Do you want to be part of a force for good, helping to make life better for customers & society in the moments that matter? At Hodge, we put people at the heart of our business and that means our customers, colleagues and communities. Hodge is a Welsh financial service provider that focuses on commercial lending and specialist residential mortgage markets.
Under the overall management of the Security Architect, lead the Cyber Security team to ensure that all internal and external applications, infrastructure, and data are managed in line with cyber and information security best practice and that the estate is proactively upgraded and maintained.
Lead the Cyber Security engagement and activity across Hodge to ensure that new and amended services are built and taken live with the appropriate level of control. Engage with internal and external stakeholders to drive continual improvement of cyber security and related practices.
Minimum Requirements:
* Experience of working to recognized cyber security and risk frameworks
Key Responsibilities:
Cyber Security Operation:
* Manage implementation and ongoing operation of appropriate cyber security toolset covering user, infrastructure and application activity.
* Manage implementation and operation of vulnerability management processes across applications and infrastructure.
* Work with outsourced security providers to ensure work being undertaken is of required standard and appropriate reporting is available.
* Develop, maintain and manage the Security Controls Catalogue to ensure consistent reporting of risks and controls, and alignment to best practice.
* Develop, maintain and manage the Security Roadmap to provide visibility and control of ongoing security enhancements.
* Ensure that all evidence of controls and cyber operations is maintained to support external and internal audit assessments.
* Ensure appropriate documentation is maintained to support current and future activity.
* Ensure work includes appropriate quality control mechanisms and automated reporting.
* Lead the security awareness programme for Hodge colleagues ensuring that ongoing learning materials are developed and enhanced as required. Undertake regular testing exercises with colleagues to measure assimilation and awareness.
* Manage Blue and Red team exercises to ensure existing technical controls and processes are effective, coordinating and remedial work required.
* Ensure that Cyber security activity undertaken supports visibility, transparency and suitable metrics on cyber controls and activity.
* Undertake assurance assessments of third-party suppliers.
* Manage and report the benefits, risks and alternatives of relevant frameworks, tools and languages.
* Review work of other cyber team members to ensure quality standards are maintained and knowledge transfer.
* Work with IS Service Delivery and Development teams to assist in the investigation and resolution of live issues and to support BAU activity.
* Work with IS Service Delivery team to ensure Service Transition controls and documentation are provided in line with agreed Service Transition framework.
Project and Change Support:
* Work with Service Delivery and Technology Project colleagues on implementation and planning of cyber related tools and projects.
* Work with business and IT stakeholders to ensure security provision and tools align with short and longer-term goals.
* Work with software and delivery teams to provide cyber security and controls guidance across development and infrastructure projects.
* Engage with software teams to define controls to be applied as part of software development and delivery.
* Work with delivery teams to agree security NFRs (authentication, confidentiality, integrity, etc.) and ensure required operational controls are defined, agreed, tested and implemented.
* Engage with external suppliers to utilize external expertise where required across delivery and live operation.
* Understand core architectural patterns, frameworks and architecture used by Hodge and understand the security implications.
* Develop and implement threat modeling and risk analysis framework.
* Ensure that defined security standards are applied to all work undertaken (e.g. password policy, authentication standards).
* Work with 3rd party suppliers to manage penetration test planning, execution and evaluation of results.
* Engage with and contribute to relevant cyber and tech community forums.
* Line management responsibility for Cyber Security Analysts and Engineers.
* Advise and coach other team members to aid their technical and team development.
* Proactively investigate technology landscape and best practice to identify improvements.
* Maintain a knowledge of current Cyber technologies and best practice to identify improvements.
* Engage with external parties to share and improve knowledge.
* Progress formal training and certification in relevant technologies and disciplines.
General Responsibilities:
* Comply with all company policies and procedures and legislative and regulatory requirements, including, but not exhaustively, those related to GDPR, Money Laundering, Health & Safety, PRA/FCA regulations, employment and other legislative requirements (as applicable).
* Undertake any other reasonable tasks as and when requested by senior management.
* Develop and maintain an up-to-date knowledge of Compliance & Risk regulatory and legislative information related to products/services (e.g. PRA/FCA rules, Data Protection, Money Laundering, etc.), as advised by line management.
* Support the risk culture of the organisation by taking personal responsibility for identifying and managing risks in everything you do.
Please be aware that should we pursue your application, all our Financial Services employees will be expected to complete background checks to assess suitability for employment, these include; a criminal record, identity, sanctions, adverse finance, fraud prevention and reference checks to comply with our regulatory requirements.
Hodge is an advocate of being an equal opportunities employer. We believe in promoting equality and diversity which is central to our lives today. We welcome applications from all sections of the community and recognize the value a diverse workforce brings to an organisation.
ESG and sustainability are at the heart of everything we do and serves as a reminder of the responsibility we have to our stakeholders, customers, colleagues and the communities we operate in to use our position wisely. We’re currently exploring different certifications available and have done an initial review of how we think we’d fare, as we see this as a real opportunity for Hodge given our social purpose.
Apply today to become part of Hodge’s mission to make life better for customers and society in the moments that matter.
#J-18808-Ljbffr