Job Description

Senior Analyst, Cyber Risk in CYBER RESILIENCE - ( 010029 )
Primary Location UK-ENG-London
Job Risk
Organisation 652000 - SRD
Job Posting 01-Dec-2023, 3:52:04 AM



The Bank of England is the UK\'s central bank. Our mission is to deliver monetary and financial stability for the British people.

The Bank of England is a diverse organisation. Each of its 4,000 people are committed to public service and dedicated to promoting the good of the people of the United Kingdom by maintaining monetary and financial stability.

On 1 April 2013 the Prudential Regulation Authority (PRA) became responsible for the prudential regulation and supervision of banks, building societies, credit unions, insurers and major investment firms. The PRA was created by the Financial Services Act (2012) and is part of the Bank of England.

As a directorate of the PRA, the Supervisory Risk Specialists (SRS) provides deep technical expertise and applies judgement in specific risk disciplines in order to identify, analyse and mitigate material risks to the safety and soundness of PRA regulated firms. SRS also supports the wider Bank through providing risk specialist expertise to a range of functions including policy development and implementation, the Bank\'s concurrent stress tests and the supervision of central counterparties.


SRS comprises five divisions:

• Credit, Risk, Analytics, Liquidity and Capital (CRACL)
• Investment Banking and Sector Risks (IBSR)
• Model Development and Review (MDRD)
• Operational Risk & Resilience (ORRD)
• Sector Resilience Division (SRD)

Department Overview
The SRD sits within SRS and leads the work on the resilience of the sector to a range of non-financial risks, including cyber resilience. The purpose of this work is to ensure that critical economic functions are delivered to the levels that the Bank expects. This is exciting work in an area with significant focus globally among central banks, regulators and government agencies. As a priority, we resolve importance of firms and their exposure to threats, assessing cyber resilience, developing assurance tools, and improving the UK\xe2\x80\x99s resilience through working with national and international partners


An opportunity has arisen for a Senior Cyber Analyst to join the Cyber Resilience Team (CRT) in SRD. You will deliver cyber risk and cyber resilience reviews, using the supervisory cyber approach to deliver the supervisory agenda in the context of Operational Risk and Operational Resilience. The role is well suited to someone with a solid understanding of cyber risk management and information security and understanding of the PRA\xe2\x80\x99s approach to Operational Risk and Operational Resilience.

You will play a key role in delivering cyber reviews and supporting the design and maintenance of our supervisory cyber assessment toolkit. This also includes engagement with a diverse set of stakeholders, the industry, and other UK and international authorities and regulators. This includes:

• Provide a subject matter expert view in what good cyber risk and resilience looks like referencing regulations, good practice international guidelines and standards;
• Lead with the support of seniors the implementation of supervisory cyber assessments (including CBEST and CQUEST).
• Present on the progress of cyber assessments, findings and monitor remediation activities;
• Support the development of the PRA\xe2\x80\x99s cyber strategy and contribute to its development in line with the PRA statutory objectives.
• Support data and analytics efforts to implement a data-driven approach to cyber risk and resilience assessments, including identifying, analysing, and reporting gaps and vulnerabilities to inform business risk assessment. Thematic analysis to drive sector-wide assessments and understand implications for Operational Resilience.
• Support engagement with UK financial sector authorities, intelligence agencies, international regulators, the industry and service providers to discuss technical cyber matters and where our regulated firms are jointly supervised.

Role Requirements


Minimum Criteria

• Experience of delivering cyber resilience reviews and assessments, including:
  • cyber risk management, governance, and strategy;
  • cyber metrics, measures and reporting;
  • cyber incident management, response and recovery.
• Experience in scenario-based testing in the context of intelligence-led penetration testing, threat modelling or simulation exercises.
• Knowledge of relevant cyber security standards, best practice, and guidelines (e.g. ISO27001, NIST CSF, UK NCSC CAF, CPMI-IOSCO).
• Experience working as part of a complex projects or working across teams/areas to achieve positive outcomes.
• Project management skills, both project planning and risk management with capable to keep control of complex projects.
  
• Excellent analytical and problem-solving skills able to turn analysis into relevant output for the Bank.

Essential Criteria

• Excellent communication skills, both oral and written with the ability to draft briefings for senior partners.
• Be a highly motivated and independent thinker, capable to challenge confidently in new environments.
• Ability to represent the Bank and PRA credibly and professionally in both internal and external meetings in alignment with team seniors;
• Ability to work proactively and flexibly as part of a team and with wider colleagues;
• Be a highly motivated and curious individual, capable to challenge confidently in new environments; and
• A proven dedication to diversity and inclusion.

Desirable Criteria

• Experience in financial services regulation or within an outsourced provider to the finance sector;
• Sound understanding of banking operations and enterprise risk and control frameworks;
• Knowledge of the evolving cyber security regulatory landscape and the current challenges facing UK financial sector firms and authorities; and
• Experience with financial market infrastructure.
• Relevant professional qualifications and certifications (e. g. CISA, CISM, CRISC, CISSP, CSX, Lead auditor ISO 27001, Lead auditor ISO 22301)

Our Approach to Inclusion The Bank values diversity and inclusion \xe2\x80\x93 we want to reflect the society we serve better, we want the best people to work for us and we want our workplace to be inclusive. We value all forms of diversity, including but not limited to age, disability, ethnicity, gender, gender identity, race, religion and sexual orientation. One way we support diversity and inclusion is through our staff run networks. We are fully committed to having a diverse and inclusive working environment, and are open to considering how the role might be carried out with flexible working. This role is therefore open to job shares, flexible and part time working patterns. Where a role can be carried out from home, we are working towards colleagues spending at least half of their time in the office, so that we can all benefit from working together in person, while maintaining the flexibility offered by home working. From 6 June 2022, we expect colleagues to spend a minimum of 40% of their working time in the office per month. Subject to that minimum requirement, individuals and managers should work together to find what works best for them and their team. We are also committed to making adjustments for candidates and employees where possible, and have partnered with external expert organisations to support us in this. We are a member of the Disability Confident Scheme, and people who wish to apply under this scheme should check the box in the \xe2\x80\x98Candidate Personal Information\xe2\x80\x99 under the \xe2\x80\x98Disability Confident Scheme\xe2\x80\x99 section of the application. Salary and Benefits Information This specific role offers a base salary of circa \xc2\xa350,630 - \xc2\xa364,170 per annum (depending on skills and experience) on a full-time basis. We encourage flexible working, part time working and job share arrangements. Part time salary and benefits will be on a pro-rated basis as appropriate.

• In addition, we also offer a comprehensive benefits package as detailed below:
• A non-contributory, career average pension giving you a guaranteed retirement benefit of 1/95th of your annual salary for every year worked. There is the option to increase your pension (to 1/50th) or decrease (to 1/120th) in exchange for salary through our flexible benefits programme each year.
• A discretionary performance award based on a current award pool.
• A 8% benefits allowance with the option to take as salary or purchase a wide range of flexible benefits.
• 26 days\xe2\x80\x99 annual leave with option to buy up to 12 additional days through flexible benefits.
• Private medical insurance and income protection.

National Security Vetting Process Employment in this role will be subject to the National Security Vetting clearance process (and typically can take between 6 to 12 weeks post offer) and the passing of additional Bank security checks in accordance with the Bank policy. Further information regarding the vetting and security clearance requirements for the role will be provided to the successful applicant, and information about how the Bank processes personal data for these purposes, is set out in the Bank\xe2\x80\x99s Privacy Notice at Privacy and the Bank of England | Bank of England. The Application Process Important: Please ensure that you complete the \xe2\x80\x98work history\xe2\x80\x99 section and answer ALL the application questions fully. All candidate applications are anonymised to ensure that our hiring managers will not be able to see your personal information, including your CV, when reviewing your application details at the screening stage. It\xe2\x80\x99s therefore really important that you fill out the work history and application form questions, as your answers will form a critical part of the initial selection process.
The closing date for applications is Tuesday the 2nd January 2024 Please apply online, ensuring that you complete your work history and answer ALL the application questions fully and in detail as your application will not be considered if all mandatory questions are not fully completed. The assessment process will comprise of two stages. We anticipate first round interviews being scheduled for early January and successful candidates progressing to a second, final stage in mid/late January.