About the role We’re looking for a Lead Information Security Analyst to join our existing security team. We're looking for someone who understands information security risks, assess capabilities, and can help Nucleus deliver a service that can be trusted. The Lead Information Security Analyst must be able collaborate with teams across Nucleus, and our outsource partners, to ensure we are effectively managing our information security risks, and line manage a security analysis team. The information Security team aims make sure that Nucleus is a trusted partner to the firms and people we work with. Being able to demonstrate that we understand and manage our risks through clear and structured reporting, is a key component of building that trust. You'll have experience building and maintaining security risk management programmes, assessing maturity levels, identifying areas for improvements, and turning these individual components into something that shows the bigger picture for the whole group. Understanding our ability to withstand threats is a critical capability for Nucleus, this is an opportunity to help influence how we meet expectations from customers and regulators, to show that they can rely on Nucleus as a trusted partner. You’ll work with SMEs across Nucleus to analyse existing controls, identify potential sources of harms, conducting tabletop exercises to test assumptions, and maintain an effective audit trail through reporting. This includes reviewing and working with our outsource partners and vendors that form our supply chain. Responsibilities Working with teams to document security controls Using that information to improve our understanding of our wider security capabilities Ensure training is in place that embeds security thinking into how Nucleus works Support Audit and Due Diligence activities to help demonstrate Nucleus’s capabilities. Working with other teams who perform oversight in related areas including Data Governance, Operational Resilience, and Vendor Management Conducting tabletop exercises to validate assumptions Developing continuous improvement plans for ourselves and other teams Demonstrating our approach to interested parties, including auditors and regulators Support security assessments within other members of the Nucleus Group, to ensure Nucleus has an end to end understanding of our exposures and capabilities. Manage an information security analysis team, producing relevant metrics & reporting. Help maintain the information security policy suite Support the oversight of Critical Outsource Partners Working with Security Operations and Application Security to define standards that ensures Nucleus continues to manage our security risks effectively. Take responsibility in everything you do to deliver good outcomes for our customers Positively demonstrate the Nucleus Smart, Heart and Courage values and behaviours Ensure compliance with Code of Conduct at all times We currently use the NIST Cyber Security Framework as the basis for our security maturity assessments. About you Your friends would probably describe you as the trusted one. You’ll be the type of person who is passionate about making sure information is clear, detailed and accurate. You’ll enjoy working with subject matter experts to understand their processes, improving documentation and making sure task are delivered in a timely manner. You will see challenges as opportunities for continuous improvement, maintaining best practices that enable us to deliver excellent customer experiences every day. You’ll enjoy working within a fast-paced environment that gives you the opportunity to multi-task within set deadlines. Professional with a positive outlook, you’ll take great pride in your ability to act on your own initiative and remain flexible in changing circumstances and priorities. You’ll also enjoy working as part of a diverse and supportive team, collaborating with your colleagues to share ideas and knowledge and suggest improvements. At Nucleus, we’ve always placed high value in cultural contribution and growing our diversity of thought, over technical capability. But it would great if you had some of the following: Able to build and maintain a structured approach to managing information security risks, such as an ISMS Experience in managing supply chain security risks through Vendor Risk Assessments and Due Diligence Able to conduct exercises to understand risks, such as Threat Modelling and Security Maturity Assessments Experience gaining and maintaining certification such as CyberEssentials or ISO27001 Focused on delivering positive outcomes Experience of project management, documentation and reporting is beneficial A team player, approachable, helpful and willing to go the extra mile Knowledge of using collaboration tools such as Jira, Wiki, M365 An excellent communicator, able to discuss security effectively with areas of the business. Significant Information Security experience, preferably within financial services. Able to understand other people’s views and provide appropriate challenges to ensure our Information Security risks are effectively managed. Ownership of tasks, attention to detail and following through to conclusion. Ability to prioritise and remain agile with competing work demands. Excellent attention to detail A little about us We are the Nucleus Financial Platforms group and we help make retirement more rewarding. Here at Nucleus, people come first - whether it’s our colleagues, or the advisers and customers we support, we know that working in partnership and collaboration leads to the best outcomes. Together, we’ve shaped the platform to how it is today. We work hard, and we celebrate hard too. Our ambition is to create a platform with a difference, putting the customer centre stage meant tearing up the rule book and starting from scratch. We’ve come a long way since then, but our mission remains just as focused. That’s why our culture, values, and social responsibility are things we keep at the top of our agenda – because we know they matter and have a big impact. Our culture is one of the many things that sets us apart from the pack. We want to have an environment where our people feel that they can make a real difference, know they’ll be rewarded for their efforts and more importantly, enjoy themselves at work. Are we a perfect match? Check out this video and find out Inclusion and diversity at Nucleus As with most things in life, who cares, wins. We really care about inclusion. For us it’s not a tick box exercise; inclusion and diversity are embedded in our culture and everything we do. It’s a commercial imperative. It isn’t about being PC. It’s about being future-relevant and durable. We owe it to ourselves and the industry to ensure we are playing our part in creating a fair, balanced and transparent financial services sector. More diversity means broader experience, a wider set of perspectives and a better collective ability to problem-solve. And it means being more representative of customer groups, which supports areas such as product development. At Nucleus, we offer a generous blend of benefits for the things that really matter to our people, including a non-contributory pension, bonus, enhanced parental leave, paid time off for emergencies, health and wellbeing initiatives and flexible working options. If you’d like to find out more about us or the role, please get in touch with Hannah in our people team.