Lead Information and Cyber Security Specialist - DLP in London

At Metro Bank, we believe the best banking experience starts with people who genuinely care. We are building trust through authentic connections. Here, our people come first; our colleagues are part of a team that values individuality, collaboration, and long‐standing relationships. We are also all about balance so most of our jobs offer the opportunity for hybrid working built around your role and home life, wherever possible.

Key Responsibilities:

• Develop and maintain a comprehensive DLP strategy aligned with business objectives and regulatory requirements.
• Define policies and standards for data protection and handling across the enterprise.
• Establish governance for monitoring and reporting on DLP effectiveness.
• Implement and manage DLP tools and technologies (e.g., Microsoft Purview, Symantec, Forcepoint).
• Configure and optimise DLP policies for endpoints, email, cloud, and network channels.
• Monitor alerts, investigate incidents and coordinate remediation actions.
• Identify and mitigate risks related to data leakage and insider threats.
• Ensure compliance with GDPR, ISO 27001, PCI DSS and other relevant frameworks.
• Maintain audit readiness and provide evidence for internal and external reviews.
• Collaborate with IT, Security and Business teams to embed DLP controls into processes.
• Provide training and awareness to reduce human‐related data loss risks.
• Stay updated on emerging threats, technologies and best practices in data protection.
• Introduce automation and analytics to enhance DLP efficiency and incident response.

What you will need:

• A minimum of 10 years of experience in information security or data protection.
• Capability for managing DLP programs and technologies (e.g. network, endpoint, email, cloud etc).
• Hands‐on experience with DLP tools and integration with SIEM/SOC workflows.
• Excellent analytical, problem‐solving and communication skills.
• Ability to lead investigations and coordinate cross‐functional teams.
• Building and maintaining DLP policies and use cases driven by risk assessments.
• Designing and testing DLP incident response playbooks for both malicious and accidental events.
• Defining relevant metrics and reporting for governance meetings.
• Strong understanding of data protection principles (e.g. UK GDPR), encryption and regulatory compliance (e.g. FCA/PRA rules).
• Knowledge of Office 365 / Purview and Varonis preferred, but not essential.
• Experience of undertaking risk assessments, threat modelling and data flow mappings.
• Experience of utilising DLP controls to manage.

Understand the risks associated with your job and what that means for you, Metro Bank and all our stakeholders.

Our promise to you:

• We will make sure that you are well‐rewarded by providing you with a competitive salary, discretionary annual bonus, and a wide range of benefits, including generous holiday allowance, attractive pension scheme, healthcare, life assurance, and a number of colleague discounts!
• We will give you the training to ensure you succeed in your role and plenty of internal opportunities to progress your career (around 40% of our recruitment comes from internal promotions).

Important Footnote:

Diverse teams really are the best teams. We know that candidates (especially women, research tells us) may be put off applying for a job unless they can tick every box. We also know that 'normal' office hours aren’t always doable, and while we can’t accommodate every flexible working request we are happy to be asked. So if you are excited about working with us and think you can do much of what we are looking for but aren’t sure if you are 100% there yet... why not give it a whirl? Please note that sometimes we may close a job earlier for applications if we are inundated with amazing candidates... Good luck!