Job Description

Salary & Benefits: £61,911 - £103,389 base salary,(Depending on location and experience) annual discretionary personal bonus, 15% employer pension contribution (maximum amount when you put in 6%), 4% flexible cash pot (option to use across range of benefits), private medical insurance, 30 days holiday plus bank holidays.



We're the UK's largest Digital, Retail and Commercial Bank with a focus on Helping Britain Prosper. We're innovating products that help transform customer journeys - making millions of people's lives simpler and better, all over the country, every single day.


There's never been a better time to be part of change - help us reinvent the boundaries of banking, and we'll invest in your continued development, so you can craft your future career. We're committed to employing a diverse and inclusive workforce, reflective of the customers and communities we serve - where all our colleagues can be themselves and succeed on merit.


A little about our Cyber Security team here at Lloyds:


Cyber Security sits at the heart of our business providing the Group with a secure operating environment, safe from malicious attacks or the abuse of privileged access and promoting the secure use of IT across the Group.

It is a dynamic and constantly evolving world where your knowledge and efforts can deliver tangible results to the safety of a huge company and over 30m customers.


Who are we and what we do?


The 3rd Party Resilience & Security team are a key part of CSO ensuring our suppliers are operating to a minimum of our resilience & security standards and are continuing to grow. No day is ever the same. We provide wide ranging advise on ways to improve how we and our suppliers keep the bank safe. We work closely together looking at different areas of the Bank and suppliers to help drive down the supply chain risk.



Being a diverse group of people, from many different backgrounds, we celebrate our differences. We also share a common vision to offer new insight, support, and challenge to senior management.


It's no surprise then that we're looking for people who are up for challenge, have a drive for improving the business and themselves, love learning and are flexible. Your experience will be invaluable to us, whether it is already in a resilience & security or supplier role! In return, you can expect to get great development opportunities, be empowered to try new ways of working in a diverse growing team, and an opportunity to work across the Bank.


So, what would you be doing?


You'll use Intelligence to support how the team handles the risks from Third Parties, challenging and advising on decision making. Taking a forward view of how continual assurance can improve the efficiency of the team and Third Party risk management.

Is recognised by peers as a highly capable security & resilience subject matter authority and has strong practical experience of leading or providing oversight of supplier assurance.

Brings significant and in-depth knowledge of specific Cyber Security applications and/ or processes (essential). Acts as a domain authority and is 'on point' to provide support and mentorship as required (Such as in an incident scenario).

Identifies and evaluates sophisticated expertise-led solutions / supplier evidence against a range of criteria to find the ones that best meet business needs and supports the closure of remediation activity.

Provide guidance and interpretation of security findings from monitoring and assurance activities, working with relevant internal teams and suppliers as appropriate to ensure successful and timely completion of agreed actions.

To cultivate informal networks for collecting intelligence from peers in different organisations.


A little about you:

The ideal candidate will have resilience & security experience, preferably backed up technical and stakeholder management skills. You'll be a good communicator, in both written and verbal forms, and able to engage with a diverse range of colleagues and external contacts. The ability to identify risks and how to handle them is a core part of this role as is being able to work with suppliers to close out any remediation.


Essential:

Demonstrable capability and knowledge of Resilience and/or Cyber Security including recent experience of working in these areas.

A thorough understanding of control environments and risk management methodologies.

Strong interpersonal skills including a demonstrable ability to communicate in both written and verbal form.

Effective influencing and strong stakeholder management capabilities.


Desirable:

Experience of working with the Supply chain and/or Third Parties.

Relevant qualifications such as CISMP, CCSK, CISM or CISSP.


What will you get in return?


You'll get the stretch and opportunity to learn new technologies within a well-funded organisation and take your next step up the career ladder into bigger and more complex roles. You'll also will also enjoy a diverse, energising, and informal environment that focuses on teamwork and providing equal opportunity with working patterns beyond the standard 9-5.


We're committed to building a workforce which reflects the diversity of the customers and communities we serve. Join us and be part of an inclusive, values-based culture focused on making a difference.


If this opportunity sounds like a great match we'd love to hear from you! Together we make it possible.



We'll ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.

Quick response

Required Knowledge

• K0001   Knowledge of computer networking concepts and protocols, and network security methodologies.
• K0002   Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).
• K0004   Knowledge of cybersecurity and privacy principles.
• K0005   Knowledge of cyber threats an`d vulnerabilities.
• K0066   Knowledge of Privacy Impact Assessments.
• K0147   Knowledge of emerging security issues, risks, and vulnerabilities.
• K0038   Knowledge of cybersecurity and privacy principles used to manage risks related to the use, processing, storage, and transmission of information or data.
• K0048   Knowledge of Risk Management Framework (RMF) requirements.
• K0054   Knowledge of current industry methods for evaluating, implementing, and disseminating information technology (IT) security assessment, monitoring, detection, and remediation tools and procedures utilizing standards-based concepts and capabilities.
• K0126   Knowledge of Supply Chain Risk Management Practices (NIST SP 800-161)
• K0149   Knowledge of organization's risk tolerance and/or risk management approach.
• K0169   Knowledge of information technology (IT) supply chain security and supply chain risk management policies, requirements, and procedures.
• K0624   Knowledge of Application Security Risks (e.g. Open Web Application Security Project Top 10 list)
• K0148   Knowledge of import/export control regulations and responsible agencies for the purposes of reducing supply chain risk.
• K0154   Knowledge of supply chain risk management standards, processes, and practices.
• K0165   Knowledge of risk/threat assessment.

Required Skills

• S0027   Skill in determining how a security system should work (including its resilience and dependability capabilities) and how changes in conditions, operations, or the environment will affect these outcomes.
• S0086   Skill in evaluating the trustworthiness of the supplier and/or product.

Required Abilities

• A0046  Ability to monitor and assess the potential impact of emerging technologies on laws, regulations, and/or policies.
• A0083  Ability to evaluate information for reliability, validity, and relevance.
• A0023  Ability to design valid and reliable assessments.
• A0009  Ability to apply supply chain risk management standards.