Information Security Assurance Lead
Salary: National ranging from £57,600 to £81,000 and London from £63,300 to £90,000
Are you interested in influencing the strategic direction of cyber security and information resilience?
The team/department
Cyber and Information Resilience (C&IR) is responsible for the management of cyber security at the FCA. 'Cyber security' means the protection of the FCA's data and systems from malicious activity, including theft, damage and disruption, in order that the FCA can deliver its key business functions. C&IR is now part of a new formed Directorate lead by our CISO, Director of Cyber & Operational Resilience Division.
The role is based in Operational Assurance team, who leads on the FCA & PSR cyber assurance activities working to determine that correct cyber governance and control measures are in place.
The team conducts thorough reviews, analysis and testing to confirm the appropriate application (whether through technology, process, or behaviour) of the policies and the secure operation of the FCA/PSR’s systems and the information and data there on.
What you will be doing (the role)
Assist the Operational Assurance Manager in developing cyber assurance strategy, defining goals to align with C&IR Strategy and framework
Oversight and monitoring C&IR’s security strategy, implement preventive measures to protect sensitive data, and ensuring compliance with regulation
Manage the end-to-end delivery of key workstreams mainly, third party risk assessment, post incident review, threat and vulnerability assessments, security assessment (red teaming) and penetration testing
Enhance third-party cyber risk monitoring (using a tool) and service driven assessments with analytical/ qualitative/ quantitative methods to simplify processes amidst cloud vendor changes and evolving cybersecurity needs
Ensure adequate monitoring capabilities for FCA/PSR supply chain are delivered via the new tooling and aligning to cyber risk metrics (and the Cyber Risk Management Framework) and key risk indicators
Assure and report on cyber threats and security vulnerabilities that impact supply chain performance by implementing security by design capabilities and compliance automation
Guiding and managing an operational team with technical expertise, fostering Agile practices to build high performing cross functional team
What you will get from the role
Experience of acting as a mentor to a multi-disciplinary team that is strategically important to the mission of the FCA
Influence the strategic direction of cyber security and information resilience
Act as a subject matter expert for various steering groups, forums and projects supporting the Operational Assurance Manager
Our competitive flexible benefits scheme gives you the opportunity to create a personalised benefits package, tailored to suit your lifestyle. You can use this allowance to purchase additional benefits such as dental or cycle to work or you have the option top up your base salary by taking this as cash.
Core benefits that you will receive as standard are:
25 days holiday per year plus bank holidays
Private healthcare with Bupa
A non-contributory Pension of at least 8% of basic salary each month (there are several contribution levels that increase depending on your age – up to 12% a month once you reach age 35)
Life assurance of eight times your basic salary
Income protection
We support hybrid working which means you will be able to work from home up to 60% of the time over a month with the remainder of your time in one of our three office locations.
The skills and experience you will have
Minimum
We are a signatory to the Government’s Disability Confident scheme. This means that we will offer an interview to disabled candidates entering under the scheme, should they meet the minimum criteria for a role.
Proven experience of managing security or assurance teams, and operating Information Security/Assurance Frameworks and Services
Prior experience in translating technical issues and presenting to leadership teams in security reporting
Experience of Risk Management practises and application in a global organisation
Essential
Experience of a hands-on role involving pen testing, 3rd party security assessment and vulnerability assessment activities of complex suppliers, applications and operating systems
Strong hands-on involvement in the delivery and execution of more than one of the areas listed in the job description key responsibilities
Demonstrate strong operating knowledge NIST 800, OWASP, ISO27001 and data protection
Ability to plan strategically, arrange and consolidate resources in order to deliver assurance services to achieve CIR assurance goals
A technical qualification/professional certification in Information Security & Privacy
Stakeholder management experience at all levels
Solid Experience working with external and internal auditors in the provision of evidence and remediation of findings
Current understanding of Industry trends and emerging threats
About the FCA
The FCA regulates the conduct of nearly 45,000 firms in the UK to ensure our financial markets are honest, fair and competitive. We do this to make sure markets work well for individuals, businesses and the economy as a whole. For more information on what we do, our three-year strategy can be found here.
The FCA's Values & Diversity
Our ambition is to cultivate a culture of inclusion for all employees that respects their individual strengths, views, and experiences. We believe that our differences and similarities enable us to be a better organisation – one that makes better decisions, drives innovation, and delivers better regulation.
The FCA is committed to achieving greater diversity across all levels of the organisations. Given this, we particularly welcome applications from women, disabled and minority ethnic candidates for our lead associate role.
Flexible working
We welcome applications from candidates who are looking for flexible arrangements. Many of our staff work flexibly including working part-time, staggered hours, and job shares. We can’t promise to give you exactly what you want but we won’t judge you for asking.
Multi-location
As part of the FCA’s on-going commitment to develop our national presence, most of our vacancies are now open to working in our Edinburgh, Leeds, or London offices. This means that as part of the application process you will be able to select your preference of which office location you would like to work from.
Useful information
Applications for this role close at 23:59 on 13th October 2024
This role is graded as Lead Associate – Regulatory
Got a question?
If you are interested in learning more about the role please contact:
For internal applicants, please contact Sara Holland at [email protected]
For external applicants, please contact Asha Gladis at [email protected]
What to expect from our interview process
The assessment process consists of an initial screening call with the hiring manager. If successful, you will be invited to attend a first stage competency-based interview. The final stage will be technical based with a scenario-based question.
Application support
We want to remove any possible barriers and are committed to providing a wide range of reasonable adjustments so that you can keep the focus on your conversations and be at your best.
If you have an accessibility requirement, disability, or condition that means you might require changes to the recruitment process, please contact your recruiter to discuss this further. Our aim is to make your application as easy and comfortable as possible, and your recruiter will be happy to work with you to make any necessary arrangements where possible.
Security Clearance/Vetting
The successful candidate will hold or will be required to obtain Security Clearance (SC) level vetting.
Please note that all applications must be submitted through our online portal, applications sent via email will not be accepted.
The FCA regulates the conduct of 50,000 firms in the UK to ensure our financial markets are honest, fair and competitive. We do this to make sure markets work well for individuals, businesses, and the economy as a whole. For more information on what we do, our three-year strategy can be found here.
Working inclusively
We work best when we work together. We encourage our people to contribute fully and feel valued, to be innovative and creative by collaborating in an inclusive culture.
We're also committed to reflecting the diverse lived experiences of the communities we work in and the consumers we protect. We have a strategy to achieve a more diverse and inclusive workplace that is free from discrimination. This includes increasing the representation of women in our senior team to 50% and minority ethnic colleagues to 25% by 2025 – representative of the UK population.
We were recently voted 'Employer of the year' at the Women in Finance awards and our commitment to LGBT+ inclusion means we're recognised as a Stonewall Top 100 employer.
Flexible Working
We believe that giving our people greater flexibility fosters an inclusive culture and a healthy work-life balance.
We currently operate a hybrid working model, working up to 40% in the office each month (50% for senior leaders). This way of working applies in our Stratford, Leeds and Edinburgh offices.
We also offer career and family leave provisions, generous annual leave so you can take time off when you need or want to, and a range of other benefits.
Programme for parents returning to work after Parental Leave? |
We don’t have a formal programme, but we have hired several Returners through the assisted hiring route (working with Women Returners) |
Leadership development programmes? |
Yes – we are launching a female progression programme |
Mentoring programmess? |
Yes |
Coaching programmes? |
No |
Employee-led diversity networks? |
Yes |
Internal women’s networking groups? |
No |
Open to discussing flexible work arrangements at interview stage? |
Yes |
No. of weeks paid maternity leave at full salary: |
52 |
Minimum weeks tenure required to be eligible for paid maternity leave: |
|
No. of weeks paid paternity leave at full salary: |
|
Minimum tenure required to be eligible for paid paternity leave: |
Gender pay gap reporting information (2023) (UK): |
|
Average pay gap: |
13.1% |
Median pay gap: |
14.3% |
Average bonus gap: |
15.2% |
Median bonus gap: |
19% |
Signatory of the UK Women in Finance Charter? |
Yes |
Targets to raise the number of women in leadership? |
Yes – 50% female target across all pipeline roles |
Targets to raise the number of BAME individuals in leadership? |
Yes |
Listed in the Bloomberg Diversity & Inclusion Index? |
No |