Contract type: Permanent
Hours: Full-time, 35 hours
Location: Head Office, Nottingham (Hybrid working, minimum 2 days per week)
Application process: Please apply via the application button which will direct you to our careers site. If you require any adjustments to assist you in applying, please contact [email protected]
We are looking for a proactive Information Security Risk Analyst to join our dynamic Information Security Team. In this role, you will play a crucial part in strengthening our governance, risk, and compliance initiatives related to information security. Your efforts will help ensure our organisation meets regulatory standards, effectively manages security risks, and maintains a robust security posture to safeguard our customers and sensitive data. We welcome candidates from all backgrounds to apply and contribute to our diverse and inclusive team.
Here’s a taste of what you will be doing as a Risk Analyst at Nottingham Building Society: -
- Framework Development: Develop and maintain the organisation’s information security governance, risk, and compliance framework.
- Risk Assessments: Conduct risk assessments to identify vulnerabilities, focusing on protecting customer data and financial systems.
- Regulatory Compliance: Ensure compliance with regulations and standards like GDPR, ISO 27001, CQuest, SOC 2, and FCA and PRA guidelines.
- Effectiveness Monitoring: Monitor and assess the effectiveness of security controls, policies, and procedures.
- Audit Support: Support audits by preparing documentation and facilitating review processes.
- Vendor Risk Assessments: Perform vendor risk assessments to evaluate third-party security risks.
- Department Collaboration: Collaborate with various departments to implement security policies across all business units and technologies.
- Incident Management: Manage and track security incidents and breaches, ensuring appropriate mitigation and response strategies.
About you: -
- Information Security Frameworks: Familiarity with frameworks such as NIST, ISO 27001, SOC 2, and GDPR.
- Financial Sector Requirements: Knowledge of specific information security needs for financial institutions and building societies.
- Security Controls and Risk Management: Strong understanding of security controls, risk management practices, and compliance requirements in the financial sector.
- GRC Software Experience: Experience with platforms like Archer, ServiceNow, LogicGate, and OneTrust is a plus.
- Analytical Skills: Excellent ability to assess security risks and suggest actionable remediation plans.
- Communication Skills: Strong written and verbal communication skills to convey complex security and compliance issues to both technical and non-technical stakeholders.
- Professional Background: Experience in information security, GRC, or related fields, ideally within a financial services environment.
Reward & Benefits -
- A fair and competitive salary evaluated against market data, annual discretionary bonus scheme, Medicash healthcare scheme, 29 days annual leave plus bank holidays and enhanced family leave.
- Commitment and dedication to your ongoing personal and professional development. We help you to own and grow your potential so you can be at your best in your current role and to support your future career aspirations.
- For all full-time roles we work a 35-hour working week to promote a work/life balance, we want you to be at your best inside and outside of work.
- A friendly and inclusive culture where teams genuinely strive to do the right thing by their colleagues and our customers.
- A strong sustainability agenda – we’re continually finding new ways to be kinder to the environment by reducing our carbon footprint.
- We’re passionate about giving back to the communities in which we serve as well as supporting local charities as part of the Samuel Fox Foundation. One of the many ways you can get involved is to use the 2 days per year paid leave to volunteer for causes or charities that are important to you.
- Your health and wellbeing is our priority, we encourage this through a suite of support resources, including a team of trained mental health first aiders.
Embracing Diversity Together: -
We proudly embrace and celebrate diversity as a fundamental cornerstone of our values. We believe that a diverse and inclusive workplace is not just essential for our success but is also a reflection of the vibrant communities we serve. Our commitment to diversity extends beyond our internal culture to the way we approach advertising and engage with our customers.
Our commitment means actively working to eliminate barriers and biases that may hinder equal opportunities within our organisation. We strive to ensure that all individuals, regardless of background, have an equal chance to thrive and advance in their careers.
We acknowledge that diversity is not just a goal to be achieved but a continuous journey toward creating an environment that embraces differences and promotes equal opportunities for all. We are committed to fostering an inclusive culture that encourages collaboration, creativity, and a sense of belonging for every member of our community.