Cyber Security Associate

A leading Financial Regulator is on the look out for a Cyber Risk Specialist to join their Cyber Specialists Team.

The Cyber Specialists Team sits within the Specialists Supervision Division. The team is a centre of expertise within the business and is responsible for developing and implementing strategy on cyber to increase the resilience of firms and markets to cyber threats. It provides specialist support to supervisors and various other teams across the business with cyber risk and resilience expertise.

The team interfaces regularly with a number of other regulatory bodies in the UK such as the Bank of England, the PRA, Her Majesty’s Treasury, The National Cyber Security Centre (NCSC) and other UK government agencies, as well as pan European and global regulatory bodies on a range of cyber resilience supervisory topics.

This role supports delivery of strategy throughout the business through delivery of a challenging and varied portfolio of work, covering all financial services sectors. The job is an ideal position to demonstrate your specialist expertise in Cyber Risk management, and to leverage this expertise to support the business' objectives.

More specifically, you will:

  • Lead or support firm reviews (either desk and / or visits based) to provide supervisors with a forward looking judgement based assessment, supported by the facts, on whether or not a firm's cyber resilience arrangements provide sufficient comfort in the specific area under review and, where this is not the case, recommend action points. These visits may be tied into the firm’s cyber risk assessment process, or be ad hoc requests originating from an adverse event or a newly raised concern;
  • Support the supervision teams in responding to and assessing firms responses to crystallised cyber risks;
  • Lead or support cyber and information security related thematic work;
  • Provide subject matter expertise and act as a point of reference for colleagues both inside and outside the team;
  • You may also lead or support the team in one or more of assessment framework, stakeholder management, project management, communications and incident management activities.
What do you need?
  • Experience of assessing cyber risk and resilience capabilities;
  • Broad experience across all cyber risk management domains (strategy; governance and risk management; protection, detection, response, recovery and resumption of services; situational awareness; testing);
  • Strong written and verbal communication skills;
  • Detailed knowledge of leading practice cyber standards and guidance, such as 10 Steps to Cyber Security, the NIST framework and the CIS 20 critical security controls;
  • An industry recognised qualification e.g. QiCA, CISA, CISM, CISSP etc.
  • Strong interpersonal skills with evidence of team working and confidence, credibility and ability to interact effectively with a range of stakeholders including senior executives at firms;
  • Strong analytical capability and judgement to assess risk to the business objectives and identify effective mitigation strategies;
  • Can demonstrate taking pride in work and ensuring it is of the highest standard;
  • Strong oral communication skills including clear and effective presentation to both internal and external audiences;
  • Experience of project management including developing and delivering against plans, managing risks and issues along the way.
  • Experience of assessing cyber risk and resilience across a number of sectors regulated by the business and its impact on business objectives;
  • Understanding of global regulatory landscape for cyber risk.