Information Security Analyst
United Kingdom - Remote•United KingdomEurope•May 2, 2024
About us
ClearBank was built on the belief that banking infrastructure would no longer slow down progress. Instead, it’s the catalyst that unlocks the potential to innovate. That’s why our clients — financial institutions from fintech’s and crypto platforms, to banks and credit unions — use our API to power their banking infrastructure.
But we wouldn’t be ClearBank without our people. They’re what powers our innovative technology and the reason we love what we do every day. We’re a group of spirited people who are never afraid to challenge the norm – becoming stronger, more energised, and that much better when we’re together. It’s our belief in fairness, autonomy and choice that means our people are empowered with the tools to learn, grow, and contribute to ours and our clients’ success. Interested in joining us? Read on or visit our website for more information.
The role
You’ll be joining the Information Security team as a Security Governance, Risk & Compliance (GRC) Analyst. Reporting to the Security GRC Senior Analyst within the InfoSec team, you’ll be a part of a fast-growing business that is challenging the market and doing things differently.
Working closely with commercial, Legal, and technical teams, you will be expected to draw on your knowledge, experience and formal training to monitor and verify adherence to internal and external security frameworks, to assess and advise on the security of ClearBank’s partners and suppliers, and to support in the assessment, management and reporting of security risks.
We’re looking for an all-rounder who is motivated by a fast-paced environment and isn’t afraid to bring new ideas to the team. And you’ll be joining the #1 fastest-growing tech company in the UK, according to Deloitte Fast 50.
What you’ll do
- Performing security compliance assessments across all areas of the bank, covering both existing and new initiatives, including cybersecurity assessment and risk management activities based on NIST CSF and ISO 27001.
- Support supplier/partner onboarding aspects of the Information Security team, including supplier due diligence, client security questionnaires; RFI/RFP activities and attestation activities.
- Support risk management activities including the identification, categorisation, and prioritisation, as well as the development and maintenance of the security risk register.
- Maintaining independent projects within the GRC function, specifically relating to Insider Threat and Data Leakage Prevention.
- Assist the CISO and Head of Security GRC and general information security issues as required, including interaction with other teams across the bank (e.g. 2nd and 3rd line risk and audit functions).
- Shaping and maintaining internal and external-facing security documentation including policies, procedures, reporting and Security overviews for use in business development.
- Supporting the design and delivery of security training and awareness, including regular company-wide awareness campaigns.
- Maintain awareness of innovative thinking, industry practice and governance around Information Security to identify and pursue opportunities for continuous improvement
Requirements
A bit about you
- Recent experience of working in a similar capacity, ideally within a FinTech/financial services environment.
- Working knowledge of relevant information security and privacy standards and regulations such as ISO 27001, ISO 22301, NIST CSF and GDPR.
- Experience in supplier and third-party security risk management, including working with security questionnaires and performing assessments.
- Knowledge and experience of information security related technologies and practices, especially with regards to cloud technologies (Azure PaaS, IaaS, and Active Directory).
- Sound knowledge and experience of technical and business focussed risk management principles and practices
- Proven hands-on experience working with Microsoft Security Compliance Portal (Purview), specifically relating to Data Subject Access Requests, Data Leakage Prevention, e-Discovery and Insider Threat Management.
- Design, develop, and maintain meaningful metrics and simplified reporting across the security team for senior leadership.
- Ability to discuss technical principles and issues to both technical and non-technical audiences in discussion and written.
- Experience of drafting and maintaining security policies, standards, and control definitions.
- Excellent oral and written communication skills with high attention to detail.
- Strong analytical, organisational and prioritisation skills.
- Enthusiastic and willing to learn new skills and take on new responsibilities.
The legal bit
By submitting your CV you confirm that you can demonstrate you have the right to work in the UK. Regretfully we are not able to sponsor applicants for immigration purposes at the current time. By submitting your CV to ClearBank Limited you are providing your consent for us to use the information you provide for recruitment purposes. For more information on how we manage your data go and check out our Candidate Privacy Notice on the ClearBank website to see how we process, manage and look after your data. You are also allowing us to communicate with you by email and telephone for recruitment purposes.
Benefits
What we offer:
- Competitive salary
- ‘Fresh Air Fridays’ - the flexible option to finish early on a Friday where possible
- 27 days annual leave + bank holidays
- 2 days off per year to do something ‘bigger than ClearBank’ (Charity days)
- Competitive employee benefits and perks
- Remote-first working with access to London and Bristol offices
- A supportive, challenging and agile environment
- You’ll also get to work in one of the most exciting Banks in the market right now!