Address
Form of work
SalaryNationwide is the world’s largest building society and it’s an exciting time to join us, as we evolve to a new future that sees us accelerate delivery of value to our 16.3 million Members and engage our 18,000 colleagues around new ways of working.
We are looking for a (Senior) Security Consultant (dependant on skills and experience) to work in our Security Consultancy team. This role sits within our Security & Resilience function where our stated mission is ensure that, ‘with our colleagues, we make sure services, money and data are available and secure at all times’.
At Nationwide we offer hybrid working wherever possible. More rewarding relationships are supported through our hybrid approach, bringing colleagues together across our UK wide estate, whilst also supporting generous access to home working. We value our time in the office to solve problems, to learn, and to feel connected.
For this job you'll spend at least two days per week, or if part time you'll spend 40% of your working time, at one of our offices. If your application is successful, your hiring manager will provide further details on how this works. You can also find out more about our approach to hybrid working here.
If we receive a high volume of relevant applications, we may close the advert earlier than the advertised date, so please apply as soon as you can.
What you’ll be doing
As a Security Consultant you will be accountable for ensuring that services and change initiatives in the business areas you are aligned to are delivered in a secure and compliant manner. You’ll be working in a matrix manner with our business, change and delivery teams, supporting everything from small technology changes to major transformation programmes, driving implementation of our Security and Resilience strategies and policies in a positive and pragmatic manner which enables our colleagues to deliver their business objectives. To do this, you will be:
- Conducting security risk assessments and providing recommendations on appropriate controls to ensure services and systems operate within risk appetite;
- Assessing the impact of change initiatives and issuing appropriate security requirements to ensure compliance with security policy and standards;
- Advising on the implementation of security control requirements, ensuring the design and approach of these both achieve the desired security outcome and are operationally viable;
- Supporting change initiatives in navigating and utilising our central security services, including security monitoring, penetration testing and access management;
- Assuring that security control requirements are met, in conjunction with our Application Security Testing team, through the project lifecycle;
- Acting as the initial point of contact for all security and resilience related questions, queries, challenges and escalations for your aligned areas;
You will need to build strong relationships with colleagues across multiple areas, working collaboratively and proactively, to ensure Security & Resilience is effectively embedded in all projects and programmes.
About you
As a Security Consultant you will be a subject matter expert for IT Security and Information Security, with developed people skills. As a minimum you’ll:
- Have experience in Security Consultancy role, or a related discipline e.g. Security Governance Risk and Control or Operations;
- Have a relevant professional qualification (or be working towards certification), such as Security+ / Network+ / CISM / CISSP.
- Have a developed understanding of risk and control methodologies and experience of practical risk assessment (ideally but not essentially in a security environment);
- Have knowledge and understanding of relevant industry standards, frameworks and best practice, e.g. ISO / NIST / COBIT / COSO;
- Be a resilient and highly motivated self-starter, with demonstratable robust judgement, decision making and creative problem-solving ability;
- Be able to understand and assess the security elements of technical designs / solutions and have a proven ability to constructively challenge to deliver better business and security outcomes;
- Have the ability to communicate complex risks / issues to technical and non-technical stakeholders to influence critical business decisions.
It would be nice if you also had:
- Previous experience in working in UK Financial Services or similar highly regulated industry;
- Knowledge / experience of PCI-DSS, including PCI-P qualification;
- Knowledge / experience of Data privacy and GDPR;
- Knowledge / experience of Operational Resilience and Business Continuity, including new regulatory requirements;
- Knowledge / experience of cloud security (AWS/Azure), e.g. web components integration, containerisation (such Docker, Kubernetes, OpenShift) and APIs;
- Knowledge / experience of threat modelling and threat assessment;
- Experience working in an Agile or DevSecOps methodology/tools e.g GIT, Maven/Gradle, Jenkins, Nexus, Terraform, Ansible.
Our Customer First behaviours are all about putting customers and members at the heart of how we work together. You can strengthen your application by showing the behaviours that resonate with you, and how you might have already demonstrated these.
- Say it straight - This is about being honest and direct with good intent and saying what needs to be said in the room. It’s also about being clear, precise, and using language that we and, importantly, our customers and members can understand.
- Push for better - This is about aiming high and constantly looking for better in how we work together and serve our customers and members.
- Get it done - This is about prioritising what will have the greatest impact, being decisive and taking accountability for delivering on the end-to-end outcome.
We know applying for jobs can sometimes feel like you’re sending an application into a black hole. We review each application individually. So, it’s a good idea to call out your most relevant experience on your application to give yourself the best chance.
The extras you’ll get
There are all sorts of employee benefits available at Nationwide, including:
- A personal pension – if you put in 7% of your salary, we’ll top up by a further 16%
- Up to 2 days of paid volunteering a year
- Life assurance worth 8x your salary
- A great selection of additional benefits through our salary sacrifice scheme
- Gympass – Access to a range of free and paid options for health and wellness.
- Access to an annual performance related bonus
- Access to training to help you develop and progress your career
- 25 days holiday pro rata
What makes us different
Nationwide is the world’s largest building society. With over 15 million customers, we have a relationship with almost a quarter of the UK’s population. We’ve got the scale to compete with the big banks, but we’re not a bank.
As a building society, we’re owned by our members – that’s our customers who have their current account, mortgage or savings with us. It means we can do things differently to deliver our Purpose – Banking – but fairer, more rewarding, and for the good of society.
When you work at Nationwide, you can experience that difference for yourself. You’ll be part of a high-performing, purpose-driven organisation that offers rewarding career experiences and a highly competitive range of benefits to match. You’ll also be joining us at an important time as we seek to reach more and more people in the UK. We want everyone in the UK to know that they don’t have to bank with a bank. They can choose a modern mutual instead.
What to do next
If this role is for you, please click the ‘Apply Now’ button. You’ll need to attach your up-to-date CV and answer a few quick questions for us.
We respond to everyone, so we will be in contact shortly after the closing date to let you know the outcome of your application.
#LI-Post
