Cyber Assurance Analyst

Cyber Assurance Analyst

Salary: National ranging from £55,200 to £65,000 and London from £60,000 to £75,000 per annum

Are you interested in joining a team that will help shape and deliver the future of Cyber Security at the FCA?  

The team/department 

Cyber and Information Resilience (C&IR) is responsible for the management of cyber security at the FCA. 'Cyber security' means the protection of the FCA's data and systems from malicious activity, including theft, damage and disruption, in order that the FCA can deliver its key business functions. C&IR is now part of a new formed Directorate lead by our CISO, Director of Cyber & Operational Resilience Division.

​​​​​​The role is based in Operational Assurance team, who are responsible for the FCA & PSR's cyber assurance activities working to determine that correct cyber governance and control measures are in place.

The team conducts thorough reviews and testing to confirm the appropriate application (whether through technology, process, or behaviour) of the policies and the secure operation of the FCA/PSR’s systems and the information and data there on.

What you will be doing (the role) 

We are seeking a highly skilled Cyber Assurance Analyst to join our team and contribute to the ongoing efforts in assessing and improving the cyber security posture of the FCA.

The ideal candidate will possess a strong understanding of cyber assurance practices, emerging threats, and risk management practices.

They will perform comprehensive security assessments, provide insightful recommendations, and offer guidance to the FCA to enhance their cyber resilience.

• Conduct cyber security assessments and evaluate the effectiveness of the FCA defence strategies, incident response plans and control measures

• Review existing cyber security policies, procedures, and frameworks to ensure that compliance with applicable regulations, best practices, and industry standards

• Scope and Manage Pentest Engagements, identify vulnerabilities, threats and risk exposures that may pose a threat to the FCA data security and operational stability

• Collaborate with internal Audit, Risk and Policy and Governance and Compliance teams to establish effective guidelines, compliance and good practices to enhance the cyber security posture

• Develop and maintain cyber assurance metrics, tracking progress and improvements of the FCA cyber resilience overtime

• Enhance Cyber Assurance Framework, by documenting key assurance processes, compliance regime and assessment mythologies for FCA security controls

• Engage with stakeholders of all levels and translate security vulnerabilities in layman’s terms to more senior stakeholders

What you will get from the role 

Working for the FCA allows you specialise in the unique cyber security challenges faced by the financial services industry.

Through your role as cyber assurance professional, you will develop comprehensive understanding of cybersecurity principles and practices that can be applied to across various environments covering emerging security technologies.

Working for the FCA can provide networking opportunities with professionals across the financial services sector as well world leading cyber security vendors. You will have the chance to collaborate with industry leaders, attend conferences, and participate in working groups and forums, which can contribute to your professional growth and expand your network.

Career progression is paramount to the success of the FCA, as there will be potential opportunities to progress to more senior roles as you develop.

Overall, a cyber assurance role at the FCA offers a unique blend of industry-specific expertise, regulatory knowledge, and professional growth opportunities that can significantly enhance your cyber security career.

Our competitive flexible benefits scheme gives you the opportunity to create a personalised benefits package, tailored to suit your lifecycle. You can use this allowance to purchase additional benefits such as dental or cycle to work or you have the option top up your base salary by taking this as cash. 

Core benefits that you will receive as standard are: 

• 25 days holiday per year plus bank holidays

• Private healthcare with Bupa 

• A non-contributory Pension of at least 8% of basic salary each month (there are several contribution levels that increase depending on your age – up to 12% a month once you reach age 35) 

• Life assurance of eight times your basic salary 

• Income protection 

We support hybrid working which means you will be able to work from home up to 60% of the time over a month with the remainder of your time in one of our three office locations. 

The skills and experience you will have 

Minimum  

We are a signatory to the Government’s Disability Confident scheme. This means that we will offer an interview to disabled candidates entering under the scheme, should they meet the minimum criteria for a role. 

• Proven experience working in vulnerability management and post incident reviews and able support security projects and BAU initiatives

• Proven experience of inputting from a SME perspective validating security controls in alignment with policies and standard

• Proven experience of carrying out audits, managing pentest engagements, documenting findings, and providing sound recommendations to management. Also lead on pentest vendor procurement exercises to ensure we are using the best of bread and taking full advantage of innovative ways of testing

Essential 

• Role-specific know-how, transferrable skills, elements of core skills and behaviours that are essential to the role, referring to our Capability Framework as a source of information to help you design your criteria  

• Good understanding of cybersecurity frameworks and regulations (e.g NIST Cybersecurity Framework, ISO27001, PCI-DSS, CIS, GDPR etc)

• Proficient in performing cyber security risk assessment, vulnerability assessments, scoping and managing the end-to-end pen test engagements with key stakeholders, post incident analysis and be able to understand penetration testing reports

• Strong analytical skills with the ability to identify vulnerabilities, analyse threats, and propose appropriate mitigation strategies

• Excellent written and verbal communication skills with the ability to prepare concise Cyber reports, deliver effective presentations and produce well-structured security procedures and standards

• Strong interpersonal skills to collaborate with internal and external stakeholders and build effective working relationships

• Understanding of cloud platforms such as Azure, AWS and Salesforce etc

• Understanding and use of security tooling such as Qualys, Nessus ( vulnerability management tooling), Risk Reacon, Bitsight, Toro (third party risk management tools). Security Reporting Dashboarding tools, opensource vulnerability tools, Familiar with Jira and ServiceNow or similar

• Professional certifications such as Security CompTIA plus, CISA, SSCP, ECSA, CRISC or similar

About the FCA  

The FCA regulates the conduct of 50,000 firms in the UK to ensure our financial markets are honest, fair, and competitive. We do this to make sure markets work well for individuals, businesses, and the economy. For more information on what we do, our three-year strategy can be found here. 

The FCA's Values & Diversity

Our ambition is to cultivate a culture of inclusion for all employees that respects their individual strengths, views, and experiences. We believe that our differences and similarities enable us to be a better organisation – one that makes better decisions, drives innovation, and delivers better regulation. 

The FCA is committed to achieving greater diversity across all levels of the organisations. Given this, we particularly welcome applications from women, disabled and minority ethnic candidates for our senior associate role.  

Flexible working

We welcome applications from candidates who are looking for flexible arrangements.  Many of our staff work flexibly including working part-time, staggered hours, and job shares.  We can’t promise to give you exactly what you want but we won’t judge you for asking.   
 

Multi-location

As part of the FCA’s on-going commitment to develop our national presence, most of our vacancies are now open to working in our Edinburgh, Leeds, or London offices.  This means that as part of the application process you will be able to select your preference of which office location you would like to work from.  

Useful information 

Applications for this role close at 23:39 on 21st October 2024

This role is graded as Senior Associate - Regulatory

Got a question?   

If you are interested in learning more about the role please contact: 

For internal applicants, please contact Katie Ayling at katie.ayling@fca.org.uk

For external applicants, please contact Asha Gladis at asha.gladis@fca.org.uk

What to expect from our interview process 

The assessment process consists of an initial screening call with one our Recruitment Partners or Hiring Managers.  If successful, you will be invited to attend a competency-based interview.

Security Clearance/Vetting  

The successful candidate will hold or will be required to obtain Security Clearance (SC) level vetting.

Please note that all applications must be submitted through our online portal, applications sent via email will not be accepted.