Sr Network Security Engineer designing security architectures and leading security initiatives for RBC. Collaborating across teams to deliver multi - layered security solutions and mentoring team members in engineering best practices.
About the role
- Lead Information Security initiatives at Starling, the UK's leading digital bank. Manage policy frameworks, team performance, and ensure compliance with security standards.
Responsibilities
- Manage and maintain the Information Security Policy Framework across Starling Group that addresses the needs of the Group, its customers, employees and other stakeholders in line with relevant legislation and industry standards.
- Establish and maintain standards for control implementation procedures.
- Liaise with external bodies and organisations to keep abreast of emerging trends, technologies and legislation that have an impact on Information Security.
- Support security controls assessment, and accreditation, e.g. ISO/IEC 27001.
- Manage the input to the Information Security Risk Register and ensure coherence with the Bank’s Risk Management framework.
- Act as point of contact for the second, third line of defense and other stakeholders (e.g. Legal, Regulatory Affairs) and coordinate audit and request response.
- Manage the creation of Board, committees and regulatory engagement meeting material and communication.
- Establish a framework and manage the Information Security reporting capability incl. regular revision of Key Risk and Performance Indicators.
- Support the CISO in the yearly Information Security strategy review and roadmap definition.
- Manage the Information Security related budget.
Requirements
- be a Self Starter with the ability to lead, inspire and drive change through an organisation.
- have the ability to be pragmatic while balancing the needs of the Bank against security.
- have an ability to think and plan strategically and systematically while recognizing the need to deliver to the business requirements.
- have previous experience working in a complex IT organisation encompassing service delivery, application development and IT infrastructure.
- an understanding of best practice within Information Security and risk management including standards such as ISO/IEC 27001, NIST, Cyber Essentials and COBIT.
- an understanding of legislation and regulations that impact information Security. E.g. Data Protection Act and GDPR, DORA, Freedom of Information Act, PCI DSS.
- Have previous experience in leading, developing and motivating a team.
- An understanding of current and emerging threats and countermeasures and the organisational challenges to addressing these threats.
- An understanding of Cloud and AI related Security threats and countermeasures.
- A good knowledge of security technologies and wider business solutions including Identity and access management, security monitoring, and data security technologies.
- A good understanding of financial services and awareness of broader requirements.
- Share knowledge and provide guidance on internal bank first line related processes.
- Take responsibility and do the right thing for customers, colleagues and partners.
- It would be great if you have one or more of the following qualifications, but it’s not essential; Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP), or Certified Information Systems Auditor.
Benefits
- 33 days holiday (including public holidays, which you can take when it works best for you)
- An extra day’s holiday for your birthday
- Annual leave is increased with length of service, and you can choose to buy or sell up to five extra days off
- 16 hours paid volunteering time a year
- Salary sacrifice, company enhanced pension scheme
- Life insurance at 4x your salary & group income protection
- Private Medical Insurance with VitalityHealth including mental health support and cancer care. Partner benefits include discounts with Waitrose, Mr&Mrs Smith and Peloton
- Generous family-friendly policies
- Incentives refer a friend scheme
- Perkbox membership giving access to retail discounts, a wellness platform for physical and mental health, and weekly free and boosted perks
- Access to initiatives like Cycle to Work, Salary Sacrificed Gym partnerships and Electric Vehicle (EV) leasing
Job title
Job type
Experience level
Salary
Not specified
Degree requirement
No Education Requirement
Tech skills
Location requirements
Senior Threat Modeller enhancing cybersecurity threat modeling for RBC. Collaborating with diverse teams to improve and implement secure by design principles across the enterprise.
Senior Security Engineer supporting security engineering and SIEM administration at Ardent. Focused on improving threat detection and response within vSOC environments in Washington, D.C.
SY
Mainframe Support Engineer ensuring stability and performance of enterprise mainframe systems. Troubleshooting complex issues and collaborating with development, operations, and security teams for optimal system management.
IAM / IGA Security Engineer designing and implementing identity governance solutions. Collaborating with Security, IT, HR, and business stakeholders to ensure secure access governance.
Senior Consultant helping the Ministry of Defence with large - scale ICT projects and innovations in technology and security. Lead developments in networks and applications in cooperation with Defence Architects.
Software Security Engineer at Spectro Cloud focusing on securing Kubernetes - based platforms for AI infrastructure. Responsible for implementing security controls and managing incident responses across the platform.
Technical Operator handling ticket resolution and IT troubleshooting in a structured team environment for Managed Security Services. Interfacing with varied technical tools to support international clients.
Support Health, Safety, and Security processes at East West Rail. Coordinate training, manage budgets, and ensure compliance with regulatory standards.
AI Security Engineer focusing on adversarial machine learning and enterprise security architecture. Leading red team engagements and translating technical risk into governance frameworks.