Overview

The Assistant Manager Information Security will play a critical role in safeguarding the bank's information assets, infrastructure, and customer data against evolving cyber threats. This role is responsible for driving and managing information security operations, ensuring continuous monitoring, identification, and timely remediation of security vulnerabilities to uphold a resilient security posture, and provide management with up-to-date reports on the bank's security posture. The role also supports compliance with UK regulatory requirements, industry standards, and best practices, and contributes to the development and enhancement of security frameworks, policies, and controls. The role includes knowledge of security infrastructure, including AWS cloud environments, to ensure cyber resilience and protect against risks while fostering a culture of sound security across the organization.

Responsibilities

• Strategic Responsibilities
• Provide proactive security oversight and assurance for new initiatives and ongoing projects, ensuring that information security and regulatory requirements are embedded from design through implementation
• Collaborate with senior stakeholders, regulators, and external partners to align on security standards, communicate risks, and deliver solutions that balance business objectives with compliance obligations
• Actively participate in governance forums and internal committees, presenting emerging risks, security trends, and strategic recommendations to strengthen resilience and maintain the bank's security posture
• Advise on regulatory compliance requirements, data protection obligations, and breach notification processes, ensuring the bank meets FCA, PRA, PSR, and other applicable regulatory expectations

• Operational Responsibilities
• Lead and conduct comprehensive information security risk assessments to identify, evaluate, and prioritize threats, ensuring effective controls are implemented and maintained
• Establish, document, and enforce security controls that safeguard information flows across internal systems, third parties, and public networks
• Develop, maintain, and execute incident response and crisis management procedures, ensuring swift and effective mitigation of security events while minimizing business disruption
• Monitor security operations to identify anomalies, investigate incidents, and coordinate timely remediation with internal teams and external providers
• Keep up-to-date with evolving threat intelligence, security breaches, and industry developments, recommending proactive remediation measures and best practices to protect the bank's systems and data

• Assurance & Compliance Responsibilities
• Partner with auditors, regulators, and payment schemes by preparing evidence, delivering subject matter expertise, and supporting internal and external audits, certifications, and reviews
• Evaluate and enhance the effectiveness of the bank's information security policies, procedures, and controls, driving continuous improvement and compliance with internal standards and regulatory frameworks
• Support management reporting by providing timely, accurate, and risk-focused updates on security posture, incidents, and compliance activities

• General
• Be the primary point of contact for all information security alerts and breaches within the bank and coordinate responses via incident management protocols
• Daily administrative tasks, reporting, and communication with the relevant departments in the organization
• Maintain security records and documents of controls, security dashboards and reports
• Assist in conducting reviews and assessments to identify and report potential vulnerabilities, weaknesses and threats
• Implement, manage and monitor security controls to protect the bank's data, systems and network
• Ensure that the organization's data and infrastructure are protected by enabling the appropriate security controls

• Conduct Rules
• CONDUCT RULE 1: You must act with integrity
• CONDUCT RULE 2: You must act with due skill, care and diligence
• CONDUCT RULE 3: You must be open and cooperative with the FCA, the PRA and other regulators
• CONDUCT RULE 4: You must pay due regard to the interests of customers and treat them fairly
• CONDUCT RULE 5: You must observe proper standards of market conduct

• Education & Training
• Bachelor's degree in Information / Cyber Security; equivalent professional experience may be considered
• Relevant and specialized certifications in cybersecurity and information security. Technology-centric training and certification is an advantage

• Experience And Skills
• 3+ years of proven experience in information security management, covering risk management, incident response, threat intelligence, and cyber security solutions
• Strong knowledge of security technologies and controls (e.g., firewalls/WAF, SIEM, anti-malware, mobile application security, IAM/PAM) with exposure to cloud security (AWS)
• Experience conducting vulnerability assessments, penetration testing, and security evaluations, with the ability to analyse events and deliver effective remediation
• Solid understanding of the cyber threat landscape, incident/breach management, and industry frameworks such as ISO27001, NIST CSF, PCI-DSS
• Excellent analytical, communication, and stakeholder engagement skills, with the ability to influence decision-making across technical and non-technical teams
• Committed to continuous learning, keeping up-to-date with evolving threats, technologies, and regulatory requirements

• Benefits
• 25 days annual leave entitlement plus 8 bank holidays
• Pension scheme, 4% employer contribution
• Private Medical Insurance
• Hybrid working after successful probation period
• Training and development
• Free gym access in the building

Seniority level

Mid-Senior level

Employment type

Full-time

Job function

Other

Industries

IT Services and IT Consulting