Security Consultant - Governance, Risk & Control (GRC), Head Office Swindon
£42,370 - £61,201 a year on a Full time, permanent contract.
Send in your application by 12th of December 2018.
Nationwide's reputation depends on the trust of our members and the desire of staff to do the right thing. The ever-increasing importance of our member's data and interactions bring exposure to a growing number of issues and challenges across the organisation, including the threat of a cyber-attack.
As a Security Consultant you will be working in a newly formed, ambitious, well-respected and fast paced team. You will be responsible for the execution of the information risk assessment methodology and aiding our Communities in the assessment and management of security risks within their business services. You'll have well developed interpersonal skills and be able to build and maintain the right relationships within Nationwide Communities and our Security teams. This will ensure that risk assessments are performed on a BAU basis and during the significant changes planned in our Big Investment - all in accordance with recognised industry practices.
As a building society, we're run for and on behalf of our members. Not shareholders. This means that we reinvest our profits back into products and services to improve our members' lives. It also allows us to invest in the latest security technolog...
Before you apply, we encourage you to learn more about Nationwide Building Society
Be unique. Be authentic. However you prefer to say it, we really mean it. Our culture
embraces people’s diverse perspectives and creates a positive environment where everyone
belongs. We’re determined to build a better, more connected world for everyone.
Articles you might like
Nationwide Partner with PurpleSpace
How storytelling is key to building a strong sense of self
One of the most powerful ways of communicating with our colleagues and raising awareness o...
As a building society, we're run for and on behalf of our members. Not shareholders. This means that we reinvest our profits back into products and services to improve our members' lives. It also allows us to invest in the latest security technology whilst being at the cutting edge of API, Cloud, Agile and DevOps ecosystems.
Who we're looking for
The successful person will have or be able to demonstrate:
Ability to simplify complex technical subjects into quantitative and qualitative business terminology
Strong analytical and communication skills with the ability to advise, influence, persuade and prioritise and measure success
Excellent and proven relationship management and stakeholder management skills, including the ability to provide constructive challenge to all stakeholders
Demonstrable practical experience in information risk assessment
Self-motivated with evidencable experience of embracing and managing security change
Understanding of the relationship between security, operational resilience and control functions
Flexible approach to working and embracing new working concepts
Proven experience of providing, executing and overseeing security risk management methodologies in enterprise environments and advising on associated control requirements
Strong attention to detail, with excellent analytical skills
Demonstrable well developed written and presentation skills
CISSP, CISM, CRISC or equivalent experience
It would be nice if you also had:
Experience of the financial services sector
Exposure to and knowledge of information assurance procedures
Practitioner experience of Information and IT security controls
Pubic Speaking experience
Knowledge of Cloud Security
Experience with GRC Technologies and Processes
Experience with AGILE ways of working
What you'll be doing
Working alongside the Security Manager for Information Risk in Security, you will be an influencer in a mindset shift in the department and the wider organisation. You will have accountability for the implementation and execution of the information risk assessment methodology as part of department wide change initiatives.
You will be accountable for:
support and accelerate the development of the information risk assessment toolkit and methodology
deliver continued enhancement and operation of an appropriate risk management methodology and associated processes
ensure appropriate risk management and technical responses are identified and prioritised
support the development and performance of business impact assessments
ensure information risk management processes are aligned with wider organisational risk management approach
build effective relationships with stakeholders within the Society to establish the team as a trusted advisor in information risk management
engagement with business communities to help embed and execute information risk assessments for the Society's information assets
support the maturation of the security governance, risk and controls framework
management of central risk registers and influencing control improvements.