Security & Resilience Manager
Security & Resilience Manager
- Location(s): UK Wide
- Salary: Competitive
- Contract Type: Permanent
- Ref: R00TR00960
- Closing Date: 09 December 2021
- We're happy to consider flexible working approaches for this role
Nationwide’s reputation depends on the trust of our members and the desire of staff to do the right thing. The ever-increasing importance of our member’s data and interactions bring exposure to a growing number of issues and challenges across the organisation, including the threat of a cyber-attack.
As a Security Manager you will be working in a newly formed, ambitious, well-respected and fast paced team. You will be responsible for the execution of the information risk assessment methodology, manging and reporting on critical controls, providing supportive oversight of control deviations, managing the policy and standards suite, and aiding our Communities in the assessment and management of security related risks within their business services. You’ll have proven well developed interpersonal skills and be able to build and maintain positive working relationships within Nationwide Missions and our Security & Resilience teams.
Your success isn’t based on how long you spend at your desk. You’ll have contracted hours, but we’re always happy to support flexible working wherever we can. That might mean working from home or different Nationwide offices or agreeing a working pattern to help you balance work and life. We will always strive to find a way that works for everyone.
What you’ll be doing
Reporting to the Head of Security & Resilience Centre of Excellence, you will be an influencer in a mindset shift in the department and the wider organisation. You will have responsibility for the implementation of security standards and operation of the Security Risk Management Framework as part of department wide change initiatives.
You will be accountable for:
- Maintaining and uplifting GRC tooling.
- Embedding the Security Risk Management Framework.
- Maintaining and building team member skills to support operational GRC capabilities.
- Conducting annual Scenario Analysis.
- Provision of ISMS and control reporting to support formal governance committees.
- Maintenance of control reporting measures.
- Maintenance of the cyber security Threat Assessment
- Execution of regular risk assessments.
- Providing SME experience in control workshops to obtain a detailed understanding of the control position against the Information Security Policy and Control Standards.
- Supporting embedding of federated security risk and control ownership.
- Supporting the increase of security risk, business processes, control procedures and technical control understanding
- Delivering continued enhancement and operation of an appropriate risk management methodology and associated processes, including the increased use of GRC tooling.
- Supporting the maturation of the security governance, risk and controls framework.
- Building key working relationships with colleagues in the department and across other key control operating business areas e.g. IT. In doing so, become a ‘go to subject matter expert’ in the delivery of security services.
- Working alongside the Compliance function as part of continuous improvement, bringing together the view of compliance alongside the view of residual risk.
The suitable person will have a track record of strong security consultancy and management experience and will be able to demonstrate:
- Strong written and verbal communication skills.
- Proven experience of authoring and maintaining security policies and standards.
- Proven experience of supporting technical and business stakeholders during the adoption of security standards requirements.
- Strong understanding of and contribution towards Information Security Management Systems (ISMS).
- Proven experience of line management and capability development.
- Proven experience in the use of GRC tooling.
- Ability to simplify complex technical subjects into quantitative and qualitative business terminology
- Strong analytical and communication skills with the ability to advise, influence, persuade and prioritise and measure success.
- Excellent and proven relationship management and stakeholder management skills, including the ability to provide constructively challenge to all stakeholders.
- Practical experience in information risk assessment delivery.
- Self-motivated with evidencable experience of embracing and managing security change.
- Understanding of the relationship between security, operational resilience and control functions.
- Proven experience of providing, executing and overseeing security related risk management methodologies in enterprise environments and advising on associated control requirements
- CISSP, CISM, CCSP certification or equivalent experience.
- Experience of the financial services sector
- Practitioner experience of Information and IT security controls
- Experience with AGILE ways of working
- Experience of Cloud Assurance
We know applying for jobs can sometimes feel like you’re sending an application into a black hole. We review each application individually. So, it’s a good idea to call out your most relevant experience on your application to give yourself the best chance.
The extras you’ll get
There are all sorts of employee benefits available at Nationwide, including:
- A personal pension – if you put in 7% of your salary, we’ll top up by a further 16%
- Up to 2 days of paid volunteering a year
- Life assurance worth 8x your salary
- A great selection of additional benefits through our salary sacrifice scheme
- Access to an annual performance related bonus
- Access to training to help you develop and progress your career
- 25 days holiday pro rata
Why work at Nationwide
We’re a building society founded by ordinary people, our members, who came together to help each other get the most from their money, buy homes and save for their futures.
For over 130 years, we’ve supported each other and our communities, and we’ve done the right thing for wider society too. If you come to work here at Nationwide, you’ll be part of that. Part of something a bit different. And something really quite special.
What’s more, we have a strong ethic of care for each other and our members. We recognise that our employees feel most appreciated when their thoughts and values are respected and considered.
We’re committed to creating a culture that recognises and truly values our individual differences and identities.
So, if you’d like to be a part of an inclusive workplace where you can be yourself, where your talents are nurtured, and you feel empowered to contribute, then please apply and help us in building society, nationwide.
What to do next
What to do next If this role is for you, please click the ‘Apply Now’ button. You’ll need to attach your up to date CV and answer a few quick questions for us.
We respond to everyone, so we will be in contact shortly after the closing date to let you know the outcome of your application.