Hello, we’re Starling. We built a new kind of bank because we knew technology had the power to help people save, spend and manage their money in a new and transformative way. We’re a fully licensed UK bank with the culture and spirit of a fast-moving, disruptive tech company. We’re a bank, but better: fairer, easier to use and designed to demystify money for everyone. We employ more than 2,500 people across our London, Southampton, Cardiff and Manchester offices.
The Senior Information Security Risk Analyst will support and report directly into the Head of Information Security Risk but will have exposure across the Bank to the management of Starling’s information security risks. The role holder will perform assurance of the information security and resilience of Starling Bank, our technology, people and processes.
The role sits within the Risk Department in the second line of defence. The Risk Department is responsible for developing the risk management framework for the business, challenging activities and reports from the first line and monitoring and reporting on risks and controls to the relevant committees, ensuring that the first line continues to operate within the risk appetite and tolerances that have been set.
- Provide technical oversight of information security, ensuring risks are identified, managed and escalated appropriately.
- Assure the resilience and security of Starling Bank’s technology operation by all techniques from inspection, interview to direct testing and scripted checks.
- Provide sound evaluation of issues, incidents and vulnerabilities and experienced technology opinion to the risk department as a whole.
- Challenge potential flaws or vulnerabilities in process, architecture or systems, both directly with first line staff and indirectly via review process.
- Work with first line to improve controls and risk management in-line with strategic objectives, regulatory requirements and evolving threat landscape.
- Establish strong relationships with our engineers, security team, and leadership.
You will have the ability to apply a risk-based approach to challenge the first line across security domains, and have expertise in several of the following areas:
- Ability to assess and test cyber security control effectiveness through the lifecycle from design to implementation and monitoring.
- Working knowledge of key information security related frameworks and standards, such as ISO 2700x, NIST CSF, and PCI-DSS.
- Experience of managing the regulatory and compliance challenges in financial services or similarly regulated sectors.
- Knowledge of assessing security risks and appropriate controls in the context of cloud environments (AWS, GCP, Azure), containerisation, microservices, and infrastructure-as-code.
- Engaging directly with engineers, reviewing source code and application security testing approaches as part of CICD pipelines.
- Review of security logging, monitoring and alerting configuration and SIEM rules.
- Ability to understand and evaluate findings from penetration testing, vulnerability and configuration scanning tools, and auditing patch management.
- Good interpersonal skills with ability to challenge in a positive manner and handle difficult situations.
- Be self motivated, enjoy problem solving and want to continue to learn and develop.
- 25 days holiday (plus take your public holiday allowance whenever works best for you)
- An extra day’s holiday for your birthday
- Annual leave is increased with length of service, and you can choose to buy or sell up to five extra days off
- 16 hours paid volunteering time a year
- Salary sacrifice, company enhanced pension scheme
- Life insurance at 4x your salary & group income protection
- Private Medical Insurance with VitalityHealth including mental health support and cancer care. Partner benefits include discounts with Waitrose, Mr&Mrs Smith and Peloton
- Generous family-friendly policies
- Incentivised refer a friend scheme
- Perkbox membership giving access to retail discounts, a wellness platform for physical and mental health, and weekly free and boosted perks
- Access to initiatives like Cycle to Work, Salary Sacrificed Gym partnerships and Electric Vehicle (EV) leasing
You may be put off applying for a role because you don’t tick every box. Forget that! While we can’t accommodate every flexible working request, we’re always open to discussion. So, if you’re excited about working with us, but aren’t sure if you’re 100% there yet, get in touch anyway.
We’re on a mission to radically reshape banking – and that starts with our brilliant team. Whatever came before, we’re proud to bring together people of all backgrounds and experiences who love working together to solve problems.
Starling Bank is an equal opportunity employer, and we’re proud of our ongoing efforts to foster diversity & inclusion in the workplace. Individuals seeking employment at Starling Bank are considered without regard to race, religion, national origin, age, sex, gender, gender identity, gender expression, sexual orientation, marital status, medical condition, ancestry, physical or mental disability, military or veteran status, or any other characteristic protected by applicable law.
By submitting your application, you agree that Starling Bank may collect your personal data for recruiting and related purposes. Our Privacy Notice explains what personal information we may process, where we may process your personal information, its purposes for processing your personal information, and the rights you can exercise over our use of your personal information.