Information Security Manager

Key Responsibilities

To lead, create, maintain and undertake regular review of Information Security Management Framework and IT Security policies, standards, and procedures whilst ensuring alignment with the Information Security strategy and relevant best practices such as NIST Cyber Security Framework and ISO 27001.

Ensure that the Information Security Management Framework is applied and used by the Bank and its subsidiaries.  Act as a facilitator to ensure the smooth running of the Framework.

Monitor, enable, and enforce compliance with regulatory and legal expectations (including DPA) and taking into account widely accepted standards, such as NIST CSF, ISO 27000, COBIT and Information Security elements of product and process standards such as for BACS, CHAPS, Faster Payments and PCI DSS.

Manage a risk based approach to Information Security by developing and delivering effective technical and non-technical controls to mitigate Cyber Security risks effectively, proportionately and align with risk governance at Secure Trust Bank.

Produce and oversee reports, metrics and management information on the development and implementation of the Information Security Management Framework, Policies, and Standards for governance committees including Board Risk Committee, and Executive Committee.

Oversee the arrangement, management, risk remediation, monitoring, and reporting from penetration tests, vulnerability scans, and relevant audits at STBG.  

Manage elements of live Cyber Security incidents, providing effective and timely advice and coordination in collaboration with suppliers, internal teams, and other external stakeholders, and to improve existing Group Cyber Incident Response Procedure and Business Continuity Plans (BCP) where applicable.

To obtain and act upon vulnerability and threat information, including cyber threat intelligence, the STBG Security Information & Event Management solution (SIEM) and the Security Operations Centre (SOC), to conduct cyber security risk assessments for NBS.

Develop and implement, together with suitable materials, an information security awareness and training programme and measure effectiveness across technical and non technical teams.

Proficient in industry standards and methodologies associated with information security, including NIST Cyber Security Framework, ISO27001/2, COBIT, PCI DSS

Experience working within a highly regulated industry essential - preferable FS (FCA, PRA)

IT and Information Security, including in-depth understanding of associated technologies and architectures which includes:

• Vulnerability & Patch management
• Virus Scan Tools and Technologies
• Microsoft operating systems
• Network Security
• Network penetration testing
• Firewalls, IPS and VPN’s
• Mobile Device Management and Security
• Access Management, Monitoring and Auditing Tools
• Network Monitoring and Management Tools
• Identity & Access Management
• Database Security
• Business Applications Security
• Cloud Security

Everyone is different. Everyone is valued

As part of our vision to become the most trusted specialist lender in the UK, we’ve been helping customers and businesses fulfil their ambitions since 1952.  In that time, we’ve learned that we’re more than the sum of our parts. We’re a strong Group because of our people and our strengths; specialist, expert, ambitious and also diverse. All of our people are different and this is something we celebrate.

Every one of our employees brings unique talent, ability and perspective to their role.

That’s why Secure Trust Bank Group nurtures differences. We understand that we perform better because we’re not cast from the same mould. We actively embrace and support diversity, work with leading industry bodies and promote initiatives that reinforce our philosophy of giving you the freedom to be who you are.

We’re an award-winning bank providing savings accounts and lending services to over one million customers. We’re Secure Trust Bank Group. We embrace difference.