Business Information Security Officer (BISO) - Engine by Starling

Engine by Starling was born out of Starling: the UK's first and leading digital bank. Today, Starling delivers intuitive, customer‑centric tools to help over 4.6 million people and small businesses to be 'good with money'. We believe that great technology has the ability to empower customers to save, spend and manage their money in a new and transformative way. Engine is on a mission to promote this philosophy around the world. Engine is a cloud‑native, bank‑built SaaS platform. We provide a comprehensive and cloud‑native solution to power banks around the world, who share our ambition of building businesses designed to evolve, innovate, and meet growing customer demands.

The SaaS technology platform is now available to banks, building societies and credit unions around the world, enabling them to benefit from the modern digital features and efficient back‑office processes that have helped Starling to achieve its success. At Engine, we follow five guiding principles: listen, keep it simple, do the right thing, own it, and aim for greatness. Having launched in 2022, we are a rapidly‑growing organisation who adopts the same agile mindset as our technology. As such, we embrace change, the reimagination of processes and have cultivated an environment where our colleagues – and partners – can design, build and collaborate openly, with a strong degree of ownership and empowerment to get things done.

Hybrid Working

Engine is headquartered in London, with offices in Manchester, Cardiff, Southampton in the UK and internationally Dublin, Sydney, Dubai, Toronto and New York. We have a hybrid approach to working at Engine – our preference is that you’re located within a commutable distance of one of our UK offices to enable in‑person collaboration and interaction with your team.

About the Role

This role will shape our Security objectives, practices and associated policies and processes within Engine as well as lead the continuous improvement of our Information Security capabilities whilst managing a growing Information Security Team. The successful candidate will act as the liaison between Engine and Starling Bank’s Information Security teams whilst also ensuring that they are the point of contact for all Information security related questions raised by Engine clients and our auditors. We’re looking for a curious, versatile, adaptable and experienced information security or cyber specialist with executive presence and strong leadership skills who enjoys the challenge of a varied and collaborative role. You’ll enjoy problem solving, working with a wide variety of stakeholders, and enabling us to be creative in continuing to provide innovative products and services to support our clients, and stay at the forefront of all things Information Security.

What you’ll get to do:

• Manage and maintain the Information Security Policy and Information Security Management System to ensure it meets the needs of Engine, its clients, employees and other stakeholders and compliance with the relevant industry standards, regulatory and certification requirements such as ISO 27001.
• Oversee Engine’s Information Security governance documents (processes, standards and procedures) and optimise reporting of identified threats and vulnerabilities.
• Oversee the process for obtaining and maintaining compliance certifications and accreditations including but not limited to ISO 27001, SOC 1, SOC 2 and PCI DSS/3DS through engagement with internal teams and our external auditors.
• Maintain the Information Security Risk Register; identifying, assessing and mitigating information security risks (including security risks related to third‑parties and partners) and ensuring coherence with Engine’s Risk Management framework.
• Act as a point of contact for all Information Security related client queries and issues; providing expert opinion and communication during initial client conversations, RFPs, RFIs, delivery and throughout the client lifecycle.
• Act as an Information Security point of contact for Business Continuity Planning and Disaster Recovery; this includes responsibility for initiation and execution of cyber business impact analysis.
• Advise the wider organisation on compliance and governance requirements.
• Oversee Incident Response related to Information Security and ensure coherence and collaboration with the broader Technology response capability.
• Liaise with external bodies and organisations to keep abreast of the threat landscape, emerging trends, technologies and legislation that have an impact on Information Security.
• Assist as necessary to investigate security breaches and pursue associated disciplinary and legal matters.
• Lead and manage a team of subject matter experts to ensure Information Security is managed effectively throughout the IT service delivery lifecycle, addressing client needs.
• Promote security awareness by collaborating with the relevant teams to provide training and awareness to the wider Engine organisation.

Requirements

• Deep understanding and knowledge of cyber security principles, security standards and regulatory compliance and its application in a wide variety of organisations with a strong risk culture.
• Experience in a business facing security role, ideally in an Information Security Director, BISO, CISO or similar capacity.
• Strong business acumen and commercial awareness with previous experience in a senior client‑facing role or similar.
• Be a self-starter / self-motivated with the ability to lead, inspire and drive change through an organisation.
• Have the ability to be pragmatic while balancing the needs of Engine against security.
• Ability to work with a variety of stakeholders across all levels and can adapt communication style to different stakeholders.
• Have an ability to think and plan strategically and systematically while recognising the need to deliver to the business requirements.
• Have previous experience working in a complex IT organisation encompassing service delivery, application development and IT infrastructure.
• An understanding of best practice within Information Security and risk management including standards such as ISO 27001, NIST, Cyber Essentials and COBIT.
• An understanding of legislation and regulations that impact information Security, e.g. Data Protection Act and GDPR, Freedom of Information Act, PCI DSS.
• Have previous experience in leading, developing and motivating a team of subject matter experts.
• An understanding of current and emerging threats and countermeasures and the organisational challenges to addressing these threats.
• A good practical knowledge of security technologies and wider business solutions including Identity and access management, SIEM, remote working and cloud technologies.
• Experience of working in a banking or financial services environment would be beneficial.
• ISC2 CISSP or ISACA CISM, ISACA CRISC, CISA or Open FAIR qualifications would be beneficial.

Interview process

Interviewing is a two-way process and we want you to have the time and opportunity to get to know us, as much as we are getting to know you! Our interviews are conversational and we want to get the best from you, so come with questions and be curious. In general you can expect the below, following a chat with one of our Talent Team:

• Initial video interview with Engine’s deputy CTO (45 minutes)
• A secondary, deeper interview, with Engine CTO and Starling Group CISO (75‑90 minutes)
• Final interview with Engine’s CEO and Chief of Staff (45 minutes)

Benefits

• 33 days holiday (including public holidays, which you can take when it works best for you).
• An extra day’s holiday for your birthday.
• Annual leave is increased with length of service, and you can choose to buy or sell up to five extra days off.
• 16 hours paid volunteering time a year.
• Salary sacrifice, company enhanced pension scheme.
• Life insurance at 4x your salary & group income protection.
• Private Medical Insurance with VitalityHealth including mental health support and cancer care.
• Partner benefits include discounts with Waitrose, Mr&Mrs Smith and Peloton.
• Generous family‑friendly policies.
• Incentives refer a friend scheme.
• Perkbox membership giving access to retail discounts, a wellness platform for physical and mental health, and weekly free and boosted perks.
• Access to initiatives like Cycle to Work, Salary Sacrificed Gym partnerships and Electric Vehicle (EV) leasing.

You may be put off applying for a role because you don’t tick every box. Forget that! While we can’t accommodate every flexible working request, we’re always open to discussion. So, if you’re excited about working with us, but aren’t sure if you’re 100% there yet, get in touch anyway. We’re on a mission to radically reshape banking – and that starts with our brilliant team. Whatever came before, we’re proud of bringing together people of all backgrounds and experiences who love working together to solve problems. Starling is an equal opportunity employer, and we’re proud of our ongoing efforts to foster diversity & inclusion in the workplace.