Chief Information Security Officer

At OakNorth, our mission is to empower the UK's most ambitious businesses. Since launching in 2015, we've lent over $21bn across the UK and US, supported the creation of more than 58,000 new homes and 36,000 jobs, and helped hundreds of thousands of personal savers - all while operating within one of the most highly regulated environments in financial services.

As Chief Information Security Officer (CISO), the role holder is responsible for leading the Bank's cybersecurity function and overseeing technology risk across the UK, US, and India. This includes defining and executing a comprehensive security strategy and programme to ensure the confidentiality, integrity, and availability of the Bank's systems, data, and services.

Principal responsibilities:

• Manage Cybersecurity for the OakNorth Bank by establishing and implementing strategy and program to ensure that information assets and technologies are adequately protected.
• As CISO across our global footprint (UK, US, India) you will be tasked with building and maintain best-in-class:
• Security Strategy aligned with global cybersecurity frameworks with strong execution and program management approach.
• Build and maintain effective security controls to protect the bank from the emerging threats posed by new technologies such as AI.
• Integrated security engineering and architecture program that works collaboratively with the IT, DevOps, Engineering and Product teams to ensure that security is embedded in the design.
• Security operations: Real-time analysis of immediate threats and triage when something goes wrong.
• Handle security incidents as and when they arise, ensuring the response is robust and thorough and underlying issues are addressed so that the security posture of the group becomes increasingly resilient over time.
• Cyber risk and cyber intelligence: Keeping abreast of developing security threats and helping the board understand potential security problems that might arise from acquisitions or other big business moves
• Data centric security: Design and Implement data-centric security with a focus on protecting sensitive data.
• Application Security and Vulnerability Management program: Design and implement an application security program integrated with the application development lifecycle to detect and remediate any application vulnerabilities earlier in the life cycle. Implement a robust vulnerability management program to ensure that vulnerabilities are managed.
• Cloud Security: Design and implement a cloud security architecture to meet the security requirements for IaaS, SaaS and PaaS ecosystems.
• Security engineering: Planning, buying, and rolling out security hardware and software, and making sure IT and network infrastructure is designed with best security practices in mind
• Oversee the key technology and data risk across the bank to ensure that the key risks and controls are effective.

What we are looking for:

• Hands on experience in building security strategy and strong execution through security engineering and architecture for a cloud-native organisation.
• Experience leading teams across geographies.
• Very good understanding of cloud and other technologies from the network up
• Very good understanding of the latest AI tools, there threats and opportunities
• Experience in managing security operations and application security programs
• Ability to lead second line technology risk functions overseeing the groups technology and data risks.
• Build and lead an excellent security team
• Work on an ongoing basis with senior management and other stakeholders in particular the CTO and CRO, keeping them fully informed and giving them all the information, they need to make good judgements about security-related matters
• Present on cyber security to the board and be able to provide confidence to the CRO that risks are being treated with a correct level of diligence

Benefits & Perks:

• Equity. We want people to have a stake in the business so that all our interests are aligned.
• 25 days holiday
• Personalized benefits - opt-in to what matters to you
• Subsidised Private Medical Insurance with Bupa
• Enhanced maternity and paternity leave
• Wellbeing and social events
• In-house Barista Bar in London office
• Support causes that matter to you - Volunteering time off
• Salary sacrifice schemes (Cycle to work, nursery, gym, electric car scheme)

We may use artificial intelligence (AI) tools to support parts of the hiring process, such as reviewing applications, analyzing resumes, or assessing responses. These tools assist our recruitment team but do not replace human judgment. Final hiring decisions are ultimately made by humans. If you would like more information about how your data is processed, please contact us.