Information Security Director

Job Description

Starling is the UK’s first and leading digital bank on a mission to fix banking! We built a new kind of bank because we knew technology had the power to help people save, spend and manage their money in a new and transformative way.

We’re a fully licensed UK bank with the culture and spirit of a fast-moving, disruptive tech company. We’re a bank, but better: fairer, easier to use and designed to demystify money for everyone. We employ more than 3,000 people across our London, Southampton, Cardiff and Manchester offices.

Our technologists are at the very heart of Starling and enjoy working in a fast-paced environment that is all about building things, creating new stuff, and disruptive technology that keeps us on the cutting edge of fintech. We operate a flat structure to empower you to make decisions regardless of what your primary responsibilities may be, innovation and collaboration will be at the core of everything you do. Help is never far away in our open culture, you will find support in your team and from across the business, we are in this together!

The way to thrive and shine within Starling is to be a self-driven individual and be able to take full ownership of everything around you: From building things, designing, discovering, to sharing knowledge with your colleagues and making sure all processes are efficient and productive to deliver the best possible results for our customers. Our purpose is underpinned by five Starling values: Listen, Keep It Simple, Do The Right Thing, Own It, and Aim For Greatness.

Hybrid Working

We have a Hybrid approach to working here at Starling - our preference is that you’re located within a commutable distance of one of our offices so that we’re able to interact and collaborate in person. In Technology, we’re asking that you attend the office a minimum of 1 day per week.

About the role

Here at Starling we are growing, and we are keen to recruit an Information Security Director as part of our continued investment in Information and Cyber Security capability.  Reporting to the CISO, the Information Security Director will lead the Office of the CISO and act as a line manager to a team of Information Security analyst(s).  The successful candidate will lead the continuous improvement of our Information Security capabilities and governance.

The role will suit an ambitious information security or cyber specialist, with strong team building and leadership skills who aspires to the CISO role in the future.

What you’ll get to do

• Manage and maintain the Information Security Policy Framework across Starling Group that addresses the needs of the Group, its customers, employees and other stakeholders in line with relevant legislation and industry standards.
• Establish and maintain standards for control implementation procedures.
• Liaise with external bodies and organisations to keep abreast of emerging trends, technologies and legislation that have an impact on Information Security.
• Support security controls assessment, and accreditation, e.g. ISO/IEC 27001.
• Manage the input to the Information Security Risk Register and ensure coherence with the Bank’s Risk Management framework.
• Act as point of contact for the second, third line of defense and other stakeholders (e.g. Legal, Regulatory Affairs) and coordinate audit and request response.
• Manage the creation of Board, committees and regulatory engagement meeting material and communication.
• Establish a framework and manage the Information Security reporting capability incl. regular revision of Key Risk and Performance Indicators.
• Support the CISO in the yearly Information Security strategy review and roadmap definition.
• Manage the Information Security related budget.

You will:

• be a Self Starter with the ability to lead, inspire and drive change through an organisation.

• have the ability to be pragmatic while balancing the needs of the Bank against security.

• have an ability to think and plan strategically and systematically while recognizing the need to deliver to the business requirements.

• have previous experience working in a complex IT organisation encompassing service delivery, application development and IT infrastructure.

• an understanding of best practice within Information Security and risk management including standards such as ISO/IEC 27001, NIST, Cyber Essentials and COBIT.

• an understanding of legislation and regulations that impact information Security. E.g. Data Protection Act and GDPR, DORA, Freedom of Information Act, PCI DSS.

• Have previous experience in leading, developing and motivating a team.

• An understanding of current and emerging threats and countermeasures and the organisational challenges to addressing these threats.

• An understanding of Cloud and AI related Security threats and countermeasures.

• A good knowledge of security technologies and wider business solutions including Identity and access management, security monitoring, and data security technologies.

• A good understanding of financial services and awareness of broader requirements.

• Share knowledge and provide guidance on internal bank first line related processes.

• Take responsibility and do the right thing for customers, colleagues and partners.

• It would be great if you have one or more of the following qualifications, but it’s not essential; Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP), or Certified Information Systems Auditor.

You may be put off applying for a role because you don’t tick every box. Forget that! While we can’t accommodate every flexible working request, we’re always open to discussion. So, if you’re excited about working with us, but aren’t sure if you’re 100% there yet, get in touch anyway.

We’re on a mission to radically reshape banking – and that starts with our brilliant team. Whatever came before, we’re proud to bring together people of all backgrounds and experiences who love working together to solve problems.

Interview Process

Interviewing is a two way process and we want you to have the time and opportunity to get to know us, as much as we are getting to know you! Our interviews are conversational and we want to get the best from you, so come with questions and be curious. In general you can expect the below, following a chat with one of our Talent Team:

1. First stage with CISO ~ 45 minutes
2. Second stage with additional members of Infosec Team ~ 1 hour
3. Final stage with CIO ~ 45 minutes

This role will shut for applications on Mon 27th April.

• 33 days holiday (including public holidays, which you can take when it works best for you)
• An extra day’s holiday for your birthday
• Annual leave is increased with length of service, and you can choose to buy or sell
• up to five extra days off
• 16 hours paid volunteering time a year
• Salary sacrifice, company enhanced pension scheme
• Life insurance at 4x your salary & group income protection
• Private Medical Insurance with VitalityHealth including mental health support and cancer care. Partner benefits include discounts with Waitrose, Mr&Mrs Smith and Peloton
• Generous family-friendly policies
• Incentives refer a friend scheme
• Perkbox membership giving access to retail discounts, a wellness platform for physical and mental health, and weekly free and boosted perks
• Access to initiatives like Cycle to Work, Salary Sacrificed Gym partnerships and Electric Vehicle (EV) leasing

About us

You may be put off applying for a role because you don’t tick every box. Forget that! So, if you’re excited about working with us, but aren’t sure if you’re 100% there yet, get in touch anyway. We’re on a mission to radically reshape banking – and that starts with our brilliant team. Whatever came before, we’re proud to bring together people of all backgrounds and experiences who love working together to solve problems.

Starling is an equal opportunity employer, and we’re proud of our ongoing efforts to foster diversity & inclusion in the workplace. Individuals seeking employment at Starling are considered without regard to race, religion, national origin, age, sex, gender, gender identity, gender expression, sexual orientation, marital status, medical condition, ancestry, physical or mental disability, military or veteran status, or any other characteristic protected by applicable law.

When you provide us with this information, you are doing so at your own consent, with full knowledge that we will process this personal data in accordance with our Privacy Notice. By submitting your application, you agree that Starling will collect your personal data for recruiting and related purposes. Our Privacy Notice explains what personal information we will process, where we will process your personal information, its purposes for processing your personal information, and the rights you can exercise over our use of your personal information.