Senior Technical Specialist, Cyber Resilience Team

The Bank of England is the UK's central bank. Our mission is to deliver monetary and financial stability for the British people, and the Bank is a diverse organisation with more than 4,000 people committed to public service. Supervisory Risk Specialists (SRS) is a directorate within the Prudential Regulation Authority (PRA) that provides deep technical expertise and applies expert judgement across risk disciplines to support the PRA’s coordinated supervisory approach. The Sector Resilience Division (SRD) leads the PRA's work on the resilience of the financial sector to a range of non‑financial risks, including cyber. Its priorities include assessing systemic importance of firms, evaluating cyber resilience, developing supervisory and assurance tools, and strengthening the UK’s financial system resilience.

The role will play a key part in shaping the PRA’s cyber risk and resilience strategy within the context of Operational Resilience (OR). It includes ownership and evolution of the supervisory cyber approach, associated toolkits (CBEST, STAR‑FS, CQUEST), and the engagement required to deliver the PRA’s cyber agenda. The role is well suited for an individual with a strong cyber risk and security background, ideally with prior experience in a regulatory or supervisory environment and a good understanding of the PRA’s Operational Resilience framework.

• Taking a leading role in developing and advising on policy and supervisory recommendations aligned with Operational Resilience objectives.
• Leading the development of the PRA's supervisory cyber approach, including evaluation and assessment methodologies for cyber risk and resilience, working closely with Policy, Supervision and specialist teams.
• Leading the implementation, ongoing review and continuous improvement of the PRA's supervisory cyber toolkit, including CBEST, STAR‑FS and CQUEST.
• Defining and articulating what good cyber practices look like in the context of broader Operational Resilience expectations.
• Providing deep analytical and technical expertise, ensuring relevant industry standards and good practices are embedded in cyber resilience assessments.
• Leading meetings with regulated firms to assess cyber risk and resilience capabilities, providing effective challenge to firms' approaches and remediation plans.
• Developing and maintaining strong working relationships across the Bank and with external stakeholders, including the FCA, HMT, NCSC, CPNI and other domestic and international bodies.
• Drafting high‑quality papers and briefings, and contributing actively to horizon scanning and Risk Committee discussions.

• Significant experience leading independently regulatory cyber reviews, including threat‑led penetration‑testing assessments (CBEST, STAR‑FS) and other technical reviews across Cyber Resilience or related disciplines.
• Strong knowledge of the PRA’s approach to supervising cyber risk and resilience, including its application within the Operational Resilience framework.
• Strong understanding of the evolving cyber security regulatory landscape and the key Operational Resilience challenges facing UK financial sector firms and authorities.
• Ability to synthesise complex technical cyber and resilience information and translate it into clear, well‑reasoned conclusions and actionable recommendations for senior stakeholders.
• Strong understanding of recognised cyber resilience standards and frameworks (UK NCSC CAF, NIST, ISO/IEC 27001, ISO 22301) and cyber‑related regulatory and supervisory expectations (PRA Rulebook, DORA, NIS2 Directive, CPMI‑IOSCO).
• Relevant professional qualifications and certifications, such as CISA, CISM, CRISC, CISSP, CSX, or Lead Auditor certifications for ISO/IEC 27001 and ISO 22301.
• Demonstrated commitment to diversity and inclusion, fostering inclusive working practices and valuing diverse perspectives.
• Financial sector or regulatory experience, with a sound understanding of bank operations and risk and control environments.
• Experience in assessing and managing cyber and technology risk.

Salary of circa £108,800 – £122,000. Non‑contributory, career average pension giving a guaranteed retirement benefit of 1/80th of annual salary per year worked; option to increase to 1/65th or decrease to 1/105th through flexible benefits scheme. Discretionary performance award based on current award pool. 8% benefits allowance with option to take as salary or purchase flexible benefits. 26 days annual leave with option to buy up to 12 additional days through flexible benefits. Private medical insurance and income protection.

Employment in this role will be subject to the National Security Vetting clearance process (typically 6–12 weeks post‑offer) and passing additional Bank security checks. Further information will be provided to the successful applicant.

The Bank values diversity, equity and inclusion. We work hard to build an inclusive culture that supports people from all backgrounds and communities to be at their best at work. We welcome applications from individuals who work flexibly, including job shares and part‑time patterns.

This role closes on 24th June.