In this role, you will support the development and execution of risk assessments, internal controls, and security initiatives across the organisation. You’ll work closely with internal stakeholders and external partners to ensure our technology environment remains secure, compliant, and resilient.

This position involves conducting reviews of varied scope and complexity, recommending process improvements, and leading security and infrastructure projects. You’ll also play a key role in shaping our information security framework and ensuring adherence to IT security standards.

Key Responsibilities

Policies and Standards

Represent the business unit in the development of policies and standards. Develop and maintain policies and procedures aligned with the Information Security Framework.

Governance and Controls

Support ongoing risk and control consulting activities in line with internal standards and regulatory requirements. Collaborate with stakeholders to evaluate control environments and recommend improvements. Coordinate assessments, control testing, and remediation efforts with internal teams and third parties.

Exception Management

Build and manage security exceptions to support business and technology needs. Track and report on exception statuses to ensure visibility and accountability.

Supplier Risk Assessments

Evaluate supplier security through SOC reports, SSAE documentation, and site reviews. Maintain vendor risk records and support continuous improvement of assessment processes. Coordinate vendor risk assessments in collaboration with relevant teams.

Security and Infrastructure Project Consulting

Define project scope, goals, deliverables, and timelines. Provide security consulting throughout the project lifecycle. Monitor project progress and report to stakeholders. Develop and maintain the Secure Design Consulting framework and apply it to qualifying projects.

What We’re Looking For

Technical Skills & Experience

Bachelor’s degree in Computer Science, MIS, or a related field. Experience in information security, risk management, or audit (or equivalent education/training). Strong understanding of security frameworks and regulations (e.g., ISO, NIST, COBIT). Familiarity with the financial services industry is desirable. Relevant certifications such as CISSP, CISM, CISA, CRISC, CTPRP, CEH, or PMP. Experience with project management methodologies (Prince2 preferred).

Personal Attributes

Excellent communication and interpersonal skills. Strong organisational and analytical abilities. Self-starter with a collaborative mindset. Professional, customer-focused, and eager to learn. Willingness to travel as required.