Cyber Security Incident Response Team (CSIRT) Lead

At Monzo we’re aiming to build the best bank in the world. We are always keen to hear from capable, creative people who want to help us accomplish that goal. We want our bank to be safe and secure for our customers, so security is very important to us.

Security at Monzo

We are looking for a proactive, technically-minded and organised CSIRT Lead to join our Information Security team in the bank’s 1st line of defence which has the ownership, responsibility and accountability for directly assessing, controlling and managing risk. 

The team is part of Monzo’s Security team which has a wide range of responsibilities, from infrastructure security to application and information security. 

You will be working directly with the engineers who are building our platform (rather than in a stand-alone compliance team.

As a bank, we are solving diverse, novel problems to ensure that our customers and data are secure, you will have the opportunity to make a direct impact on that. 

One of the guiding principles of security at Monzo is that security at the expense of user experience is a last resort. We aim to move mountains in the background such that we can build world-class features without compromising on security. 

You will be the CSIRT Lead for Monzo. You will be responsible for all aspects of information security incident response, including:

• Owning, defining and building the end to end information security incident response capability at Monzo.
• Understanding the technical environment at Monzo, the current systems and processes and working through the way information security incidents are currently handled. 
• Understanding and articulating (in a way you define) the current level of maturity of information security incident response at Monzo.
• Outlining the short and long term strategy for information security incident response at Monzo including technology, people and processes required to support your strategy. 
• Owning and operating any technology required to support incident processes at Monzo.
• Making sure that Monzo meets its regulatory requirements regarding information security incident response.
• Being the central point of contact for all information security incident response activities at Monzo. 
• Bringing innovative and cutting edge insights to Monzo on the latest ways to manage and deal with information security incidents.
• Defining and implementing methods to continually measure the level of maturity of information security incident response across Monzo. 
• Work with risk and compliance and across the business to ensure that sufficient controls are in place to mitigate known security risks in this area. 
• Reporting incident status and updates to the relevant governance committees (e.g. Security Council)
• Work with risk and compliance to deliver management information (KRIs) for monthly security risk reporting to the Board and as required.

You should apply if:

• You have a strong background in information security incident response in a commercial environment, preferably a tech company. 
• You are comfortable working autonomously and can build an incident response function from the ground up
• You have previously developed and delivered innovative incident response solutions throughout a commercial environment; 
• You have experience of dealing with stakeholders at all levels of the organisation;
• You are an excellent communicator, both verbally and in writing;

Logistics

• This can be based in our new London office or remote.

Equal Opportunity Statement

At Monzo, embracing diversity in all of its forms and fostering an inclusive environment for all people to do the best work of their lives with us. This is integral to our mission of making money work for everyone.

We're an equal opportunity employer. All applicants will be considered for employment without attention to ethnicity, religion, sexual orientation, gender identity, family or parental status, national origin, veteran, neurodiversity status or disability status.