Information Security Risk Analyst

London, England, United Kingdom

Starling Bank

Transform the way you manage your money with Starling Bank. Enjoy personal and business banking online and at your fingertips, always. Apply in minutes.

View company page

Hello, we’re Starling. We built a new kind of bank because we knew technology had the power to help people save, spend and manage their money in a new and transformative way. We’re a fully licensed UK bank with the culture and spirit of a fast-moving, disruptive tech company.We’re a bank, but better: fairer, easier to use and designed to demystify money for everyone. Since our launch in 2014, we’ve opened over three million accounts and we've been voted Best Current Account Provider five years in a row. We employ more than 2,300 people across our London, Southampton and Cardiff offices and will open our Manchester office in 2023.

The Information Security Risk Analyst role sits within the Risk department in the second line of defence. The Risk department is responsible for developing the risk management framework for the business, challenging activities and reports from the first line and monitoring and reporting on risks and controls to the relevant committees, ensuring that the first line continues to operate within the risk appetite and tolerances that have been set.

Role Purpose

  • The Information Security Risk Analyst will support and report directly into the Head of Information Security Risk but will have exposure across the Bank to the management of Starling’s information security risks.
  • The role holder will perform assurance of the information security and resilience of Starling Bank, our technology, people and processes

Key Responsibilities

  • Provide technical oversight of information security, ensuring risks are identified, managed and escalated appropriately.
  • Assure the resilience and security of Starling Bank’s technology operation by all techniques from inspection, interview to direct testing and scripted checks.
  • Provide sound evaluation of issues, incidents and vulnerabilities and experienced technology opinion to the risk department as a whole.
  • Challenge potential flaws or vulnerabilities in process, architecture or code, both directly with first line staff and indirectly via review process.
  • Work with first line to improve controls and risk management in-line with strategic objectives, regulatory requirements and evolving threat landscape.
  • Establish strong relationships with our engineers, security team, and leadership.

Requirements

You will have the ability to apply a risk-based approach to challenge the first line across security domains, and have practical expertise in several of the following areas:

  • Awareness of the technology-related risks a bank may face. Ideally including hands-on experience of technology in a fintech or a tech-focused organisation.
  • Experience of managing the regulatory and compliance challenges in financial services or another heavily regulated sector.
  • Security in a cloud environment (AWS, GCP), working with containerisation, microservices, serverless and infrastructure-as-code.
  • Ability to determine how to test hypotheses and make sensible cost and benefit trade-offs in determining what tests and resulting changes are warranted.
  • Engaging directly with engineers, reviewing and testing source code and performing manual or automated application security testing effectively as part of CICD pipelines.
  • Programming skills including but not limited to Java, Python, SQL, Kotlin and Swift.
  • Security logging, monitoring and alerting, including configuration and review of detection rules.
  • Ability to understand and evaluate findings from penetration testing, bug bounties, responsible disclosure programmes from an assurance perspective.
  • Familiarity with vulnerability and configuration scanning tools, and auditing patch management.
  • Good interpersonal skills with ability to challenge in a positive manner and handle difficult situations.
  • Be self motivated, enjoy problem solving and want to continue to learn and develop.

Benefits

  • 25 days holiday (plus take your public holiday allowance whenever works best for you)
  • An extra day’s holiday for your birthday
  • Annual leave is increased with length of service, and you can choose to buy or sell up to five extra days off
  • 16 hours paid volunteering time a year
  • Salary sacrifice, company enhanced pension scheme
  • Life insurance at 4x your salary
  • Private Medical Insurance with VitalityHealth including mental health support and cancer care. Partner benefits include discounts with Waitrose, Mr&Mrs Smith and Peloton
  • Generous family-friendly policies
  • Perkbox membership giving access to retail discounts, a wellness platform for physical and mental health, and weekly free and boosted perks
  • Access to initiatives like Cycle to Work and Salary Sacrificed Gym partnerships

About Us

You may be put off applying for a role because you don't tick every box. Forget that! While we can’t accommodate every flexible working request, we're always open to discussion. So, if you're excited about working with us, but aren’t sure if you're 100% there yet, get in touch anyway.

We’re on a mission to radically reshape banking – and that starts with our brilliant team. Whatever came before, we’re proud to bring together people of all backgrounds and experiences who love working together to solve problems.

Starling Bank is an equal opportunity employer, and we’re proud of our ongoing efforts to foster diversity & inclusion in the workplace. Individuals seeking employment at Starling Bank are considered without regard to race, religion, national origin, age, sex, gender, gender identity, gender expression, sexual orientation, marital status, medical condition, ancestry, physical or mental disability, military or veteran status, or any other characteristic protected by applicable law.

By submitting your application, you agree that Starling Bank may collect your personal data for recruiting and related purposes. Our Privacy Notice explains what personal information we may process, where we may process your personal information, its purposes for processing your personal information, and the rights you can exercise over our use of your personal information.

* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰

Tags: Application security Audits AWS Banking Cloud Compliance FinTech GCP Java Kotlin Microservices Monitoring Pentesting Privacy Python Risk management RMF SQL Vulnerabilities

Perks/benefits: Fitness / gym Flex hours Flex vacation Health care Home office stipend Insurance Medical leave Wellness

Region: Europe
Country: United Kingdom
Job stats:  15  2  0

More jobs like this

Explore more InfoSec / Cybersecurity career opportunities

Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.