Multiple Cyber Risk Specialists roles – Supervisory Risk Specialists (SRS)

– (006383)

The Bank of England is the UK’s central bank. Our mission is to deliver monetary and financial stability for the British people. The Bank of England is a diverse organisation. Each of its 4,000 plus people are committed to public service and dedicated to promoting the good of the people of the United Kingdom by maintaining monetary and financial stability.

As a directorate of the PRA, Supervisory Risk Specialists (SRS) provides technical expertise and applies expert judgement across risk disciplines as part of the PRA’s integrated supervisory approach, in order to identify, analyse and mitigate material risks to the safety and soundness of PRA regulated firms.

SRS comprises four main divisions:

• Credit, Risk Analytics, Liquidity and Capital (CRACL)
• Investment Banking and sector risks (IBSR)
• Model Development and Review (MDR)
• Operational Risk & Resilience (ORRD)

Department Overview

The Operational Risk & Resilience Division (ORRD) sits within Specialist Risk Supervision (SRS) and leads the work on the resilience of the sector to a range of non-financial risks (e.g. cyber, technology failure). The purpose of this work is to ensure that critical economic functions are delivered to the levels that the Bank expects. This is exciting work in an area with significant focus globally among central banks, regulators and government agencies.
As a priority, we resolve the importance of firms and their exposure to threats, defining what good operational resilience looks like, developing assurance tools, and improving the UK’s resilience through working with national and international partners.

Job description

An opportunity has arisen for analyst with a cyber-focus to join the ORRD. This is an outstanding chance to take a specialist role in a unique team.

The post holder will provide a balance between technical and non-technical cyber resilience expertise. They will play a key role in leading supervisory cyber engagements including CBEST assessments, detailed cyber resilience reviews, and cyber thematic work. The risk specialist will also provide expertise to support the design of the wider cyber strategy and contribute to the engagement across the sector and with financial authorities and government institutions domestically and internationally, as required.

Key responsibilities include:

• Lead the implementation of cyber reviews and assessments (including CBEST and CQUEST).
• Provide supervisors with technical expertise and specialist judgment on financial institutions’ cyber resilience.
• Perform thematic analysis of CBEST results and present key themes and conclusions.
• Stay informed on the evolving regulatory landscape and emerging operational resilience challenges facing UK financial sector, with a focus on cyber resilience.
• Interface between cyber development and cyber assessment teams to support the development of cyber tools and practices to maintain their effectiveness and relevance as part of the supervisory strategy.
• Present on the progress and efficiency of cyber resilience assessments, as required.
• Maintain effective working relationships with the FCA, NCSC, CPNI and other organisations as relevant.
• Draft papers for relevant governance groups on key cyber risk and resilience trends and changes.
• Support cyber related activities within the Bank/PRA including consultation on cyber stress testing, work with industry groups (SIMEX, CMORG, etc.), briefings on cyber matters to senior management, etc.

Role Requirements

Minimum Criteria

• Experience of delivering cyber resilience reviews and assessments.
• Experience in scenario-based testing in the context of intelligence-led penetration testing, threat modelling or simulation exercises.
• Understanding and knowledge of relevant cyber security standards, best practice, and guidelines (e.g. ISO27001, ISO22301, NIST).
• Experience working as part of a project or working across teams/areas to achieve positive outcomes.
• Experience working with cyber and technology leaders (CISO, CIO, CTO, CRO, etc.) to assess cyber resilience of organisations.

Essential Criteria

• Excellent analytical and problem solving skills able to turn analysis into relevant output for the Bank.
• Excellent communication skills, both oral and written with the ability to draft briefings for senior partners.
• Be a highly motivated and independent thinker, capable to challenge confidently in new environments.
• Excellent project management skills, both project planning and risk management with capable to keep control of complex projects.

Desirable Criteria

• Understanding and knowledge of cyber-related regulation (e.g. PRA rulebook, EBA guidelines, NIS directive, CPMI-IOSCO, etc.)
• Experience in delivering IT security reviews and assessments (e.g. cyber control assessments, cyber hygiene reviews, cyber security compliance audits, etc.).
• Relevant professional qualifications and certifications (e.g. CISA, CISM, CRISC, CISSP, CSX, Lead auditor ISO 27001, Lead auditor ISO 22301)

The Bank values diversity and inclusion – we want to reflect the society we serve better, we want the best people to work for us and we want our workplace to be inclusive. We value all forms of diversity, including but not limited to age, disability, ethnicity, gender, gender identity, race, religion and sexual orientation. One way we support diversity and inclusion is through our staff-run networks, which are summarised here.

We are fully committed to having a diverse and inclusive working environment, and are open to considering how the role might be carried out with flexible working. This role is therefore open to flexible working patterns.

We are also committed to making workplace adjustments for all of our employees as needed, and also for candidates throughout all stages of the selection process. We are a member of the Disability Confident scheme, summarised here, and people who wish to apply under this scheme should check the box in the ‘Candidate Personal Information’ under the ‘Disability Confident Scheme’ section of the application.

We anonymise applications so hiring managers will not be able to see your personal information when reviewing your submission, including your CV. Please fully complete the application form questions as requested, as any incomplete submissions may not be reviewed.

The closing date for applications is 21 March 2022.

Reward Package

The Bank of England is a distinctive institution and our rewards are one of the things that set us apart. As well as enjoying a competitive salary you will work in a collaborative, inclusive environment, with a subsidised restaurant, flexible working opportunities and plenty of wellbeing initiatives.

The salary range for this vacancy is approximately £45,900 to £66,000, dependent on relevant skills and experience. In addition, the total reward package also includes:

• A non-contributory, career average pension giving you a guaranteed retirement benefit of 1/95th of your annual salary for every year worked. There is the option to increase your pension (to 1/50th) or decrease (to 1/120th) in exchange for salary through our flexible benefits programme each year.
• A discretionary performance award based on a current award pool.
• A 7% benefits allowance with the option to take as salary or purchase a wide range of flexible benefits.
• 25 days annual leave with option to buy up to 13 additional days through flexible benefits.
• Private medical insurance and income protection.

Please apply online, ensuring that you answer the application questions, complete the work history and submit your CV.