Technology Risk Analyst

Hello, we’re Starling. We built a new kind of bank because we knew technology had the power to help people save, spend and manage their money in a new and transformative way. We’re a fully licensed UK bank with the culture and spirit of a fast-moving, disruptive tech company. We’re a bank, but better: fairer, easier to use and designed to demystify money for everyone. We employ more than 3,000 people across our London, Southampton, Cardiff and Manchester offices. 

Role purpose

• The Technology Risk Analyst will support and report directly into the Head of Information Security Risk but will have exposure across the Bank to the management of Starling’s technology risks.
• The role holder will perform oversight, challenge and assurance of the performance, security and operational resilience of Starling Bank, our technology, people and processes.

About the role

• Provide technical oversight of technology (cyber security, software engineering, and data management), ensuring risks are identified, managed and escalated appropriately.
• Provide guidance on risk identification and control design for key emerging areas such as artificial intelligence 
• Assure the operational and cyber resilience of Starling Bank’s technology operation by all techniques from inspection, interview to direct testing and scripted checks.
• Provide sound evaluation of issues, incidents and vulnerabilities and technology opinion to the risk department as a whole.
• Challenge potential flaws or weaknesses in process, architecture or systems, both directly with first line staff and indirectly via review process.
• Work with first line to improve controls and risk management in-line with strategic objectives, regulatory requirements and evolving threat landscape.
• Establish strong relationships with our engineers, data scientists, cyber security team, and leadership.

Requirements

You will have the ability to apply a risk-based approach to challenge the first line across security domains, and have expertise in several of the following areas:

• Experience within a regulated industry such as financial services or similarly regulated sectors.

• Ability to assess and test technology control effectiveness through the lifecycle from design to implementation and monitoring.
• Background conducting assurance or audit on application/system risk assessments, a bonus if this includes machine learning and artificial intelligence systems.
• Experience with cloud architecture, threat modelling, simulation exercises and risk assessments.
• Past experience working in a Technology Risk & Control function preferably focused on emerging technology
• Have been involved in designing and developing Technology controls including Information Security, Systems Management, Third party, and Data Privacy.
• Working knowledge of key technology related frameworks and international standards, such as ISO 2700x, NIST CSF, NIST AI RMF, COBIT and PCI-DSS.
• Engaging directly with engineers, reviewing source code and testing approaches as part of CICD pipelines.
• Ability to understand and evaluate findings from penetration testing, vulnerability and configuration scanning tools, and auditing patch management.
• Knowledge of assessing controls in the context of cloud environments, containerisation, microservices, and infrastructure-as-code.

• Good interpersonal skills with ability to challenge in a positive manner and handle difficult situations. 
• Be self motivated, enjoy problem solving and want to continue to learn and develop.

Benefits

• 25 days holiday (plus take your public holiday allowance whenever works best for you)
• An extra day’s holiday for your birthday
• Annual leave is increased with length of service, and you can choose to buy or sell up to five extra days off
• 16 hours paid volunteering time a year
• Salary sacrifice, company enhanced pension scheme
• Life insurance at 4x your salary & group income protection
• Private Medical Insurance with VitalityHealth including mental health support and cancer care. Partner benefits include discounts with Waitrose, Mr&Mrs Smith and Peloton
• Generous family-friendly policies
• Incentivised refer a friend scheme
• Perkbox membership giving access to retail discounts, a wellness platform for physical and mental health, and weekly free and boosted perks
• Access to initiatives like Cycle to Work, Salary Sacrificed Gym partnerships and Electric Vehicle (EV) leasing

About Us

You may be put off applying for a role because you don't tick every box. Forget that! While we can’t accommodate every flexible working request, we're always open to discussion. So, if you're excited about working with us, but aren’t sure if you're 100% there yet, get in touch anyway.

We’re on a mission to radically reshape banking – and that starts with our brilliant team. Whatever came before, we’re proud to bring together people of all backgrounds and experiences who love working together to solve problems.

Starling Bank is an equal opportunity employer, and we’re proud of our ongoing efforts to foster diversity & inclusion in the workplace. Individuals seeking employment at Starling Bank are considered without regard to race, religion, national origin, age, sex, gender, gender identity, gender expression, sexual orientation, marital status, medical condition, ancestry, physical or mental disability, military or veteran status, or any other characteristic protected by applicable law.

By submitting your application, you agree that Starling Bank may collect your personal data for recruiting and related purposes. Our Privacy Notice explains what personal information we may process, where we may process your personal information, its purposes for processing your personal information, and the rights you can exercise over our use of your personal information.