Head of Security Governance Risk & Controls at Nationwide Building Soc

Head of Security Governance Risk & Controls at Nationwide Building Society For this Senior Executive Role, reporting into the Director of Security, we want someone to grow, develop & lead the newly formed Security Governance, Risk & Controls capability within Security, resulting in a fully integrated function comprised of security professionals within the team working across the entire organisation. You'll be able to build the right relationships with the rest of the Nationwide Communities to make sure we're talking early and often about the big changes that need to be delivered securely for our members and colleagues. This Senior Executive role will shape the culture at Nationwide, educating colleagues about the importance of taking all elements of Security seriously. As a building society, we're run for and on behalf of our members. Not shareholders. This means that we reinvest our profits back into products and services to improve our members' lives. It also allows us to invest in the latest security technology whilst being at the cutting edge of API, Cloud, Agile and DevOps ecosystems., * leading the identification, prioritisation and development of improvement plans for security risks and controls across Nationwide. * horizon scanning to stay up to date with the very latest security initiatives. This is done through networking with peer organisations and with entities such as the National Cyber Security Centre to anticipate new threats and ensure our Risk and Control framework is developed and maintained appropriately. * identifying and agreeing society wide risk metrics and creating an appropriate controls framework to manage this. * ensuring all Communities are aware of and abide by their security responsibilities. Particularly with respect to measuring and maintaining controls operated or overseen within their Community to agreed standards. * acting as an empowered deputy to the Director of Security in providing trusted advice up to the Board and ExCo, on Security risk and controls and appropriate mitigation strategies. * relationships with internal & external stakeholders to monitor and measure security control performance across Nationwide operated and third party operated control. * working collaboratively with the Operations & Delivery Risk Director and their team, to understand and embed an approach to Security that is in line with the Operational and IT risk management framework, identifying and managing risk themes, emerging risks and outside of appetite risks. * building, lead and develop teams of subject matter experts to drive people capability and high levels of personal performance, as well as driving employee engagement culminating in positive Viewpoint scores. The suitable person will have or be able to demonstrate: * A background in Security within the Financial Services industry. Most likely a professionally qualified Information Security and risk management professional * A well-developed understanding of security risk and controls associated with large and complex IT; Cyber and Physical Security operations * Significant business experience at a senior management level * Outstanding leadership qualities, to inspire your teams and with the ability to seek out new opportunities, build a strategic "vision" and influence to enable organisational buy-in and implementation * Strong analytical and communication skills with the ability to advise, prioritise and measure success combined with the aptitude to choose correctly from alternative solutions in new and varying circumstances * Excellent Relationship management and Stakeholder management skills (up to board level) * Being engaged with external information sources and being well networked with the industry to ensure our risk and control assessment remains current and any change in risk or threat level is understood. What you'll be doing Working alongside the Director of Security, you and your team will be a key change agent in a fundamental mindset shift in the organisation. You will take ownership of our security risk and controls measurement, monitoring and defined target state and ensure they are embedded through the organisation. This is highly likely to be a multi-year journey, but requiring progress at pace. Timeframes will range from immediate and critical responses, but more typically the timeframe will be 3 to 6 months, against a 3 year strategy. * Competitive package * Full time, permanent contract * Send in your application by 23 rd of April 2018 Nationwide's reputation depends on the trust of our members. The ever-increasing volume of customer data brings with it exposure to a growing number of issues and challenges across the organisation. Particularly significant is the risk and the associated threats of a cyber-attack.