Internship in Cyber Security risk prevention at BMW Group. Support analysis and project work in managing cyber risks within supplier network.
About the role
- Information Security Executive responsible for managing cybersecurity activities at a bank. Protecting systems, data, and networks while ensuring compliance with best practices and regulations.
Responsibilities
- Monitor security events, anomalies, and alerts across the organization, reporting findings to relevant teams.
- Act as the primary point of contact and participate in information security incidents and breaches, coordinating responses following established incident management protocols.
- Support regulatory and stakeholder incident and breach notifications, including material incident assessments.
- Assist in identifying, assessing, and mitigating security vulnerabilities, threats, and weaknesses.
- Maintain security records, dashboards, and reports to provide insight into the organization’s security posture.
- Implement, manage, and monitor technical and procedural security controls to protect the bank’s data, systems, and networks.
- Assist in conducting vulnerability assessments, penetration testing, and risk evaluations.
- Provide security inputs, engage in technical reviews and remediation actions in new products, change initiatives, and technology projects, including cloud and third-party solutions.
- Support compliance with relevant regulations, standards and frameworks (e.g., ISO27001, PCI-DSS, NIST, SWIFT CSP, FCA/PRA expectations).
- Stay informed on emerging security threats, breaches, and industry best practices, providing recommendations for remediation and enhancements.
- Ensure proper controls are in place to maintain the confidentiality, integrity, and availability of information.
- Assist in risk assessments to identify, evaluate, and prioritize controls to mitigate information security risks. Support the documentation and tracking of technical risk treatment plans and remediation actions.
- Propose and document technical and procedural controls to secure internal, external, and public network information flows.
- Support both internal and external audits, providing detailed security input for regulatory, scheme, and payment system reviews.
- Evaluate the adequacy and effectiveness of security policies, processes, and controls, advising on risk mitigation measures.
- Provide expert guidance on compliance with information security regulations, including event resolution and breach notifications.
- Liaise with internal teams, peers, and third parties to ensure security measures are aligned and effective.
- Contribute to internal committees on information security risks and emerging issues.
Requirements
- Academic qualification or equivalent certifications in information or cyber security.
- Strong analytical skills and understanding of cybersecurity methodologies.
- Practical experience with security operations, monitoring, and incident management.
- Understanding and knowledge of threat intelligence and related activities.
- Understanding and knowledge of security technologies such as Firewalls, SIEM, IAM, DLP, PAM, AV/AM, etc. is essential.
- Knowledge of ISO27001 or relevant security frameworks is desirable.
- Knowledge of AWS cloud security and cloud-native security practices is desirable.
- Knowledge in technical risk assessments, vulnerability management.
- Understanding of regulatory requirements is desirable.
- Excellent communication skills with the ability to collaborate across technical and non-technical teams.
- Ability to respond confidently and effectively to security incidents.
Benefits
- Competitive salary (depending on skills, knowledge and experience)
- 25 days annual leave entitlement plus 8 bank holidays
- Performance-based bonus aligned to individual and organisational objectives
- Pension scheme with employer contribution
- Private medical insurance to support your health and wellbeing
- Hybrid working flexibility, supporting a balance between office collaboration and remote work
- Supportive and collaborative working environment within a growing financial services organisation
- Opportunities for professional development and career progression in information security and cyber resilience
Job title
Job type
Experience level
Salary
Not specified
Degree requirement
Tech skills
Location requirements
Security Governance, Risk and Compliance specialist at Tecsys managing risk frameworks and vendor relations. Develops security strategies and collaborates across teams to improve security maturity.
Consultor de Business Security Solutions en PwC, enseñando a estudiantes sobre Ciberseguridad y Riesgos tecnológicos. Participar en proyectos y desafíos prácticos con profesionales del sector.
IT security advisor helping protect IT infrastructure and data at Desjardins. Analyzing vulnerabilities and implementing security solutions for major IT security events.
Senior Technical Training Consultant at Saviynt developing technical training for SAP GRC solutions. Responsible for creating training content and delivering courses to partners and customers worldwide.
Infrastructure Architect at Technopride Ltd in London managing complex IT solutions and leading technical standards in a hybrid environment.
Senior Technical Product Manager overseeing execution in Axiomatics' authorization platform. Leading initiatives, collaborating cross - functionally, and communicating with stakeholders and customers to validate requirements.
Senior Security Officer responsible for safety and security duties at SPHP campuses. Involves threat assessments, responses, and coordination with law enforcement.
Senior Principal Security Engineer designing technical security solutions for Providence. Supporting the Enterprise Information Security strategies with a focus on logical and physical protection of technical resources.
Cybersecurity Intern gaining exposure to security analyst and engineering roles at Sally Beauty. Assisting with real - time security alerts and completing a final project presentation to senior leadership.