Information Security, Assistant Manager

The Assistant Manager Information Security will play a critical role in safeguarding the bank's information assets, infrastructure, and customer data against evolving cyber threats. This role is responsible for driving and managing information security operations, ensuring continuous monitoring, identification, and timely remediation of security vulnerabilities to uphold a resilient security posture, and provide management with up-to-date reports on the bank's security posture.

The role will proactively support the bank's compliance with UK regulatory requirements, industry standards, and best practices, while contributing to the development and enhancement of security frameworks, policies, and controls. Using strong analytical skills, deep knowledge of cyber security methodologies, and understanding of security infrastructure, including AWS cloud environments, the role will ensure the bank maintains cyber resilience, protects against financial and reputational risks, and fosters a culture of sound security across the organization.

Responsibilities

• Strategic Responsibilities

• Provide proactive security oversight and assurance for new initiatives and ongoing projects, ensuring that information security and regulatory requirements are embedded from design through implementation.
• Collaborate with senior stakeholders, regulators, and external partners to align on security standards, communicate risks, and deliver solutions that balance business objectives with compliance obligations.
• Actively participate in governance forums and internal committees, presenting emerging risks, security trends, and strategic recommendations to strengthen resilience and maintain the bank's security posture.
• Advise on regulatory compliance requirements, data protection obligations, and breach notification processes, ensuring the bank meets FCA, PRA, PSR, and other applicable regulatory expectations.

• Lead and conduct comprehensive information security risk assessments to identify, evaluate, and prioritize threats, ensuring effective controls are implemented and maintained.
• Establish, document, and enforce security controls that safeguard information flows across internal systems, third parties, and public networks.
• Develop, maintain, and execute incident response and crisis management procedures, ensuring swift and effective mitigation of security events while minimizing business disruption.
• Monitor security operations to identify anomalies, investigate incidents, and coordinate timely remediation with internal teams and external providers.
• Keep up-to-date with evolving threat intelligence, security breaches, and industry developments, recommending proactive remediation measures and best practices to protect the bank's systems and data.

• Partner with auditors, regulators, and payment schemes by preparing evidence, delivering subject matter expertise, and supporting internal and external audits, certifications, and reviews.
• Evaluate and enhance the effectiveness of the bank's information security policies, procedures, and controls, driving continuous improvement and compliance with internal standards and regulatory frameworks.
• Support management reporting by providing timely, accurate, and risk-focused updates on security posture, incidents, and compliance activities.

• Be the primary point of contact for all information security alerts and breaches within the Bank and coordinate responses via incident management protocols.
• Daily administrative tasks, reporting, and communication with the relevant departments in the organization.
• Maintain security records and documents of controls, security dashboards and reports.
• Assist in conducting reviews and assessments to identify and report potential vulnerabilities, weaknesses and threats.
• Implement, manage and monitor security controls to protect the bank's data, systems and network.
• Ensure that the organization's data and infrastructure are protected by enabling the appropriate security controls.

Conduct Rules

• CONDUCT RULE 1: You must act with integrity.
• CONDUCT RULE 2: You must act with due skill, care and diligence.
• CONDUCT RULE 3: You must be open and cooperative with the FCA, the PRA and other regulators.
• CONDUCT RULE 4: You must pay due regard to the interests of customers and treat them fairly.
• CONDUCT RULE 5: You must observe proper standards of market conduct.

Key Relationships

• Internal Relationships

• Information Technology
• Risk and Compliance
• Business departments
• Internal forums, groups and committees

• Suppliers and Vendors
• Regulators
• Authorities and focused groups

Confidential Information

The holder of this job must sign a Data Confidentiality agreement. He/she shall not disclose, allow access to, transmit or transfer confidential information to a third party without prior written consent. He/she may only disclose confidential information to employees on a "need to know" basis. Prior to disclosing, issue appropriate written instructions to such employees to satisfy obligations herein and to receive and use confidential information on a confidential basis on the same conditions as contained in the agreement.

Working Conditions

This is an office-based role, hours are 37.5 hours per week Monday to Friday with an unpaid 60-minute break each day. The standard working pattern is 9.00am to 5.30pm.

Mental Demands & Job Complexity

The job holder is required to plan and organise related activities, reports and ad hoc requests, so as to accomplish the assigned task in a timely efficient manner. Planning and prioritising are the key factors in this role.

Requirements

• Education & Training

• Bachelors degree in Information / Cyber Security; equivalent professional experience may be considered.
• Relevant and specialized certifications in cybersecurity and information security. Technology-centric training and certification is an advantage.

• 3+ years of proven experience in information security management, covering risk management, incident response, threat intelligence, and cyber security solutions.
• Strong knowledge of security technologies and controls (e.g., firewalls/WAF, SIEM, anti-malware, mobile application security, IAM/PAM) with exposure to cloud security (AWS).
• Experience conducting vulnerability assessments, penetration testing, and security evaluations, with the ability to analyse events and deliver effective remediation.
• Solid understanding of the cyber threat landscape, incident/breach management, and industry frameworks such as ISO27001, NIST CSF, PCI-DSS and the likes.
• Excellent analytical, communication, and stakeholder engagement skills, with the ability to influence decision-making across technical and non-technical teams.
• Committed to continuous learning, keeping up-to-date with evolving threats, technologies, and regulatory requirements.

Benefits

• 25 days annual leave entitlement plus 8 bank holidays
• Pension scheme, 4% employer contribution
• Private Medical Insurance
• 60-40 Hybrid working after successful probation period
• Training and development
• Free gym access in the building