Cyber Resilience Delivery Specialist - Operational Resilience and DORA
6 Month Contract
Based in London - 2 Days a week on site, 3 Days Remote
Day Rate up to £668 PD Inside IR35, VIA Umbrella
Purpose of Job
- Take the lead in developing, maintaining, and implementing frameworks, policies, and procedures in relation to key areas of cyber resilience, to ensure preparedness for the Digital Operational Resilience Act (DORA) and UK Operational Resilience regime deadlines in 2025. This includes policies and procedures on cyber resilience testing, including penetration testing and exercising, threat led penetration testing, threat modelling, and information sharing and reporting. These should be consistent with regulatory requirements and industry best practice.
- Act as a subject matter expert on cyber resilience related matters in relation to regulatory requirements.
- Lead our second pilot of cyber horizon scanning, developing our strategic reporting capability and enhancing the actionability of insights for the business.
- Provide appropriate reporting on key project metrics and escalation of identified issues to management in a timely manner, clearly communicating progress and risks.
Background
- Security and Operations exist to ensure that the Bank's security risks are managed and aligned to business objectives, enable sustained growth and prevent harm, damage or loss to its people, information or assets.
- This is a project role to support the Cyber Resilience Team, presenting an exciting opportunity to shape our approach to testing and remediation of vulnerabilities to ensure compliance with key regulatory requirements.
Facts/Scale
- Responsible for identifying policy and process requirements and developing appropriate documentation and processes to support compliance with DORA and UK Operational Resilience.
- Responsible for providing valuable insight into regulatory expectations, industry approaches and best practice to inform our processes and structures.
- Responsible for maintaining records and metrics on project progress for cyber resilience deliverables, developing recommendations and ensuring timely escalation of issues.
- Responsible for delivering our second horizon scanning pilot, refining our reporting and processes based on feedback from Pilot 1.
- No direct reports.
- No budget responsibility.
Accountabilities & Responsibilities
- Delivery of policies, procedures and frameworks procedures in relation to key areas of cyber resilience, to ensure preparedness for the Digital Operational Resilience Act (DORA) and UK Operational Resilience regime deadlines in 2025. These should be compliant with regulatory requirements and incorporate best practice.
- Delivery of our second horizon scanning pilot, developing our strategic reporting capability and enhancing the actionability of insights for the business. This will refine our reporting and processes based on feedback from Pilot 1.
- Effective handovers to ensure deliverables are Embedded into BAU as part of an ongoing cyber resilience capability.
- Responsible for reporting on key metrics in relation to the cyber resilience workstream of the DORA and Operational Resilience project, and escalating issues for management attention. This includes providing input into key governance forums.
Knowledge, Skills, Experience & Qualifications
- Very good knowledge of regulatory requirements under DORA and the UK Operational Resilience regime, with experience of delivering against the requirements of such regulations within regulated financial services.
- Knowledge & understanding of relevant frameworks such as NIST, ITIL, and ISO27001.
- Formal security certifications required: CompTIA Security+ minimum, qualifications such as CISSP/CRISC beneficial.
- Excellent knowledge of industry best practice in relation to cyber resilience and a proven ability to use this to inform effective business solutions, policies, and processes.
- Degree in computer science or similar, or equivalent work experience.
- Experience of handling and using cyber threat intelligence to deliver effective solutions to businesses to enhance resilience, within a regulated environment, preferably within financial services. This includes track record of maintaining confidentiality and effective handling of sensitive information in line with organisational policy.
- Excellent stakeholder management, communications (both written and verbal) and influencing skills. This includes the ability to work independently or as part of a team, and a demonstratable ability to communicate complex technical issues to a non-technical audience.
- Strong analytical and problem-solving skills applied to complex technical problems.
- Demonstratable ability to approach issues strategically, with an ability to develop pragmatic and compliant solutions to cyber security issues.
- Experience of vulnerability management programmes, ideally within financial services, including delivery of remediation activity desirable.
- Experience of delivering cyber resilience testing, such as penetration testing or cyber exercising, within a regulated corporate environment, preferably Financial Services is desirable.
Challenges
- The challenges of this role are:
- Ensuring the Bank's cyber resilience testing capability keeps pace with a rapidly-changing threat and regulatory landscape, against a number of regulatory deadlines.
- Liaising with senior stakeholders with diverse and often conflicting priorities, to ensure testing and remediation efforts are aligned with global efforts and support business objectives whilst meeting regional regulatory requirements.
Due to high demand we are only able to respond to applications that meet the required criteria