Senior Threat & Vulnerability Analyst

Job Title: Senior Threat & Vulnerability Analyst

Contract Type: Permanent

Location: Alderley Edge/Edinburgh

Working style: Hybrid 50% home/office based

Closing date: 7th February 2025

We are expanding our security and resilience team within the CISO office. Over the last few years, we have been on a continuous improvement journey and are looking to expand the team. This new role will allow us to fully enact our threat-led vulnerability management program, risk-assess the rapid uptake of cloud services, drive further improvements across cyber and support our organisational goal of building a secure and resilient mutual. With a security team of more than fifty staff, this new role will continue to enhance our capabilities against an ever-changing cyber threat landscape.

We are seeking a highly skilled and experienced Senior Threat and Vulnerability Analyst to join Royal London. In this role, you will play a critical part in safeguarding our organisation against potential threats and vulnerabilities. Your expertise and strategic thinking will be essential in protecting our sensitive information and ensuring the overall security of our operations.

In this position, you will be responsible for the assessment of vulnerabilities across the Royal London estate. You will help lead on the identification, prioritisation, and remediation tracking of vulnerabilities to ensure that Royal London operates in line with current legislative, regulatory, and business security requirements. You will work closely with cross-functional teams to help them implement security measures and provide guidance on best practices. Additionally, you will need to stay up to date with the evolving cyber threat landscape and proactively research and analyse emerging threats.

This is an excellent opportunity for a meticulous and results-driven professional with a strong background in cybersecurity, and particularly vulnerability management. If you are enthusiastic about protecting sensitive information, customer data and have a proven track record of implementing effective security measures, we would love to hear from you.

 About the role

• Support the Vulnerability Manager in leading a team of patching and vulnerability analysts providing effective leadership whilst also helping support senior management thereby ensuring vulnerabilities are resolved appropriately by remediation teams and within documented SLAs. Provide guidance, support, and mentorship to foster professional growth and maximise individual and team performance.
• Supporting the governance related to this key control.
• Ensuring all regular and out-of-band vulnerabilities are risk assessed against agreed risk thresholds and support the prioritisation and remediation work of teams within documented SLA and compensating controls.
• Help provide regular KRI metrics and reports, along with a clear narrative for non-compliant remediation activities.
• Review and enhance processes and technologies used to support and execute the vulnerability management service.
• Work collaboratively with other Security Leads and the wider IT team to triage and remediate security threats and vulnerabilities within agreed SLAs.
• Collaborate with the incident response team in investigating and responding to security incidents, providing subject matter expertise and support in the use of security technologies to identify, contain, and remediate threats.
• Remain up to date on the latest cyber technologies, threat landscapes and vulnerability exploitation techniques.
• Ability to work on their own but also manage others, including third parties.

About you 

• Proven experience in vulnerability management and application security technologies across an on-prem and Cloud estate. Experience leading a vulnerability management team.

• Strong technical understanding of multiple security domains (Identity and Access Management, Data Protection, Networking, Endpoint Protection, Application Security as well as Security Operations).

• Proficient in using vulnerability management platforms such as Tenable, Kenna, Qualys, or Rapid7.
• Good understanding and practical experience of Cyber Security Frameworks and standards, e.g. NIST.
• Excellent senior stakeholder and 3rd party management skills.
• Strong understanding of information security concepts, technologies, and best practices.
• Excellent problem-solving and analytical skills with effective communication and presentation abilities.
• Working knowledge of OWASP, MITRE, CVSS and other standards/frameworks relevant to vulnerability management.
• Experience in assessing and managing risks and implementing required mitigation strategies.
• Ability to manipulate data, extract insight and provide reporting to key stakeholders for actionable tasks.
• Previous experience of working within a regulated environment in the financial services industry desirable.
• Able to maintain composure and professionalism in pressurised, stressful, and uncertain situations.
• Ability to listen, communicate, constructively challenge, and influence team members, immediate peer group, Operational Resilience function senior leadership team and business management / executives.
• Proactively seek to generate ideas for new ways to improve.
• Understands and accepts the relevance of others’ views and is prepared to change and be open to collaboration.
• Continually analyses and evaluates own performance to identify areas for improvement.
• Takes personal responsibility for self-development.
• MS Excel and MS Power BI proficiency preferable.
• Relevant certifications (e.g., CISSP, CISM, CompTIA Sec+) are a plus.

About Royal London

We are the UK’s largest mutual life, pensions, and investment company, offering protection, long-term savings and asset management products and services.

Our People Promise to our colleagues is that we will all work somewhere inclusive, responsible, enjoyable and fulfilling. This is underpinned by our Spirit of Royal London values of: - Empowered, Trustworthy, Collaborate, Achieve. 

We have always been proud to reward employees by offering great workplace benefits such as 28 days annual leave in addition to bank holidays, an up to 14% employer matching pension scheme and private medical insurance. You can see all our benefits here - Our Benefits