from subject-matter experts, to ensure strategic, regulatory, and operational goals are met.
• Own risk assessment and assurance with respect to third-party suppliers, partners, and mission-critical technologies
• Partner with cross-functional stakeholders to document identified risks, recommend treatment options, and validate technical mitigation
• Threat Intelligence (20%): Be a trusted partner to the business, providing robust, constructive challenge and helpful guidance
• Assess, research, and report on cyber risks relevant to mission-critical banking operations covering people, process and technology such as threat actors, TTPs and IOCs.
• Develop and refine key metrics to measure Cyber Programme maturity against best-practice baselines, security control effectiveness, and excellence of security operations execution
• Where possible, apply risk management approaches to categorise and quantify exposure to evolving threats
• Process Improvement (20%): Apply strong but proportionate risk controls, in partnership with the business, to protect value and to maintain stakeholder confidence
• Coordinate efforts between tactical and assurance-focused teams to execute on high-visibility compliance objectives, including ongoing management of ISO standards and alignment NIST best practices.
• Directly support OakNorth Bank’s Director of Technology & Cyber Risk to deliver high-quality deliverables and research-based insights to the Chief Risk Officer and Board.
• Review and support virtual security awareness training sessions to drive information security culture and reduce exposure to phishing, social engineering, and end-user attacks.

Desired Skills

• We are looking for experienced risk assessment professionals with a broad security knowledge:
• Good general knowledge of infrastructure and application risks across cloud platforms (e.g., AWS), networks, desktop, servers and mobile.
• Knowledge of security fundamentals, how they apply in real world situations, and how to gauge control effectiveness (e.g., agile development)
• Experience in the practical application of information security technology, operations, and concepts – turning identified risks in actionable tasks.
• Familiarity with technology and security concepts such as configuration hardening, MITRE ATT&CK Framework and vulnerability management
• Familiarity with UK and EU-relevant regulations relating to information security and data privacy, such as GDPR.
• Excellent communication skills, particularly report writing and written communication,
• Ability to translate technical language for a wider audience, and a desire to bridge communication gaps between team members, the team and management, and with the larger security community.
• Ability to translate finished reports from third-party auditors and consultants into actionable risk treatment plans to adequately address findings.
• Relevant degree, and/or 5+ years relevant IT audit, risk, or security experience.
• Ideally, we would like to evidence advanced skills in one or more of these areas:
• Specialist knowledge in infrastructure security e.g., EDR, DLP, penetration testing, technical roles
• Working knowledge of AWS cloud security, or similar cloud environments.
• Expertise across various security control standards and risk management frameworks, such as NIST and ISO 2700x Series
• Exposure to ISO or NIST risk management and governance technologies to support complex requirements and automate evidence collection.
• Advanced technical or management degree, with security specialism.
• One or more relevant technical certifications:
• Risk Management e.g., SANS GCCC, SANS GEVA, SANS GSNA, ISACA CISA, ISACA CRISC
• Security Certifications e.g., CISSP, CISM, CEH, ISO27001 Lead Auditor
• Cloud Certifications: AWS, Azure, Google Cloud
• Technical Certificates: Windows, Linux, Networks, Security Products

About UsWe’re OakNorth Bank and we embolden entrepreneurs to realise their ambitions, understand their markets, and apply data intelligence to everyday decisions to scale successfully at pace.  Banking should be barrier-free. It’s a belief at our very core, inspired by our entrepreneurial spirit, driven by the unmet financial needs of millions, and delivered by our data-driven tools. And for those who love helping businesses thrive? Our savings accounts help diversify the high street and create new jobs, all while earning savers some of the highest interest on the market.  But we go beyond finance, to empower our people, encourage professional growth and create an environment where everyone can thrive. We strive to create an inclusive and diverse workplace where people can be themselves and succeed. Our story OakNorth Bank was built on the foundations of frustrations with old-school banking. In 2005, when our founders tried to get capital for their data analytics company, the computer said ‘no’. Unfortunately, all major banks in the UK were using the same computer – and it was broken.  Why was it so difficult for a profitable business with impressive cashflow, retained clients, and clear commercial success to get a loan?  The industry was backward-looking and too focused on historic financials, rather than future potential. So, what if there was a bank, founded by entrepreneurs, for entrepreneurs? One that offered a dramatically better borrowing experience for businesses? No more what ifs, OakNorth Bank exists.  
For more information regarding our Privacy Policy and practices, please visit: https://www.oaknorth.com/privacy-policy