Cyber Security and Risk Senior Manager, RTGS

Senior Security, Risk and Audit Manager (RTGS) 
Scale D
Permanent, Full-time
Location: Leeds 

Job Description

This role is the centre of expertise in Information Technology Risk and Control for the RTGS Technology Service. The role is complex, requiring gravitas, leadership experience, strategic insight and a collaborative approach. 

A Day in the Role 

Your typical day might begin with a review of any critical information shared by colleagues overnight regarding incidents or changes to cyber risk. If you feel something is of importance you will discuss with the Cyber Division and discuss next steps.

Next up, as a senior manager within the RTGS Technology team you could participate in a cross-functional governance meeting with senior leaders from Technology, Operations, Risk and Audit. You will contribute to this meeting with a short presentation about the current technology risk profile for RTGS and how this is being mitigated with clear time bound actions.

Later in the morning, if a significant incident has occurred you attend the Major Incident Management (MIM) meeting. You are also a key contributor to the post-incident review process to ensure lessons are embedded into practice.

After lunch with colleagues in the staff restaurant you work with your direct report to prepare materials for an upcoming Payments Risk meeting.  You might follow this up with a call to external stakeholders to discuss cyber security for the Critical National Infrastructure that underpins the Service.

Mid-afternoon might see you discussing progress with a programme manager on strategic transformation initiatives—such as RTGS Future Roadmap. You challenge risk interdependencies and ensure alignment with the Bank’s risk appetite.

Towards the end of the day, you review the content that you have prepared for a meeting tomorrow with the RTGS External Auditors that will review our compliance to a variety of regulatory frameworks. 

Role Requirements  

RTGS settles on an average day £800billion and is critical national infrastructure. Each day brings new challenges and opportunities, creating an environment suited for those who work well in a fast-paced setting. An individual whose approach is getting it “right” in tight timescales can make a real difference.

As a Senior member of the RTGS Technology team you will report to the RTGS Technology Service Owner. You are an integral part of the team running our dedicated critical RTGS payments platform.

You will play the lead role in actively driving improvement in overall IT risk identification, management, and reduction within the Service, particularly in relation to threats that could impact the security or resilience of the service. The role will focus on protecting the platforms and demonstrating to stakeholders including Auditors and our Regulators that appropriate governance and control is in place. 

Minimum Criteria

We’re looking for someone who has the following attributes:

• Strong operational track record of successful delivery in audit, risk or technology security roles
• Demonstrable understanding of risk principles, controls, processes, terminology and industry frameworks.
• Strong workload management and delivery, with the ability to work flexibly and adapt rapidly to constantly evolving priorities
• Deep technical understanding of business drivers, IT architecture, constructs, interactions, processes and dependencies
• Build and maintain effective relationships with and influence a variety of internal partners and senior leaders
• Excellent stakeholder leadership skills, to build a network of contacts, to create trust and rapport, persuade and influence at senior management and committee level
• Practical experience of technical audits and processes, including requirements, evidence presentation, management responses and agreeing closure.

Essential Criteria

 We are interested in hearing from candidates who can:

• contribute stability and security to the RTGS service by ensuring that risks are identified and managed in line with Bank Technology Standards.
• Be the prime liaison point between our team and Audit, Enterprise Risk, Financial Markets Infrastructure Division, Payments System Risk and other oversight groups.
• Build and Maintain stakeholder relationships with these groups.
• Develop and maintain a detailed Subject Matter Expert understanding of the RTGS Technical IT & security control environment.
• Represent and delegate for the Technology Service Owner at Risk/Security boards and similar fora.
• Work closely with the Bank’s CISO and Cyber Security Division to ensure that Security controls for RTGS are maintained and effective.
• Provide consulting and mentoring to RTGS Technology Team members on:
  • Mitigating risks and applying effective controls in RTGS
  • Managing and accurately recording risks/issues, including Security points.
• Create regular and efficient risk/audit reporting outputs.
• Operate a regular RTGS Technology Risk working group to maintain continued updates to open risks/actions, and to identify and remediate new issues.
• Liaise with wider Technology Risk team to ensure alignment, and consistency of reporting.
• Lead and develop more junior analysts involved in MI and risk reporting.
• Establish relationships with other payment system risk experts and relevant 3rd party SMEs (e.g. NCSC)

Desirable Criteria

It would also be beneficial, but not necessary, to have some of the following:  

• Experience of working in complex delivery programmes and BAU environments, who is able to act independently with minimal direction
• Experience of planning within a risk management context
• A good understanding of current trends in cyber risk and payments
• Knowledge of Payments or RTGS
• One or more of CISA, CISM, CRISC, CISSP

Don't hesitate to apply if you don't meet all the essential/desirable criteria. We value diverse perspectives and believe that different backgrounds can contribute to our team's success. 

How this role fits into the wider bank:

This role is part of the leadership team of the RTGS Technology domain. It is part of the DG CIO Markets, Banking, Payments & Resolution division within the Technology Directorate. The main internal customer of the team is the Payments Directorate.

Our Approach to Inclusion

The Bank values diversity, equity and inclusion. We play a key role in maintaining monetary and financial stability, and to do that effectively, we believe we need a workforce that reflects the society we serve. 

 

At the Bank of England, we want all colleagues to feel valued and respected, so we're working hard to build an inclusive culture which supports people from all backgrounds and communities to be at their best at work. We celebrate all forms of diversity, including (but not limited to) age, disability, ethnicity, gender, gender identity, race, religion, sexual orientation and socioeconomic status. We believe that it’s by drawing on different perspectives and experiences that we’ll continue to make the best decisions for the public.

 

We welcome applications from individuals who work flexibly, including job shares and part time working patterns. We've also partnered with external organisations to support us in making adjustments for candidates and employees in the recruitment process where they're needed.

 

For most roles where work can be carried out at home, we aim for colleagues to spend half of their time in the office, with a minimum of 40% per month.  Subject to that minimum requirement, individuals and managers should work together to find what works best for them, their team and stakeholders.

 

Finally, we're proud to be a member of the Disability Confident Scheme. If you wish to apply under this scheme, you should check the box in the ‘Candidate Personal Information’ under the ‘Disability Confident Scheme’ section of the application.

 

Salary and Benefits Information

We encourage flexible working, part time working and job share arrangements.  Part time salary and benefits will be on a pro-rated basis as appropriate.

We offer a salary as follows:

Leeds circa £84,960 - £95,580

In addition, we also offer a comprehensive benefits package as detailed below:

• Currently a non-contributory, career average pension giving you a guaranteed retirement benefit of 1/80th of your annual salary for every year worked. There is the option to increase your pension (to 1/65th) or decrease (to 1/105th) in exchange for salary through our flexible benefits programme each year. The Bank has the discretion to vary standard accrual rates and dial up and dial down rates at any time and to withdraw dial up and dial down options at any time.
• A discretionary performance award based on a current award pool.
• An 8% benefits allowance with the option to take as salary or purchase a wide range of flexible benefits.   
• 26 days’ annual leave with option to buy up to 12 additional days through flexible benefits. 
• Private medical insurance and income protection.

 

National Security Vetting Process

Employment in this role will be subject to the National Security Vetting clearance process (and typically can take between 6 to 12 weeks post offer) and the passing of additional Bank security checks in accordance with the Bank policy.  Further information regarding the vetting and security clearance requirements for the role will be provided to the successful applicant, and information about how the Bank processes personal data for these purposes, is set out in the Bank's Privacy Notice.

 

The Bank of England welcomes applications from all candidates, but as a UK Visas and Immigration (UKVI) approved sponsor, we have a responsibility to comply with the Immigration Rules and guidance.  As such, our ability to employ individuals who require sponsorship for immigration purposes is limited.  The Bank cannot guarantee that you and / or the role you are applying for will be eligible for sponsorship and that any application made to UKVI will be successful.  Eligibility will therefore be considered on a case by case basis.

 

The Application Process

Important: Please ensure that you complete the ‘work history’ section and answer ALL the application questions fully. All candidate applications are anonymised to ensure that our hiring managers will not be able to see your personal information, including your CV, when reviewing your application details at the screening stage. It’s therefore really important that you fill out the work history and application form questions, as your answers will form a critical part of the initial selection process.

 

This role closes on Monday 11 August.

 

The assessment process will comprise of two interview stages. 

 

Please apply online, ensuring that you complete your work history and answer ALL the application questions fully and in detail as your application will not be considered if all mandatory questions are not fully completed.