Hours: Salary: £48,050 Per Annum Closing Date: Wed, 13 Nov 2024 We are seeking an experienced, skilled and motivated Information Security Specialist to join our dynamic Information Security team. As an Information Security Specialist, you will be responsible for policy development, standards implementation, compliance management, risk management, security testing and promoting positive security culture and behaviours across Skipton Building Society. About Skipton Building Society At Skipton Building Society we are not just another Financial Services Institution, we are a mutual organisation, which means we are owned by our members and believe in placing them at the heart of everything we do. The same goes for our people. We can only be successful as a business if we have great people. We’re committed to creating a diverse and inclusive workplace where every colleague has an opportunity to fulfil their career potential. We respect and appreciate the value that our colleagues’ unique differences can bring and offer consideration for anyone seeking a more flexible work-life balance. Our colleagues say Skipton's a great place to work, and you could be one of them, bringing with you new ideas on how we can keep customers at the heart of what we do. Whatever your background, and whatever your goals, we'll help you take the next step towards a better future. What Will You Be Doing? Developing, reviewing, and maintaining our information security policies, standards and procedures in alignment with industry and regulatory frameworks such as ISO27001 and NIST. Collaborating with stakeholders to ensure policies and standards reflect industry best practices and comply with regulatory requirements. Serving as a subject matter expert and trusted advisor on information security, providing guidance and recommendations across the business Monitoring and measuring our security control effectiveness based on thorough, scheduled testing throughout the Society. Supporting risk assessments and audits to identify areas of non-compliance and providing recommendations for remediation. Maintaining and improving our internal vulnerability management schedule. Working with our trusted, independent partners to manage scheduled penetration testing of our critical infrastructure and applications. Supporting third-party security risk assessments, including due diligence, vendor onboarding, and ongoing monitoring. Collaborating with internal teams to provide guidance and support on information security matters, including security behaviours and culture training and incident response. What Do We Need From You? Knowledge: Proficiency in creating and maintaining information security policies and procedures to a high-quality standard. Strong, practical knowledge and experience with ISO27001 and NIST frameworks, including implementation and compliance analysis. A good understanding of regulatory requirements, such as GDPR, PRA/FCA, PCI DSS etc. Broad and comprehensive knowledge of common information security technologies, tools, and best practices (i.e. Microsoft Azure, Vulnerability Management, Incident Management, Risk Analysis, Security Awareness and Training etc.) Understanding of using emerging cyber threats to drive a continuous security improvement program. Experience: A minimum of four years in an information security role or a similar position is required. Proven expertise in risk management and responding to cybersecurity incidents. Extensive experience with vulnerability management and conducting penetration testing programs, including the use of tools like Qualys or Tenable. Demonstrated skill in monitoring and evaluating the effectiveness of security controls against standards. Exceptional analytical and problem-solving abilities, capable of assessing risks and formulating practical solutions. Experience in creating and implementing a robust security behavior and culture program. Prior experience in managing third-party supplier risk is also necessary. Behaviours: Strong written and verbal communication skills with an ability to interact with stakeholders at all levels of the business. Motivated, self-directed with the ability to work effectively and efficiently without extensive supervision. A creative and proactive approach to continuous learning and professional development. Qualifications: Degree in Cybersecurity, Information Technology or a related field (or equivalent experience) Relevant certifications such as CISM, CISSP, ISO27001 Lead Implementer/Auditor or similar Why Work For Us? Skipton values work/life balance and we are proud to support hybrid and flexible working, where possible. We have a newly refurbished head office which offers a vibrant and collaborative working space. We have a range of other benefits available to you including: Annual discretionary bonus scheme 25 days standard annual leave bank holidays rising 1 day per year of service to a maximum of 30 days. Holiday trading scheme allowing you to buy and sell additional annual leave days. Matching employer pension contribution (up to 10% per annum) Colleague mortgage (conditions apply) Salary sacrifice scheme for hybrid & electric car Private medical insurance for all our colleagues 3 paid volunteering days per annum A commitment to training and development. We care about your health and wellbeing – we provide a range of benefits that support this including cycle to work initiative and discounted gym membership. Diverse and inclusive colleague networks available for you to join including our Carers and Pride Alliance groups. Due to the importance of this vacancy, we will be conducting interviews with suitable candidates before the application closure date. There will be a telephone interview where you get to find out more about the role and then a second stage interview with the hiring team which will be competency based with a choice of presentation.