About Allica Bank
Allica is the UK’s fastest growing company - and the fastest-growing financial technology (Fintech) firm ever. Our purpose is to help established SMEs, one of the last major underserved opportunities in Fintech.
Established SMEs are the backbone of local communities - representing over a third of our economy - yet have been largely neglected both by traditional high street banks and modern fintech providers.
Department Description
The Allica Security team play a key role in protecting the bank and are responsible for all aspects of security surrounding Applications, Infrastructure and Security Operational Policy. Our mission is to provide the best-in-class security to protect the bank. We live and breathe the Allica values and deliver services intelligently using automation, intelligence, and innovation.
Role Description
An experienced Head of IT Security is required to join a fast-paced IT division, to facilitate and enhance all aspects of security within the bank.
The role will have responsibility for identifying potential threats, proposing and implementing mitigative activities and managing these items through to delivery.
Using a rich source of Application and Network data, you will have experience of designing and implementing effective security monitoring and alerting strategies whilst remaining a very much hands-on approach to driving forward continuous improvement and using your experiences to feed into the wider strategy of enhancing the bank’s IT security further.
Using a combination of third-party tooling and custom solutions to assist you with security threat analysis and detection, you will help drive the security strategy for current and future product implementations. With good mentoring and coaching capabilities, you will help engineering and infrastructure experts adopt a secure by design strategy.
Principal Accountabilities
Strategic Leadership
1. Define and execute a comprehensive, forward-thinking information security strategy that supports decentralized decision-making under centralized governance.
2. Cultivate a security-first culture across the organization, empowering teams to integrate security into their workflows.
3. Collaborate with executive leadership to align security strategies with organizational goals and regulatory requirements.
Security Operations
1. Oversee security operations to monitor, detect, and respond to potential threats in real-time.
2. Lead the establishment of a Security Operations Center (SOC) for continuous monitoring and threat intelligence.
3. Continuously evaluate and enhance security tools, technologies, and processes to stay ahead of evolving threats.
Application and Cloud Security
1. Implement best practices for secure development and deployment of cloud-native applications.
2. Drive adoption of secure coding practices and DevSecOps methodologies across product engineering squads.
3. Establish and manage robust cloud security frameworks that safeguard sensitive data and applications.
Incident Response and Disaster Recovery
1. Develop, implement, and test Cybersecurity Incident Response Plans (CSIRP) and Disaster Recovery Plans (DRP).
2. Lead the response to cybersecurity incidents, ensuring rapid containment and recovery.
3. Conduct post-incident analysis along with the incident team to identify root causes and enhance defenses.
Third-Party Security and Due Diligence
1. Conduct risk assessments and due diligence on third-party vendors and partners.
2. Establish and enforce third-party security standards and monitor compliance.
3. Manage security reviews during vendor onboarding and contract renewals.
Governance, Risk, and Compliance
1. Ensure compliance with relevant regulations (e.g., PCI DSS, GDPR, SOC 2, ISO 27001) and internal policies.
2. Maintain up-to-date knowledge of emerging threats, regulatory changes, and best practices.
3. Establish and report key security metrics to the executive team and board.
Personal Attributes & Experience
1. Proven experience in a senior security leadership role, preferably in fintech or technology sectors.
2. Demonstrated success in building security awareness programs and fostering decentralized accountability.
3. Expertise in security operations, cloud security, application security, and incident response.
4. Relevant certifications such as CISSP, CISM are highly desirable.
5. Strong knowledge of security frameworks (e.g., NIST, CIS, ISO 27001) and compliance standards (e.g., PCI-DSS, PSD2, GDPR).
6. Hands-on experience with security technologies (e.g., SIEM, endpoint protection, cloud security tools).
7. Exceptional leadership and communication skills, with the ability to engage and influence diverse stakeholders.
Working at Allica Bank
At Allica Bank we want to ensure our employees have the right tools and environment in which to succeed in their role and in support of our customers.
Our employees are at the heart of everything we do, so our benefits are designed with you in mind:
1. Full onboarding support and continued development opportunities
2. Options for flexible working
3. Regular social activities
4. Pension contributions
5. Discretionary bonus scheme
6. Private health cover
7. Life assurance
8. Family friendly policies including enhanced Maternity & Paternity leave
Don’t tick every box?
Don’t worry if you don’t have all the skills or requirements listed on the job description. If you think you’ll be a good fit, we’d still love to hear from you!
Flexible working
We know the ‘9-to-5’ isn’t right for everyone. That’s why Allica Bank is fully committed to flexible and hybrid working. Please let us know what is best for you and, if we can, we will do our best to accommodate.
Diversity
We’re a diverse bunch here at Allica, with all kinds of experiences, backgrounds and lifestyles. Our openness and differences make us stronger, and we want everybody to feel comfortable bringing as much of themselves to work with them as they like.
#J-18808-Ljbffr