2 jobs found

Vulnerability Management Oversight and Governance Analyst Banking Hybrid: 3 days onsite in London per week 6 months £487 per day In short: Due to a recent audit, we require a Vulnerability Management Analyst to assess our current processes and strategy and re-align, where necessary, to meet regulatory requirements. Job purpose: Support the oversight, governance, and enhancement of vulnerability management activities within The Bank. Lead smaller-scale projects independently, analysing and developing frameworks and procedures, ensuring alignment with regulatory requirements and industry best practices. Analysing reporting on vulnerability management from third parties, identifying areas of risk for escalation and ensuring their posture remains within our risk appetite. Refining metrics and reporting on vulnerability management, ensuring effective reporting and understanding of resilience risks. Engage with stakeholders on operational and tactical matters, supporting the VP in strategic initiatives and remediation oversight. Background: Security and Operations exist to ensure that the Bank's security risks are managed and aligned with business objectives, enabling sustained growth and preventing harm, damage, or loss to its people, information, or assets. This AVP role within the Cyber Resilience Team offers an opportunity to drive the enhancement of oversight of vulnerability management activities and contribute to the bank's ongoing regulatory compliance under DORA and other regimes. The AVP will work closely with the Threat and Vulnerability Management Lead (VP), supporting strategic initiatives while leading operational delivery. Responsibilities: Oversight of services provided by third parties, and vulnerability management activities within the Bank. Provide insights into vulnerability management performance, maintain records, track key metrics, and escalate issues as needed. Engage with stakeholders across London, the region, and globally, contributing to governance forums and remediation efforts. Review and enhance frameworks and procedures to strengthen our approach and ensure ongoing regulatory compliance. No direct reports. No budget responsibility. Accountabilities: Lead oversight of vulnerability scanning and vulnerability management activity, ensuring regulatory compliance and resilience assurance. Lead gap analysis and enhancement of frameworks and procedures on vulnerability management to enhance effectiveness. Drive engagement with key third party service providers on vulnerability management, supporting effective reporting and SLA adherence. Assist in designing and implementing policies, procedures, and frameworks related to testing and vulnerability management. Refining and reporting on key metrics and contribute to governance forums, ensuring visibility of risks and progress. Analysing reporting on vulnerability management from third parties, identifying areas of risk for escalation and ensuring their posture remains within our risk appetite. Knowledge/Skills/Experience: Solid understanding of frameworks such as NIST, ISO27001, OWASP, CVSS. Formal security certifications desirable: CompTIA Security+, CISM/CISSP/CRISC beneficial. Working knowledge of regulatory requirements including DORA, CBEST, and BoE Operational Resilience. Degree in computer science or similar, or equivalent work experience. Approximately 3 years' experience in a relevant cyber security field within a regulated environment, ideally Financial Services. Strong stakeholder engagement and communication skills, with ability to convey technical issues to non-technical audiences. Analytical and problem-solving skills with attention to detail. Experience in vulnerability management programmes and remediation delivery, including working knowledge of scan tools. Familiarity with risk management practices and basic coding/automation skills. Candidates will ideally show evidence of the above in their CV in order to be considered. Please be advised if you haven't heard from us within 48 hours then unfortunately your application has not been successful on this occasion, we may however keep your details on file for any suitable future vacancies and contact you accordingly. Pontoon is an employment consultancy and operates as an equal opportunities employer. We use generative AI tools to support our candidate screening process. This helps us ensure a fair, consistent, and efficient experience for all applicants. Rest assured, all final decisions are made by our hiring team, and your application will be reviewed with care and attention.

Regulatory Analyst - DORA Hybrid Our client, a leading financial services organisation, is seeking a Regulatory Analyst with strong expertise in Digital Operational Resilience (DORA) and European cyber regulations. As a subject matter expert, you will drive DORA implementation, collaborate with operational resilience teams, and influence policies, controls, and risk frameworks to safeguard critical business services. Key Responsibilities Regulatory Assurance (DORA): Lead gap analyses and implement solutions to ensure full DORA compliance . Embed DORA's six pillars: ICT Risk Management, Incident Reporting, Resilience Testing, Information Sharing, Third Party Risk, and Governance . Collaborate with operational resilience and business continuity teams. Design and execute testing initiatives to measure cyber and digital resilience. Assess third-party resilience as part of TPRM efforts. Partner with IT and Risk stakeholders on cross-functional initiatives. Act as a subject matter expert and champion of digital resilience. Policies & Standards: Develop and evolve policies to align with both local and enterprise-wide regulatory requirements. Contribute to the information security policy framework . Governance & Controls: Support ongoing control maintenance and internal audits. Work with stakeholders to assess risk and strengthen mitigation strategies . Build deep expertise around regulated business services . What You Bring Expertise & Education: Degree in IT, Information Security, Risk Management or a related field. Strong knowledge of DORA, NIS2, and UK/EU cyber regulations . Familiarity with frameworks: ISO27001, NIST, COBIT, CAF . Recognised certifications such as CISSP, CISM, CISA, CRISC, CTPRP . Experience with European financial regulations (BaFin, AMF, etc.). Proven background in information security, audit, or risk management . Skills & Traits: Financial services experience with strong awareness of cybersecurity trends . Proactive problem solver with excellent analytical skills . Collaborative with strong stakeholder management abilities .