Lead Information and Cyber Security Specialist

At Metro Bank, we believe the best banking experience starts with people who genuinely care. We're not just delivering banking services - we're building trust through authentic connections. Here, our people come first; our colleagues are part of a team that values individuality, collaboration, and long-standing relationships. We are also all about balance so most of our jobs offer the opportunity for hybrid working built around your role and home life, wherever possible.

What You Will Do
As the Lead Information and Cyber Security Specialist you will provide, information security support and oversight service to change initiatives at a variety of scales across the Bank. You will ensure that Information Security risk is managed in accordance with the Bank's Risk Management and Information Security policy frameworks, to inform and direct both tactical and strategic decision making.

• Collaborate with various first line of defence teams to ensure alignment of technology controls to relevant information

security standards

• Support and challenge Information Security control design across IT and the wider business to be as efficient and effective

as possible given the dynamic nature of risk and threat within the banking industry

• Ensure transparency in Information Security decisions made across all programmes and projects that you are supporting
• Support a varied and demanding programme of bank-wide change working with project teams to advise and guide on

information security best practice. You will help ensure that final outputs comply with external best practice, regulation and

internal governance, whilst balancing the specific delivery needs and challenges of the project

• Identify security testing requirements, collaborate with appropriate stakeholders to scope these tests and to ensure that the

business risk associated with any issues identified is incorporated into project risk management and treated in accordance

with the Bank's risk management policies and processes

• Information Security management reporting, specifically within the change and project environment
• When required, deputise for the Head of Information Security Change

And... we are a bank so risk is a part of everything we do. We love people who take responsibility, do the right thing for customers, colleagues and Metro Bank and have the ability to call out any concerns.

What You Will Need

• You must have a strong understanding of information security within the project management lifecycle, alongside a solid

working knowledge of enterprise technology

• You must have a strong risk management background and experience in conducting security risk assessments on projects

and developing security controls

• Specific experience in secure design, build and control methodologies aligned to relevant security standards, e.g.

ISO27001, PCI DSS, NIST

• Demonstrable experience of Agile, DevSecOps, Cloud, containerization, microservices and similar technologies is desirable
• Excellent stakeholder management skills with the ability to distil complex conversations into information that can be

consumed by a non-technical audience to make decisions

• You are able to critically assess regulatory risks applicable to systems and projects within the financial industry against the

wider business and information security risks

• Understand the risks associated with your job and what that means for you, Metro Bank and all our stakeholders

Our promise to you…

• We will make sure that you are well-rewarded by providing you with a competitive salary, discretionary annual bonus, and a wide range of benefits, including generous holiday allowance, attractive pension scheme, healthcare, life assurance, and a number of colleague discounts
• We will give you the training to ensure you succeed in your role and plenty of internal opportunities to progress your career (around 40% of our recruitment comes from internal promotions

Diverse teams really are the best teams. We know that candidates (especially women, research tells us) may be put off applying for a job unless they can tick every box. We also know that 'normal' office hours aren't always doable, and while we can't accommodate every flexible working request we are happy to be asked. So if you are excited about working with us and think you can do much of what we are looking for but aren't sure if you are 100% there yet… why not give it a whirl? Please note that sometimes we may close a job earlier for applications if we are inundated with amazing candidates.. Good luck