Information Security Risk Analyst

The Information Security Risk Analyst role sits within the Risk Department in the second line of defence. The Risk Department is responsible for developing the risk management framework for the business, challenging activities and reports from the first line and monitoring and reporting on risks and controls to the relevant committees, ensuring that the first line continues to operate within the risk appetite and tolerances that have been set.

Role purpose

• The Information Security Risk Analyst will support and report directly into the Head of Information Security Risk but will have exposure across the Bank to the management of Starling’s information security risks.
• The role holder will perform assurance of the information security and resilience of Starling Bank, our technology, people and processes

Requirements

Key responsibilities

• Provide technical oversight of information security, ensuring risks are identified, managed and escalated appropriately.
• Assure the resilience and security of Starling Bank’s technology operation by all techniques from inspection, interview to direct testing and scripted checks.
• Provide sound evaluation of issues, incidents and vulnerabilities and experienced technology opinion to the risk department as a whole.
• Challenge potential flaws or vulnerabilities in process, architecture or code, both directly with first line staff and indirectly via review process.
• Work with first line to improve controls and risk management in-line with strategic objectives, regulatory requirements and evolving threat landscape.
• Establish strong relationships with our engineers, security team, and leadership.

Behaviours and Competencies

You will have the ability to apply a risk-based approach to challenge the first line across security domains, and have practical expertise in several of the following areas:

• Awareness of the technology-related risks a bank may face. Ideally including hands-on experience of technology in a fintech or a tech-focused organisation.
• Experience of managing the regulatory and compliance challenges in financial services or another heavily regulated sector.
• Security in a cloud environment (AWS, GCP), working with containerisation, microservices, serverless and infrastructure-as-code.
• Ability to determine how to test hypotheses and make sensible cost and benefit trade-offs in determining what tests and resulting changes are warranted.
• Engaging directly with engineers, reviewing and testing source code and performing manual or automated application security testing effectively as part of CICD pipelines.
• Programming skills including but not limited to Java, Python, SQL, Kotlin and Swift.
• Security logging, monitoring and alerting, including configuration and review of detection rules.
• Ability to understand and evaluate findings from penetration testing, bug bounties, responsible disclosure programmes from an assurance perspective.
• Familiarity with vulnerability and configuration scanning tools, and auditing patch management.

• Good interpersonal skills with ability to challenge in a positive manner and handle difficult situations.
• Be self motivated, enjoy problem solving and want to continue to learn and develop.

Benefits

• 33 days holiday (including public hols). You’ll also get your birthday on us
• 16 hours paid volunteering time a year
• Family friendly leave policies
• Private Medical Insurance with VitalityHealth
• We have many varied social groups set up and run by our employees - ForTheWin (a gaming group), Starling FC, book club and many more!
• Discounts on cinema tickets, restaurants, shopping and train tickets via a Perkbox membership
• Access to ‘salary sacrifice’ benefits such as Cycle to Work scheme
• Gym membership options
• Season ticket travel options
• Full details are available on our careers site

About us:

We are a leading digital bank on a mission to disrupt the banking industry. We’ve built an app with smart money management tools to help our customers live a healthier financial life. We also offer groundbreaking B2B banking and payments services.

Since our launch in 2014, we’ve opened almost three million accounts including 480,000 business accounts for small and medium-sized enterprises (SMEs).

We’re a fully licensed UK bank and we have the culture and spirit of a fast-moving, disruptive technology company. We’ve been voted Best Current Account for the last five years running, named Which? Banking Provider of the Year for the last two and we were the most switched to bank in 2021. We employ more than 1,800 people across our London, Southampton and Cardiff offices.

Starling Bank is an equal opportunity employer, and we’re proud of our ongoing efforts to foster diversity & inclusion in the workplace. Individuals seeking employment at Starling Bank are considered without regard to race, religion, national origin, age, sex, gender, gender identity, gender expression, sexual orientation, marital status, medical condition, ancestry, physical or mental disability, military or veteran status, or any other characteristic protected by applicable law.

By submitting your application, you agree that Starling Bank may collect your personal data for recruiting and related purposes. Our Privacy Notice explains what personal information we may process, where we may process your personal information, its purposes for processing your personal information, and the rights you can exercise over our use of your personal information.