Cyber Assurance Analyst

Financial Conduct Authority

The Financial Conduct Authority is the conduct regulator for around 50,000 financial services firms and financial markets in the UK and the prudential supervisor for 48,000 firms.

Salary: National ranging from £55,200 to £65,000 and London from £60,000 to £75,000 per annum.

Are you interested in joining a team that will help shape and deliver the future of Cyber Security at the FCA?

The team/department

Cyber and Information Resilience (C&IR) is responsible for the management of cyber security at the FCA. 'Cyber security' means the protection of the FCA's data and systems from malicious activity, including theft, damage and disruption, in order that the FCA can deliver its key business functions. C&IR is now part of a newly formed Directorate led by our CISO, Director of Cyber & Operational Resilience Division.

The role is based in the Operational Assurance team, who are responsible for the FCA & PSR's cyber assurance activities working to determine that correct cyber governance and control measures are in place.

The team conducts thorough reviews and testing to confirm the appropriate application (whether through technology, process, or behaviour) of the policies and the secure operation of the FCA/PSR’s systems and the information and data thereon.

What you will be doing (the role)

We are seeking a highly skilled Cyber Assurance Analyst to join our team and contribute to the ongoing efforts in assessing and improving the cyber security posture of the FCA.

The ideal candidate will possess a strong understanding of cyber assurance practices, emerging threats, and risk management practices.

They will perform comprehensive security assessments, provide insightful recommendations, and offer guidance to the FCA to enhance their cyber resilience.

1. Conduct cyber security assessments and evaluate the effectiveness of the FCA defence strategies, incident response plans and control measures.
2. Review existing cyber security policies, procedures, and frameworks to ensure compliance with applicable regulations, best practices, and industry standards.
3. Scope and manage pentest engagements, identify vulnerabilities, threats and risk exposures that may pose a threat to the FCA data security and operational stability.
4. Collaborate with internal audit, risk, and policy and governance and compliance teams to establish effective guidelines, compliance and good practices to enhance the cyber security posture.
5. Develop and maintain cyber assurance metrics, tracking progress and improvements of the FCA cyber resilience over time.
6. Enhance Cyber Assurance Framework, by documenting key assurance processes, compliance regime and assessment methodologies for FCA security controls.
7. Engage with stakeholders of all levels and translate security vulnerabilities in layman’s terms to more senior stakeholders.

What you will get from the role

Working for the FCA allows you to specialise in the unique cyber security challenges faced by the financial services industry.

Through your role as a cyber assurance professional, you will develop a comprehensive understanding of cybersecurity principles and practices that can be applied across various environments covering emerging security technologies.

Working for the FCA can provide networking opportunities with professionals across the financial services sector as well as world-leading cyber security vendors. You will have the chance to collaborate with industry leaders, attend conferences, and participate in working groups and forums, which can contribute to your professional growth and expand your network.

Career progression is paramount to the success of the FCA, as there will be potential opportunities to progress to more senior roles as you develop.

Overall, a cyber assurance role at the FCA offers a unique blend of industry-specific expertise, regulatory knowledge, and professional growth opportunities that can significantly enhance your cyber security career.

Our competitive flexible benefits scheme gives you the opportunity to create a personalised benefits package, tailored to suit your lifecycle. You can use this allowance to purchase additional benefits such as dental or cycle to work or you have the option to top up your base salary by taking this as cash.

Core benefits that you will receive as standard are:

1. 25 days holiday per year plus bank holidays.
2. Private healthcare with Bupa.
3. A non-contributory Pension of at least 8% of basic salary each month (there are several contribution levels that increase depending on your age – up to 12% a month once you reach age 35).
4. Life assurance of eight times your basic salary.
5. Income protection.

We support hybrid working which means you will be able to work from home up to 60% of the time over a month with the remainder of your time in one of our three office locations.

The skills and experience you will have

Minimum:

1. Proven experience working in vulnerability management and post-incident reviews and able to support security projects and BAU initiatives.
2. Proven experience of inputting from a SME perspective validating security controls in alignment with policies and standards.
3. Proven experience of carrying out audits, managing pentest engagements, documenting findings, and providing sound recommendations to management. Also lead on pentest vendor procurement exercises to ensure we are using the best of breed and taking full advantage of innovative ways of testing.
4. Role-specific know-how, transferrable skills, elements of core skills and behaviours that are essential to the role.
5. Good understanding of cybersecurity frameworks and regulations (e.g NIST Cybersecurity Framework, ISO27001, PCI-DSS, CIS, GDPR etc).
6. Proficient in performing cyber security risk assessments, vulnerability assessments, scoping and managing the end-to-end pen test engagements with key stakeholders, post-incident analysis and be able to understand penetration testing reports.
7. Strong analytical skills with the ability to identify vulnerabilities, analyse threats, and propose appropriate mitigation strategies.
8. Excellent written and verbal communication skills with the ability to prepare concise Cyber reports, deliver effective presentations and produce well-structured security procedures and standards.
9. Strong interpersonal skills to collaborate with internal and external stakeholders and build effective working relationships.
10. Understanding of cloud platforms such as Azure, AWS and Salesforce etc.
11. Understanding and use of security tooling such as Qualys, Nessus (vulnerability management tooling), Risk Recon, Bitsight, Toro (third party risk management tools). Security Reporting Dashboarding tools, open-source vulnerability tools, Familiar with Jira and ServiceNow or similar.
12. Professional certifications such as Security CompTIA plus, CISA, SSCP, ECSA, CRISC or similar.

About the FCA

The FCA regulates the conduct of 50,000 firms in the UK to ensure our financial markets are honest, fair, and competitive. We do this to make sure markets work well for individuals, businesses, and the economy.

The FCA's Values & Diversity

Our ambition is to cultivate a culture of inclusion for all employees that respects their individual strengths, views, and experiences. We believe that our differences and similarities enable us to be a better organisation – one that makes better decisions, drives innovation, and delivers better regulation.

The FCA is committed to achieving greater diversity across all levels of the organisation. Given this, we particularly welcome applications from women, disabled and minority ethnic candidates for our senior associate role.

We welcome applications from candidates who are looking for flexible arrangements. Many of our staff work flexibly including working part-time, staggered hours, and job shares. We can’t promise to give you exactly what you want but we won’t judge you for asking.

Multi-location

As part of the FCA’s ongoing commitment to develop our national presence, most of our vacancies are now open to working in our Edinburgh, Leeds, or London offices. This means that as part of the application process you will be able to select your preference of which office location you would like to work from.

Useful information

Applications for this role close at 23:39 on 21st October 2024.

This role is graded as Senior Associate - Regulatory.

If you are interested in learning more about the role please contact:

What to expect from our interview process

The assessment process consists of an initial screening call with one of our Recruitment Partners or Hiring Managers. If successful, you will be invited to attend a competency-based interview.

Security Clearance/Vetting

The successful candidate will hold or will be required to obtain Security Clearance (SC) level vetting.

Please note that all applications must be submitted through our online portal, applications sent via email will not be accepted.