Information Security Analyst

Application Deadline:Monday 17th December 2024

Hybrid Working Pattern - 3 days in Office & 2 WFH

About us

Cynergy Bank is the UK’s human digital bank serving the needs of ‘scale up’ or medium sized and fast-growing SMEs; professionals; high net worth and mass affluent individuals, in essence those market segments that still value human service enabled by great technology.

We recognise that professional and personal lives often overlap and our mission is to help empower our customers to achieve their ambitions by serving all their interdependent banking needs. We provide a comprehensive range of digitally enabled products and services to meet the property finance, business and commercial banking, private banking and personal savings needs of our customers.

Our human and digital model transforms banking for customers who still value a face-to-face relationship that is enabled by the latest digital technology.

We partner with firms such as Google Cloud, Cigniti and Slalom as we continue to innovate in the human digital space.

Cynergy Bank plc is authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and the Prudential Regulation Authority. Eligible deposits with Cynergy Bank plc are protected by the UK Financial Services Compensation Scheme.

For more information on Cynergy Bank visit www.cynergybank.co.uk

Company Benefits

• Competitive Salary and Company Bonus
• Competitive holiday allowance plus bank holidays
• Option to purchase an additional 10 days holiday
• Pension contribution and Life Assurance
• Income Protection Scheme and Season Ticket Loan
• Electric Car Scheme and Money Coach (After Probation)

The role

We are seeking an experienced, highly motivated and detail-oriented Information Security Analyst with a strong focus on compliance and risk management to join our security team. This role is critical in ensuring the bank’s information systems are secure, compliant with industry regulations, and aligned with risk management practices. Reporting directly to the Information Security Manager, you will collaborate with cross-functional teams to identify, assess, and mitigate security risks while ensuring adherence to regulatory requirements, industry standards / best practice and internal policies.

Responsibilities:

Compliance Management: Ensure the bank’s information security program complies with applicable industry regulations and standards (e.g., PCI-DSS, SOX, ISO 27001 etc.).

Risk Assessment & Mitigation: Conduct regular information security risk assessments and gap analyses to evaluate the bank’s security posture, prioritise risks, and recommend mitigation strategies.

Policy Development & Enforcement: Assist in the creation, revision, and enforcement of information security policies, standards, and procedures, ensuring they align with regulatory requirements and industry best practices.

Regulatory Reporting: Prepare regular reports to regulatory authorities and senior management on the bank’s security risks, compliance status, and action plans.

Internal Audits & Assessments: Work closely with internal audit teams to facilitate security audits, ensure the closure of any findings, and maintain readiness for external audits.

Vendor Risk Management: Evaluate the security controls of third-party vendors, perform due diligence, and monitor ongoing compliance with contractual security requirements.

Incident Response: Support the Information Security Manager and Incident Response Manager in managing the response to security incidents, ensuring proper documentation and timely resolution to mitigate risks and maintain regulatory compliance.

Security Awareness & Training: Assist in developing and delivering security awareness programs to ensure all employees understand their role in maintaining security and compliance.

Data Governance: Monitor the proper classification, handling, and protection of sensitive information, ensuring data privacy and security requirements are met.

Collaboration with Legal & Compliance Teams: Work with legal and compliance departments to interpret regulatory changes, implement new controls, and ensure adherence to emerging laws, such as data privacy regulations (e.g., GDPR).

Reporting to Information Security Manager: Provide regular updates and detailed reports to the Information Security Manager regarding risk assessments, compliance efforts, incidents, and overall security posture.

Essential Knowledge & Experience

• 3+ years of proven experience in information security, with a focus on compliance and risk management, preferably within the banking or financial services industry.
• In-depth knowledge of information security principles, practices, and technologies.
• Strong understanding of relevant regulations and compliance standards including banking regulations (e.g., SOC, GDPR, Data Protection Act 2018, ISO 27001, PCI-DSS).
• Knowledge of risk assessment methodologies and security frameworks like NIST, ISO 31000, and COBIT.
• Understanding of vendor risk management and third-party security assessments.

Desirable knowledge & Experience:

• Bachelor’s degree in information security, Cybersecurity, Risk Management or a related field.
• Industry certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified in Risk and Information Systems Control (CRISC), ISO27001 Lead Auditor or equivalent.

Behavioural Attributes:

• Strong analytical and problem-solving skills, with the ability to communicate complex security and compliance issues clearly to non-technical stakeholders.
• Ability to manage multiple tasks in a regulated environment, ensuring strict adherence to deadlines.
• High attention to detail and a proactive approach to identifying risks and ensuring compliance.
• Ability to work well under pressure and handle critical situations calmly.