At a Glance
- Tasks: Lead the design and management of a comprehensive cyber threat framework.
- Company: Metro Bank, where people come first and collaboration thrives.
- Benefits: Competitive salary, annual bonus, generous holidays, and healthcare benefits.
- Other info: Diverse teams are valued; internal promotions are common for career growth.
- Why this job: Make a real impact in cybersecurity while enjoying hybrid working options.
- Qualifications: 8+ years in cybersecurity with strong analytical and stakeholder management skills.
The predicted salary is between 70000 - 90000 £ per year.
At Metro Bank, we believe the best banking experience starts with people who genuinely care. We’re not just delivering banking services - we’re building trust through authentic connections. Here, our people come first; our colleagues are part of a team that values individuality, collaboration, and long-standing relationships. We are also all about balance so most of our jobs offer the opportunity for hybrid working built around your role and home life, wherever possible.
What you will do:
- Design, develop, and maintain a comprehensive internal and external threat framework covering cyber, physical, supplier, and emerging threats.
- Manage a repeatable methodology for identifying, assessing, prioritising, and tracking threats across the organisation.
- Integrate intelligence from internal telemetry, SOC outputs, CTI, red/purple teaming, suppliers, and industry sources into the threat framework.
- Ensure the framework aligns with relevant standards (e.g., MITRE ATT&CK ATLAS, NIST 800-53/800-30, ISO 27005).
- Drive continuous improvement by refining threat models based on real incidents, trend analysis, and threat landscape shifts.
- Design and define and implement governance processes for vulnerability management across all hardware, software, cloud, and operational technology assets.
- Analyze scan results, prioritise vulnerabilities based on threat context and business impact, and track remediation progress.
- Design and develop clear accountability models (RACI) across Security, IT Operations, Engineering, and Product teams.
- Own and lead governance forums to monitor vulnerability status, risk posture, and remediation performance.
- Maintain a scalable, intelligence led triage process to assess new vulnerabilities (CVEs, zero days, vendor advisories, threat intel alerts).
- Introduce prioritisation logic based on factors such as: exploitability, asset criticality, exposure (internal vs external), compensating controls and business impact.
- Lead identification and assessment of risks associated with frontier AI technologies (e.g. large language models, autonomous agents, multimodal systems), ensuring emerging threat scenarios such as prompt injection, model exploitation, data leakage, and AI‑enabled cyber attacks are proactively understood and documented.
What you will need:
- A minimum of 8 years of experience in cybersecurity, threat analysis, or intelligence operations.
- Strong understanding of regulatory compliance (e.g. FCA/PRA rules).
- Strong understanding of threat actor behaviours, MITRE ATT&CK & D3FEND frameworks, and threat intelligence platforms.
- Knowledge of Windows, Linux, Active Directory, and cloud environments (Azure, AWS).
- Strong knowledge of vulnerability scanning tools, threat analysis methodologies, and remediation processes.
- Knowledge of AI‑specific attack vectors and experience with secure AI lifecycle practices.
- Recognised industry qualification e.g. CISSP, CISMP, CCSP, CISM.
- Experience with OSINT tools, and reporting for both technical and executive audiences is highly desirable.
- Excellent analytical and problem‑solving skills.
- Strong stakeholder management skills and the ability to work within cross‑functional teams and influence remediation priorities.
- Proven experience in proactive threat hunting within SIEM platforms and enterprise environments, leveraging advanced analytics and detection methodologies to identify and mitigate potential security threats before they escalate.
Our promise to you…
We will make sure that you are well‑rewarded by providing you with a competitive salary, discretionary annual bonus, and a wide range of benefits, including generous holiday allowance, attractive pension scheme, healthcare, life assurance, and a number of colleague discounts! We will give you the training to ensure you succeed in your role and plenty of internal opportunities to progress your career (around 40% of our recruitment comes from internal promotions!). Diverse teams really are the best teams. We know that candidates (especially women, research tells us) may be put off applying for a job unless they can tick every box. We also know that ‘normal’ office hours aren’t always doable, and while we can’t accommodate every flexible working request we are happy to be asked. So if you are excited about working with us and think you can do much of what we are looking for but aren’t sure if you are 100% there yet… why not give it a whirl? Good luck!
Senior Cyber Threat & Vulnerability Governance Manager employer: 慨正橡扯
At Metro Bank, we prioritise our people and foster a culture of collaboration and individuality, making it an exceptional place to work. With a strong commitment to employee growth, we offer extensive training and internal promotion opportunities, alongside a competitive salary and comprehensive benefits package. Our flexible working arrangements and focus on work-life balance ensure that you can thrive both personally and professionally in a supportive environment.
StudySmarter Expert Advice🤫
We think this is how you could land Senior Cyber Threat & Vulnerability Governance Manager
✨Get Involved in the Cybersecurity Community
Diving into the cybersecurity community is key for landing that full-time gig. Join forums like Reddit's r/cybersecurity or attend local meetups to connect with industry veterans and other job seekers. Networking is everything in this field—don’t just be a passive lurker!
✨Show Off Your Skills with Capture the Flag Competitions
Participate in Capture the Flag (CTF) competitions; these are not just a fun way to boost your skills but also a chance to showcase your talent to potential employers. Many companies, including 慨正橡扯, love seeing candidates who actively engage in these challenges.
✨Tailor Your Online Presence
Make sure your LinkedIn and any professional profiles reflect your cybersecurity expertise. Share your projects, whether they’re personal or from a previous role, to catch the eye of hiring managers. This is how they’ll find your passion and commitment to the field!
✨Apply Directly Through 慨正橡扯
Don’t forget to head straight to our website and check out any openings for cybersecurity roles at 慨正橡扯. Applying directly can sometimes give you an edge, especially if you can mention that you've been following our work or engaging in the community.
We think you need these skills to ace Senior Cyber Threat & Vulnerability Governance Manager
Some tips for your application 🫡
Show off your technical skills:In cybersecurity, it's crucial to highlight your technical prowess. Make sure your CV showcases specific skills like network security, penetration testing, or threat analysis. If you have relevant certifications (like CEH or CISSP), pop those on the front page to grab attention!
Tailor your portfolio for the role:Even for a full-time role, a portfolio can set you apart. If you've worked on any cybersecurity projects—be it CTF challenges, security assessments, or research papers—include these in your application. This demonstrates not just your skills, but also your hands-on experience!
Use real-world examples:When writing your cover letter, don’t just stick to your qualifications. Share real-world examples of how you’ve tackled security issues or vulnerabilities. This gives the hiring team at 慨正橡扯 insight into your practical problem-solving abilities and makes your application memorable.
Demonstrate your passion for cybersecurity:Cybersecurity is an ever-evolving field, so show us that you’re always learning! Mention any recent courses, webinars, or industry events you’ve attended. This not only exhibits your enthusiasm but also signals to 慨正橡扯 that you’re committed to staying ahead in the game.
How to prepare for a job interview at 慨正橡扯
✨Sharpen Your Technical Skills
For a role in cybersecurity, it’s essential to be up-to-date with the latest tools and techniques. Brush up on your knowledge of firewalls, intrusion detection systems, and vulnerability assessment tools. Be ready to discuss specific scenarios where you’ve applied these skills, as hands-on experience can really set us apart in interviews.
✨Prepare for Scenario-Based Questions
Expect the interviewers at 慨正橡扯 to throw in some hypothetical situations to see how you’d handle them. Think about common security breaches or incidents and be prepared to explain how you would respond. This not only shows your problem-solving skills but also your understanding of real-world cybersecurity challenges.
✨Highlight Your Certifications
Certifications like CompTIA Security+, CISSP, or CEH can give you a significant edge in a full-time role in cybersecurity. Make sure to mention these during your interview and be prepared to discuss what you learned through those certifications and how they relate to the position at 慨正橡扯.
✨Show Your Passion for Cybersecurity
Since you’re going for a full-time gig, showing genuine enthusiasm for the field can make all the difference. Share any personal projects, blogs, or communities you’re part of that relate to cybersecurity. This not only showcases your passion but also your commitment to staying engaged in this ever-evolving field.
