Aldermore Bank
,
Manchester, Greater Manchester
Information Security Controls Oversight and Assurance Lead
Overview
Job Description
Heard of us? We're an award-winning bank; backing people to fulfil life's hopes and dreams. Now is your chance... The Information Security team is a key part of the CISO function at Aldermore that helps the business deliver a safe and secure service to its customers. With a focus on the Aldermore customer journey, we drive our colleagues, managers and leaders to cultivate a working environment that encourages fast pace delivery and success. Those who join the Information Security team will be fully immersed in our business, having a pivotal role in influencing and understanding how our short, medium and long term aspirations can be realised in a secure and compliant way. With decades of collective experience available across the CISO team, we actively support and develop our people to help them fulfil their hopes and dreams, whilst continuing to meet the needs and expectations of our dynamic and exciting business. We are a high performing, but friendly and fun team that has worked hard to establish a reputation as trusted advisors to the business, providing the right balance of knowledge and challenge to support managers and leaders to make the right decisions, often at difficult times. The role of Information Security Controls Oversight and Assurance Lead is really important to us. You will be responsible for ensuring security controls are operating effectively and providing assurance over the management of security risks. Based in our dynamic Manchester office, you will sit amongst a team of 6 and report to the Security Governance, Risk and Compliance Manager. What would your day look like? * You will responsible for defining and implementing a controls testing and assurance regime to ensure that policies are being adhered to, risks are appropriately managed and any gaps are fully understood. * Working with the business in order that they understand what is required to demonstrate compliance to policy and for the management of Information Security risks that are relevant to their operations. * Highlighting exceptions to policies through testing, working with the business to agree remediation plans or risk acceptances. * Management and oversight of the production of quality management information related to control performance and policy adherence. What do we expect of you? * Prior experience of conducting audit and assurance activities, including testing the design and operational effectiveness of controls. * Extensive experience working with risk management frameworks with a strong grasp of risk, controls and assurance. * In depth knowledge of information security good practice frameworks (e.g. ISO27001, NIST). * Experience working in an Information Security role. * Inquisitive mind-set to be able to delve into the controls and remediate any concerns. What can you expect of ...