Atom is a digital Bank, which bring with it a set of risks from a security perspective. This role will work within the Security Team, to protect, detect, respond and recover to Atoms customers, brand, people and reputation. The role holder must be an advocate of best in class security practice with the ability to influence at all levels, provide practical advice and guidance and remain approachable to all of Atoms people.
The role holder will be accountable for ensuring that our security and is in-line with various security standards, applicable legal, regulatory and best practice frameworks e.g. The NIST Framework, Data Protection Act 1998, FCA regulations, ISO 27001/2 compliance, PCI DSS and ITIL. The role requires a proven level of technical knowledge with a bias towards security risk management.
- Support the development of the Security Strategy for Atom.
- Support the development of the Security Framework for Atom
- Third party security assessments.
- Engagement and support all activities that Atom will undertake.
- Understanding of General Data Protection Regulation (GDPR)
- Scope, conduct and assess complex penetration testing; e.g. to CREST, CHECK or CBEST standards or handcrafting application exploits
- Looking at Security Threat and converting this to a material impact.
- Collaborate on appropriate training requirement.
- General audit and risk assessment support
- Manage and assess Security risk in accordance with ISO 27001/2 and industry best practice.
- Regular report generation and presentation.
- Acquire and maintain knowledge of relevant industry trends, and product offerings
- Be the key focal point for all security matters across the business
- Raise awareness of security within Atom through various communication exercises
- Ensure the Atom security policy is communicated to and followed by all staff, and assist management with investigation of breaches.
Key Performance Indicators:
- Partner due diligence assurance
- Security assessments to maintain alignment with industry benchmarks and compliance
- Pentest/Vulnerability management maintenance and improvement
- Design and deliver company wide security awareness program
- Risk assessment and management
- Partner relationship management
- Strong third-party management skills.
- Extensive experience of security governance in a technology environment.
- Good project management and consulting skills
- Relevant industry qualification or experience, i.e. diploma/masters in information security, CCSA, SSCA, CISM, CISSP or equivalent.
- Experience of implementing and monitoring performance against the NIST, IS027001 standards and audit process.
- A good understanding of the PCI standard and audit process.
- Strong written and verbal communication skills with ability to adapt style to suit audience
- Excellent interpersonal skills with ability to build, develop and maintain relationships across all levels
- Strong attention to detail
- Excellent influencing skills
- Confident, assertive and pragmatic approach with ability to exercise judgment and discretion where appropriate
- Highly organised, with ability to work under pressure and to tight deadline
- Flexible team player who can work autonomously
- Security architecture and security technology design
- Strong understanding of data and voice networks
- Business Continuity
- Initiative, Resourceful
- Flexibility and Agility. Able to multi-task and deliver
- Results orientated
- Experience of forensics and incident management; full incident response, chain of custody and engagement with legal and law enforcement
The legal bit.
If you send us your CV we'll use your details when we’re looking at your application for this job. We'll also store your CV for six months in case any roles that we think you'd be a great fit for become available.