Senior Risk Analyst

Location
UK-ENG-London
Salary
Competitive
Posted
18 Oct 2019
Closes
18 Oct 2019
Ref
002722
Clearance Level
None / Undisclosed
Sector
Banking
Job Type
Permanent
The world of payments is changing rapidly. New innovative technologies are being developed to meet the changing needs but these can give rise to new threats to users of the payments system, and to the stability of that system as a whole. This means that we need ever stronger protections and more resilient infrastructure.

The Real-Time Gross Settlement System (RTGS) lies at the heart of UK payments. In total, RTGS settles around £600bn of payments each day which is close to the UK's annual GDP every 3 days. The RTGS infrastructure is over 20 years old and, despite its excellent operational record, it needs to be modernised and developed to meet today's needs. Balancing the safeguarding of stability whilst enabling innovation.

The RTGS Renewal Programme has been established to develop the next generation of the Bank of England's Real-Time Gross Settlement (RTGS) system. The way payments are made has changed dramatically in recent years, reflecting changes in the needs of households and companies, changes in technology, and an evolving regulatory landscape. The range of payment providers is growing rapidly. Given the implications of these changes for the Bank's mission and for users, businesses and regulators, it is important that the Bank consider how RTGS will need to evolve to meet and shape payments trends in the coming decades.

Role Description


An opportunity has arisen for a highly motivated security professional to join the RTGS Renewal Programme's Security team as our Senior Risk Analyst. The role will span security risks across three main domains:

  • Third Party/Supply Chain: building security into procurement and supply chain decisions made by the Renewal Programme. Specifically, developing a security risk management approach to manage security risks with the selected Technology Delivery Partner (TDP).
  • Programme Security: embed Security into business-as-usual (BaU) operations as the Renewal programme grows. Conduct risk assessments utilising industry leading guidance and develop enhanced security controls with a particular focus on personnel security.
  • Security by Design: conduct security assessments of key RTGS Renewal design decisions and identify/develop processes for conducting security assessments of design artefacts where required.
The role will report directly into the Security Manager for the RTGS Renewal and work closely with the Bank's wider security teams. In addition to security risk management, the candidate will also be responsible for various aspects of security governance, education and intelligence, drawing upon the wider resources of the Bank and influencing cyber policy to meet the needs of the Programme. As a risk custodian for all aspects of cyber, personnel security and privacy, it will be their role to drive a strong security awareness culture across the Programme and wider within BPI.

The role will involve close liaison with Market Services Division and their work delivering end-to-end, systemic cyber risk management for RTGS and the CHAPS scheme. The post holder will be expected to contribute to our understand of the risks to the cyber resilience of the core payment systems provided by MSD and together with the Programme Security Lead, act as a bridge to ensure that systemic security risks are well considered in the Programme's approach to security. A good understanding of risk management is essential, as are excellent communication skills. Internal engagement within the Bank will be required at multiple levels across the programme and operations, including reporting to senior stakeholders at Board level. 

Scope of the role:

  • Current programme operations: Management of the security risks posed to the Bank's delivery of the RTGS Renewal Programme;
  • Third party risks: Management of the security risks that exist in the Bank's partnership with the Technology Delivery Partner. This includes compliance to Bank security requirements and identification/management of security risks.
  • System design: Management and execution of bespoke security risk assessments especially during solution build.
  • Secure Development Practices: ensure security best practice is embedded into the delivery framework (including Software Development Lifecycle) for the Programme.
  • Service Delivery: Deliver projects to support the secure day-to-day delivery of payment and settlement services by the Bank, especially CHAPS.
  • SME knowledge: Providing subject matter expertise in helping to shape the future state of the control environment for a renewed and resilient RTGS in conjunction with other SMEs across the division.

Role Requirements

Essential Criteria

  • A credible security risk specialist with a track record of security risk and policy, strategy, governance and broader risk management knowledge.
  • Experience of working with risk management frameworks, and an understanding of risk tolerance, KRIs and the effective reporting and communication of business risks to senior stakeholders.
  • Experience of capturing and interpreting security risks across domains (Cyber, Personnel, Physical) and reliably communicating to business stakeholders.
  • A clear understanding of payment systems and systemic risk management, considering both direct and indirect risk (i.e. those internal to the Bank, and external risks owned by third parties).
  • Ability to provide robust challenge to key security risks, seeking appropriate mitigation actions to be put in place.
  • Strong leadership skills with the ability to lead the delivery of a security risk framework for the team including guiding them through a changing environment.
  • Strong communication skills (written, verbal and presentational) and the ability to tailor to different audiences.
  • Strong organisation skills and attention to detail, with the ability to deal with conflicting deadlines and priorities, escalating to others where appropriate.
  • Evidence of ability to use judgement and provide sound justification for decisions.

Desirable Criteria

  • Line management experience of staff with a range of levels of experience.
  • Good process management skills to design, set up and run processes that are sound and transparent.
  • Strong internal stakeholder management skills to enable effective interaction with senior management within the Directorate and across the wider Bank.
  • Experience of intelligence analysis and production.
  • A supportive team player who is able to work autonomously, challenge constructively and handle a diverse portfolio of activities.
  • Demonstrable experience of a commitment to promoting diversity & inclusion initiatives.
  • Previous experience of Developed Vetting (DV) Security Clearance or willingness to obtain.

We encourage applications even if all the criteria are not met. If you think you can only do some of the role, we still want you to apply.

This role offers a base salary of up to £57,330 (subject to experience and skillset). The total package also includes:
  • A non-contributory, career average pension giving you a guaranteed retirement benefit of 1/95th of your annual salary for every year worked.
  • A discretionary performance award.
  • A 7% benefits allowance with the option to take as salary or purchase a wide range of flexible benefits.
  • 25 days annual leave with option to buy up to 13 additional days through flexible benefits.
  • Private medical insurance and income protection insurance.

We anonymise applications so hiring managers will not be able to see your personal information such as name and address when reviewing your submission, including your CV. Please fully complete the application form questions as requested because incomplete submissions may not be reviewed.

We continue to build an inclusive culture where everyone can be their whole selves and produce their best work. Our focus on inclusion is intended to build greater diversity in order to reflect the society we serve and be an employer of choice.

The closing date for applications is 10 November 2019 .

Please apply online, ensuring tha t you answer the application questions and submit your CV.

Similar jobs

Similar jobs