Security Consultant: Risk, Controls & Compliance
Security Consultant: Risk, Controls & Compliance
- Location(s): UK Wide
- Salary: Competitive
- Contract Type: Permanent
- Ref: R00TR00330
- Closing Date: 02 July 2021
- We're happy to consider flexible working approaches for this role
Nationwide’s reputation depends on the trust of our members and the desire of staff to do the right thing. The ever-increasing importance of our member’s data and interactions bring exposure to a growing number of issues and challenges across the organisation, including the threat of a cyber-attack.
As a Security Consultant you will be working in a newly formed, ambitious, well-respected and fast paced team responsible for delivering security control and risk management maturity across Nationwide Building Society. You’ll have well developed interpersonal skills and be able to build and maintain the right relationships within Nationwide Communities and our Security & Resilience teams. This will ensure that risk assessments are performed and management is owned by business owners – all in accordance with recognised industry practices.
As a building society, we’re run for and on behalf of our members. Not shareholders. This means that we reinvest our profits back into products and services to improve our members’ lives. It also allows us to invest in the latest security technology whilst being at the cutting edge of API, Cloud, Agile and DevOps ecosystems.
At Nationwide we openly put our 15 million members at the centre of every decision we make as a business. Every role, no matter what it’s doing, is member focused.
What you’ll be doing
Working alongside the Security Manager for Frameworks and Insight team in Security & Resilience, you will be an influencer in a mindset shift in the department and the wider organisation. You will have accountability for the implementation and execution of the information risk assessment methodology as part of department wide change initiatives.
You will be a key member of the team in:
- providing SME experience in control workshops to obtain a detailed understanding of the control position against the Information Security Policy and Control Standards.
- supporting embedding of a federated security risk and control ownership, including oversight of remediation activities
- supporting the increase of security risk, business processes, control procedures and technical control understanding
- delivering continued enhancement and operation of an appropriate risk management methodology and associated processes, including the increased use of GRC tooling
- supporting the maturation of the security governance, risk and controls framework.
- providing oversight reporting and escalation of control issue themes to senior risk committees to facilitate risk-based decision making on prioritised control improvement.
- building key working relationships with colleagues in the department and across other key control operating business areas e.g. IT. In doing so, become a ‘go to subject matter expert’ in the delivery of security services.
- working alongside the Compliance function as part of continuous improvement, bringing together the view of compliance alongside the view of residual risk.
- Ability to simplify complex technical subjects into quantitative and qualitative business terminology
- Strong analytical and communication skills with the ability to advise, influence, persuade, prioritise and measure success
- Excellent and proven relationship management and stakeholder management skills, including the ability to provide constructive challenge to all stakeholders
- Demonstrable practical experience of defining and maintaining security control requirements through the Security Policies, Directives and Standards.
- Self-motivated with evidencable experience of embracing and managing security change
- Understanding of the relationship between security, operational resilience and control functions
- Flexible approach to working and embracing new working concepts
- Proven experience of providing, executing and overseeing security related risk management methodologies in enterprise environments and advising on associated control requirements
- Demonstrable well developed written and presentation skills
- CISSP, CISM, CRISC qualification or equivalent experience
- Experience of the financial services sector
- Experience of using/implementing ISO27001/2
- Experience with using & continuous improvement to GRC processes and technologies.
- Practitioner experience of Information and IT security controls
- Exposure to and knowledge of information assurance procedures
- Public speaking experience
- Experience with AGILE ways of working
- Experience of Cloud Assurance
We’re also interested in who you are as a person. Why? Because our membership is made up of so many different kinds of people, so we want our employees to be just as diverse. We’d love to hear about:
- Your values, and what makes you who you are
- How you’d make a difference to our members in this role
We know applying for jobs can sometimes feel like you’re sending an application into a black hole. We review each application individually. So, it’s a good idea to call out your most relevant experience on your application to give yourself the best chance.
The extras you’ll get
Our people’s success isn’t based on how long they spend at their desk. While you’ll have contracted hours, we want to offer a flexible environment where possible. That might be working from home, logging on from other offices across the UK, or working part time or compressed hours.
There are all sorts of employee benefits available at Nationwide, including:
- A personal pension – if you put in 7% of your salary, we’ll top up by a further 16%
- Up to 2 days of paid volunteering a year
- Life assurance worth 8x your salary
- A great selection of additional benefits through our salary sacrifice scheme
- Access to an annual performance related bonus
- Access to training to help you develop and progress your career
- 25 days holiday
Why work at Nationwide
We’re a building society founded by ordinary people, our members, who came together to help each other get the most from their money, buy homes and save for their futures. For over 130 years, we’ve supported each other and our communities, and we’ve done the right thing for wider society too.
If you come to work here at Nationwide, you’ll be part of that. Part of something a bit different. And something really quite special.
What’s more, we have a strong ethic of care for each other and our members. We recognise that our employees feel most appreciated when their thoughts and values are respected and considered. We’re committed to creating a culture that recognises and truly values our individual differences and identities. So if you’d like to be a part of an inclusive workplace where you can be yourself, where your talents are nurtured, and you feel empowered to contribute, then please apply and help us in building society, nationwide.
What to do next
If this role is for you, please click the ‘Apply Now’ button. You’ll need to attach your up to date CV and answer a few quick questions for us.
We respond to everyone, so we will be in contact shortly after the closing date to let you know the outcome of your application.