Description Hello, we're Starling. Banking was broken - so we decided to fix it. The vision? Fast technology, fair service and honest values. All at the tap of a phone, all the time. We built Britain's first digital bank. One hard-won banking licence later, we set about giving people a new way to spend, save and manage their money (and take better care of the planet, too). We're changing banking for good. Back then, we were obsessed with unravelling the knotty world of finance and solving people's problems rather than selling them stuff. We still are. Since then, we've grown. A lot. Over four million accounts (and four account types!). A team of thousands. Headquartered in London with offices in Cardiff, Dublin, Manchester and Southampton. Five years voted Which? Recommended Provider and Britain's Best Banking Brand. Still zero branches. Our culture is open, inclusive and focused on solving real customer problems, with an emphasis on doing the right thing, even when it's not always the easy thing. From our approach to working together and sustainability to how we build our products, our decisions need to make the world - and Starling - a better place to be. Everyone at Starling is essential to our mission, which is really quite simple: to solve our customer's problems - and build the best bank in the world! And now we're providing Starling to other banks, via a Software-as-a-Service (SaaS) proposition through our subsidiary Engine, using the proprietary technology platform that it uses to power our own bank. The Role: We are looking for a Risk and Controls Manager to join our People team on a fixed term contract for 12 months. This strategic role will support the Group Chief People Officer (GCPO) and wider People and Facilities Management teams by overseeing the governance and management of non-financial risks, including Health & Safety, for the Starling Group (Starling Group Holdings and its subsidiaries). You will partner with Risk and Control Owners to serve as a trusted advisor and create a culture of effective and consistent controls assurance, risk management, oversight, and reporting. You will play a pivotal role in ensuring Starling operates within its risk appetite while driving risk awareness in the first line. The Risk and Controls Manager will bring robust Risk Management experience within the banking sector (first or second line), ideally with experience managing 1LoD risk for a multinational organisation. You must have a proven record of risk governance and control oversight. Experience gained in People function is an advantage, as is the ability to manage Health & Safety risk frameworks. We are looking for someone with passion and enthusiasm who can build strong relationships to drive risk awareness. Key Accountabilities & Responsibilities: Risk Strategy & Governance 1LoD Oversight: Responsible for the ongoing monitoring and strategic oversight of the first line of defence (1LoD) People and Facilities risk and control profile, using insight and information from various sources. Health & Safety Risk Management: Lead the identification, assessment, and mitigation of Health & Safety risks, ensuring compliance with relevant safety legislation and internal policies. Advisory & Culture: Act as a key contributor to the ongoing development of a risk-aware culture within the 1LoD. Work with Risk and Control owners by providing advice, challenge, and input on key decisions, enabling them to clearly articulate and manage their risk profile. Policy & Emerging Risk: Engage with 2LoD, 3LoD, and other key stakeholders on the development of policy, socialising it within the 1LoD, and overseeing embedding and adherence. Collaborate with the People and Facilities Management Leadership Team to scan for emerging risks. Operational Risk Management RCSA: Support the Risk Controls Self Assessment (RCSA) process. Testing & Assurance: Oversee the creation and execution of 1LoD Control testing plans and challenge the risk and control environment to drive improvements. Committee Management: Support the operation of risk governance fora (People Risk Management Forum/ Health and Safety Forum) and support the 1LoD risk reporting, providing senior management with oversight of key themes, risks, and issues. Event Management: Oversee Operational Event management and reviews, ensuring robust root cause analysis, containment, lessons learned, and read-across are completed. System Maintenance: Oversee the maintenance of Risk information in the GRC system (CAMMS). Requirements Experience & Knowledge Multinational Experience: Ideally, you must have experience managing 1LoD risk for a multinational organisation, understanding the complexities of risk across different jurisdictions. Health & Safety: Proven ability to support and manage Health & Safety Risk Management frameworks. Risk Frameworks: A deep understanding of risk management frameworks, controls testing methodologies, and experience executing or overseeing controls testing to a high standard. Regulatory Knowledge: Understanding of Conduct Risk, employment-related legislation, and the Consumer Duty would be an advantage. Behaviours & Competencies Stakeholder Management: A natural ability to build strong stakeholder relationships. Analytical Mindset: An inquisitive and analytical mind to understand risks, controls, and processes, identifying control gaps and suggesting improvements. Proactive: A proactive approach to managing workloads with a 'can do' attitude, using initiative to take ownership and see complex issues through to resolution. Challenger: Ability to challenge the status quo, helping us shape operations to be best in class across financial services. Skills Proficient in Google Suite products (Docs and Sheets). Exposure to working within First or Second line risk. Applications for this role will close at 5pm on January 5th. Benefits 25 days holiday (plus take your public holiday allowance whenever works best for you) An extra day's holiday for your birthday Annual leave is increased with length of service, and you can choose to buy or sell up to five extra days off 16 hours paid volunteering time a year Salary sacrifice, company enhanced pension scheme Life insurance at 4x your salary Private Medical Insurance with VitalityHealth including mental health support and cancer care. Partner benefits include discounts with Waitrose, Mr&Mrs Smith and Peloton Generous family-friendly policies Perkbox membership giving access to retail discounts, a wellness platform for physical and mental health, and weekly free and boosted perks Access to initiatives like Cycle to Work and Salary Sacrificed Gym partnerships About Us You may be put off applying for a role because you don't tick every box. Forget that! While we can't accommodate every flexible working request, we're always open to discussion. So, if you're excited about working with us, but aren't sure if you're 100% there yet, get in touch anyway. We're on a mission to radically reshape banking - and that starts with our brilliant team. Whatever came before, we're proud to bring together people of all backgrounds and experiences who love working together to solve problems. Starling Bank is an equal opportunity employer, and we're proud of our ongoing efforts to foster diversity & inclusion in the workplace. Individuals seeking employment at Starling Bank are considered without regard to race, religion, national origin, age, sex, gender, gender identity, gender expression, sexual orientation, marital status, medical condition, ancestry, physical or mental disability, military or veteran status, or any other characteristic protected by applicable law. By submitting your application, you agree that Starling Bank may collect your personal data for recruiting and related purposes. Our Privacy Notice explains what personal information we may process, where we may process your personal information, its purposes for processing your personal information, and the rights you can exercise over our use of your personal information.
Jan 07, 2026
Contractor
Description Hello, we're Starling. Banking was broken - so we decided to fix it. The vision? Fast technology, fair service and honest values. All at the tap of a phone, all the time. We built Britain's first digital bank. One hard-won banking licence later, we set about giving people a new way to spend, save and manage their money (and take better care of the planet, too). We're changing banking for good. Back then, we were obsessed with unravelling the knotty world of finance and solving people's problems rather than selling them stuff. We still are. Since then, we've grown. A lot. Over four million accounts (and four account types!). A team of thousands. Headquartered in London with offices in Cardiff, Dublin, Manchester and Southampton. Five years voted Which? Recommended Provider and Britain's Best Banking Brand. Still zero branches. Our culture is open, inclusive and focused on solving real customer problems, with an emphasis on doing the right thing, even when it's not always the easy thing. From our approach to working together and sustainability to how we build our products, our decisions need to make the world - and Starling - a better place to be. Everyone at Starling is essential to our mission, which is really quite simple: to solve our customer's problems - and build the best bank in the world! And now we're providing Starling to other banks, via a Software-as-a-Service (SaaS) proposition through our subsidiary Engine, using the proprietary technology platform that it uses to power our own bank. The Role: We are looking for a Risk and Controls Manager to join our People team on a fixed term contract for 12 months. This strategic role will support the Group Chief People Officer (GCPO) and wider People and Facilities Management teams by overseeing the governance and management of non-financial risks, including Health & Safety, for the Starling Group (Starling Group Holdings and its subsidiaries). You will partner with Risk and Control Owners to serve as a trusted advisor and create a culture of effective and consistent controls assurance, risk management, oversight, and reporting. You will play a pivotal role in ensuring Starling operates within its risk appetite while driving risk awareness in the first line. The Risk and Controls Manager will bring robust Risk Management experience within the banking sector (first or second line), ideally with experience managing 1LoD risk for a multinational organisation. You must have a proven record of risk governance and control oversight. Experience gained in People function is an advantage, as is the ability to manage Health & Safety risk frameworks. We are looking for someone with passion and enthusiasm who can build strong relationships to drive risk awareness. Key Accountabilities & Responsibilities: Risk Strategy & Governance 1LoD Oversight: Responsible for the ongoing monitoring and strategic oversight of the first line of defence (1LoD) People and Facilities risk and control profile, using insight and information from various sources. Health & Safety Risk Management: Lead the identification, assessment, and mitigation of Health & Safety risks, ensuring compliance with relevant safety legislation and internal policies. Advisory & Culture: Act as a key contributor to the ongoing development of a risk-aware culture within the 1LoD. Work with Risk and Control owners by providing advice, challenge, and input on key decisions, enabling them to clearly articulate and manage their risk profile. Policy & Emerging Risk: Engage with 2LoD, 3LoD, and other key stakeholders on the development of policy, socialising it within the 1LoD, and overseeing embedding and adherence. Collaborate with the People and Facilities Management Leadership Team to scan for emerging risks. Operational Risk Management RCSA: Support the Risk Controls Self Assessment (RCSA) process. Testing & Assurance: Oversee the creation and execution of 1LoD Control testing plans and challenge the risk and control environment to drive improvements. Committee Management: Support the operation of risk governance fora (People Risk Management Forum/ Health and Safety Forum) and support the 1LoD risk reporting, providing senior management with oversight of key themes, risks, and issues. Event Management: Oversee Operational Event management and reviews, ensuring robust root cause analysis, containment, lessons learned, and read-across are completed. System Maintenance: Oversee the maintenance of Risk information in the GRC system (CAMMS). Requirements Experience & Knowledge Multinational Experience: Ideally, you must have experience managing 1LoD risk for a multinational organisation, understanding the complexities of risk across different jurisdictions. Health & Safety: Proven ability to support and manage Health & Safety Risk Management frameworks. Risk Frameworks: A deep understanding of risk management frameworks, controls testing methodologies, and experience executing or overseeing controls testing to a high standard. Regulatory Knowledge: Understanding of Conduct Risk, employment-related legislation, and the Consumer Duty would be an advantage. Behaviours & Competencies Stakeholder Management: A natural ability to build strong stakeholder relationships. Analytical Mindset: An inquisitive and analytical mind to understand risks, controls, and processes, identifying control gaps and suggesting improvements. Proactive: A proactive approach to managing workloads with a 'can do' attitude, using initiative to take ownership and see complex issues through to resolution. Challenger: Ability to challenge the status quo, helping us shape operations to be best in class across financial services. Skills Proficient in Google Suite products (Docs and Sheets). Exposure to working within First or Second line risk. Applications for this role will close at 5pm on January 5th. Benefits 25 days holiday (plus take your public holiday allowance whenever works best for you) An extra day's holiday for your birthday Annual leave is increased with length of service, and you can choose to buy or sell up to five extra days off 16 hours paid volunteering time a year Salary sacrifice, company enhanced pension scheme Life insurance at 4x your salary Private Medical Insurance with VitalityHealth including mental health support and cancer care. Partner benefits include discounts with Waitrose, Mr&Mrs Smith and Peloton Generous family-friendly policies Perkbox membership giving access to retail discounts, a wellness platform for physical and mental health, and weekly free and boosted perks Access to initiatives like Cycle to Work and Salary Sacrificed Gym partnerships About Us You may be put off applying for a role because you don't tick every box. Forget that! While we can't accommodate every flexible working request, we're always open to discussion. So, if you're excited about working with us, but aren't sure if you're 100% there yet, get in touch anyway. We're on a mission to radically reshape banking - and that starts with our brilliant team. Whatever came before, we're proud to bring together people of all backgrounds and experiences who love working together to solve problems. Starling Bank is an equal opportunity employer, and we're proud of our ongoing efforts to foster diversity & inclusion in the workplace. Individuals seeking employment at Starling Bank are considered without regard to race, religion, national origin, age, sex, gender, gender identity, gender expression, sexual orientation, marital status, medical condition, ancestry, physical or mental disability, military or veteran status, or any other characteristic protected by applicable law. By submitting your application, you agree that Starling Bank may collect your personal data for recruiting and related purposes. Our Privacy Notice explains what personal information we may process, where we may process your personal information, its purposes for processing your personal information, and the rights you can exercise over our use of your personal information.
First Line Risk & Control Manager page is loaded First Line Risk & Control Managerlocations: London, United Kingdomposted on: Posted Todayjob requisition id: 9We're the world's leading provider of secure financial messaging services, headquartered in Belgium. We are the way the world moves value - across borders, through cities and overseas. No other organisation can address the scale, precision, pace and trust that this demands, and we're proud to support the global economy.We're unique too. We were established to find a better way for the global financial community to move value - a reliable, safe and secure approach that the community can trust, completely. We're always striving to be better and are constantly evolving in an ever-changing landscape, without undermining that trust. Five decades on, our vibrant community reflects the complexity and diversity of the financial ecosystem. We innovate diligently, test exhaustively, then implement fast. In a connected and exciting era, our mission has never been more relevant. Swift now has a presence in 200+ countries and legal territories to serve a community of more than 12,000 banks and financial institutions.As the First Line Risk & Control Manager, you will lead a team of professionals dedicated to strengthening risk and control practices across the organisation. This role is responsible for overseeing first-line control testing, supporting audits, and ensuring adherence to internal control frameworks, technology risk management, and process governance. You will play a key role in maintaining compliance and driving operational excellence. In a dynamic environment shaped by evolving risks, regulatory expectations, and strategic priorities, this position offers an exciting opportunity to make a meaningful impact. Key ResponsibilitiesAs a leader you will: Recruit, coach, and develop a high-performing team of risk and control professionals. Set clear goals, provide feedback, and foster a culture of accountability and continuous improvement. Translate organisational strategy into actionable plans for the team. Build strong relationships with senior leaders and cross-functional teams. Drive adoption of new processes, tools, and frameworks. Monitor team performance against KPIs and deliverables.In this role you and your team will: Provide transparency and ensure accurate reporting of control testing and audit activities and results to Executive and Senior Leadership. Build and foster meaningful and professional relationships with a wide range of internal stakeholders across all 3 lines. Collaborate with 2nd line Risk Department and 3rd line Internal Audit on a frequent basis to stay aligned on first line testing, risk and audit activities and outcomes. Perform first line control testing and assurance reviews to evaluate design and operating effectiveness of the controls. Identify and report control gaps, risks, and compliance issues. Ensure issues detected by first line are documented as Issues Known to Management. Support remediation plans and continuous improvement initiatives. Maintain documentation for audits and regulatory reporting. Collaborate with business units to ensure adherence to internal control standards. Drive improvements to increase control and control testing maturity. Provide internal and external audit oversight, including coordination, monitoring, and guidance in preparing timely and quality responses to third line audit findings. Provide training and guidance on control and auditing requirements. Serve as primary liaison for internal and external audits. Provide transparency and ensure accurate reporting of risks and risk-related activities to Executive and Senior Leadership. Monitor and report on risk management activities and outcomes. Assist 1st line in identifying, analyzing, evaluating and mitigating risks in alignment with Swift's Enterprise Risk Management Framework. Leverage a technology-driven risk lens to assist with the preparation and review of Executive and Board material. Manage and maintain the organisation's central process repository to ensure processes remain accurate and relevant. What will make you successfulWe are seeking professionals with: Bachelor's degree. 8+ years of experience in control compliance, risk management, audit or similar roles, and at least 3 years in a leadership capacity. Strong technical understanding of compliance frameworks, risks, policies and controls. Proficiency in using governance, risk management and compliance tools and methodologies. Self-starter with a structured, process-oriented mindset and the ability to work independently in a dynamic, international environment. Excellent communication (written and oral), interpersonal and presentation skills. Strategic thinker and problem-solver, including ability to analyse complex technical data and provide actionable insights and recommendations. Excellent stakeholder engagement and influencing skills, with experience interacting at senior levels. Collaborative mindset with a proactive and solution-oriented approach. Proven ability to influence, drive change and deliver with an operational excellence mindset. Resilience and adaptability in managing multiple priorities and delivering results in a fast-paced and evolving environment. Relevant professional certifications (e.g., CISA, CRISC, CGRC, GRCP, ISO 31000) Strong knowledge of industry standards and frameworks (e.g., ISO 27001, ITIL, NIST, CIS, COBIT) and technology risk principles. Professional English language skills (written and verbal) What we offer We give you the freedom to be yourself. We are creating an environment of unique individuals - like you - with different perspectives on the financial industry and the world. A diverse and inclusive environment in which everyone's voice counts and where you can reach your full potential. If you believe you require a reasonable accommodation to participate in the job application or interview process, please contact us to request accommodation. Swift doesn't stand still. We are constantly evolving and tirelessly innovating. Working at the intersection of finance and technology is a very exciting place to be right now.Swift is transforming cross-border payments, making them faster and more transparent than ever before. We are the way the world moves value - every instant of every day, in almost every country.We are proud that what we do has a critical impact on the global financial community and touches almost every aspect of the financial world. So, what you do at Swift has real impact too - an impact that matters every day. Which is why you matter to us.Joining Swift gives you unparalleled exposure to knowledge, expertise and technologies. If you have what it takes, you'll be able to take on different career paths and have the opportunity to work in teams, departments and disciplines in countries around the world.Swift is unique. There is no other organisation like ours in the world driving the long-term future of the financial ecosystem. You'll be surrounded by bright, customer-focused and intellectually curious people in a collaborative, friendly, open and inclusive environment.At Swift we are trusted every instant. Everything we do has an impact that matters. And as a member of our team, you are trusted to make your impact every day. Job Alertan account and register for a Job Alert and we will let you know when new jobs matching your career interests become available.
Jan 06, 2026
Full time
First Line Risk & Control Manager page is loaded First Line Risk & Control Managerlocations: London, United Kingdomposted on: Posted Todayjob requisition id: 9We're the world's leading provider of secure financial messaging services, headquartered in Belgium. We are the way the world moves value - across borders, through cities and overseas. No other organisation can address the scale, precision, pace and trust that this demands, and we're proud to support the global economy.We're unique too. We were established to find a better way for the global financial community to move value - a reliable, safe and secure approach that the community can trust, completely. We're always striving to be better and are constantly evolving in an ever-changing landscape, without undermining that trust. Five decades on, our vibrant community reflects the complexity and diversity of the financial ecosystem. We innovate diligently, test exhaustively, then implement fast. In a connected and exciting era, our mission has never been more relevant. Swift now has a presence in 200+ countries and legal territories to serve a community of more than 12,000 banks and financial institutions.As the First Line Risk & Control Manager, you will lead a team of professionals dedicated to strengthening risk and control practices across the organisation. This role is responsible for overseeing first-line control testing, supporting audits, and ensuring adherence to internal control frameworks, technology risk management, and process governance. You will play a key role in maintaining compliance and driving operational excellence. In a dynamic environment shaped by evolving risks, regulatory expectations, and strategic priorities, this position offers an exciting opportunity to make a meaningful impact. Key ResponsibilitiesAs a leader you will: Recruit, coach, and develop a high-performing team of risk and control professionals. Set clear goals, provide feedback, and foster a culture of accountability and continuous improvement. Translate organisational strategy into actionable plans for the team. Build strong relationships with senior leaders and cross-functional teams. Drive adoption of new processes, tools, and frameworks. Monitor team performance against KPIs and deliverables.In this role you and your team will: Provide transparency and ensure accurate reporting of control testing and audit activities and results to Executive and Senior Leadership. Build and foster meaningful and professional relationships with a wide range of internal stakeholders across all 3 lines. Collaborate with 2nd line Risk Department and 3rd line Internal Audit on a frequent basis to stay aligned on first line testing, risk and audit activities and outcomes. Perform first line control testing and assurance reviews to evaluate design and operating effectiveness of the controls. Identify and report control gaps, risks, and compliance issues. Ensure issues detected by first line are documented as Issues Known to Management. Support remediation plans and continuous improvement initiatives. Maintain documentation for audits and regulatory reporting. Collaborate with business units to ensure adherence to internal control standards. Drive improvements to increase control and control testing maturity. Provide internal and external audit oversight, including coordination, monitoring, and guidance in preparing timely and quality responses to third line audit findings. Provide training and guidance on control and auditing requirements. Serve as primary liaison for internal and external audits. Provide transparency and ensure accurate reporting of risks and risk-related activities to Executive and Senior Leadership. Monitor and report on risk management activities and outcomes. Assist 1st line in identifying, analyzing, evaluating and mitigating risks in alignment with Swift's Enterprise Risk Management Framework. Leverage a technology-driven risk lens to assist with the preparation and review of Executive and Board material. Manage and maintain the organisation's central process repository to ensure processes remain accurate and relevant. What will make you successfulWe are seeking professionals with: Bachelor's degree. 8+ years of experience in control compliance, risk management, audit or similar roles, and at least 3 years in a leadership capacity. Strong technical understanding of compliance frameworks, risks, policies and controls. Proficiency in using governance, risk management and compliance tools and methodologies. Self-starter with a structured, process-oriented mindset and the ability to work independently in a dynamic, international environment. Excellent communication (written and oral), interpersonal and presentation skills. Strategic thinker and problem-solver, including ability to analyse complex technical data and provide actionable insights and recommendations. Excellent stakeholder engagement and influencing skills, with experience interacting at senior levels. Collaborative mindset with a proactive and solution-oriented approach. Proven ability to influence, drive change and deliver with an operational excellence mindset. Resilience and adaptability in managing multiple priorities and delivering results in a fast-paced and evolving environment. Relevant professional certifications (e.g., CISA, CRISC, CGRC, GRCP, ISO 31000) Strong knowledge of industry standards and frameworks (e.g., ISO 27001, ITIL, NIST, CIS, COBIT) and technology risk principles. Professional English language skills (written and verbal) What we offer We give you the freedom to be yourself. We are creating an environment of unique individuals - like you - with different perspectives on the financial industry and the world. A diverse and inclusive environment in which everyone's voice counts and where you can reach your full potential. If you believe you require a reasonable accommodation to participate in the job application or interview process, please contact us to request accommodation. Swift doesn't stand still. We are constantly evolving and tirelessly innovating. Working at the intersection of finance and technology is a very exciting place to be right now.Swift is transforming cross-border payments, making them faster and more transparent than ever before. We are the way the world moves value - every instant of every day, in almost every country.We are proud that what we do has a critical impact on the global financial community and touches almost every aspect of the financial world. So, what you do at Swift has real impact too - an impact that matters every day. Which is why you matter to us.Joining Swift gives you unparalleled exposure to knowledge, expertise and technologies. If you have what it takes, you'll be able to take on different career paths and have the opportunity to work in teams, departments and disciplines in countries around the world.Swift is unique. There is no other organisation like ours in the world driving the long-term future of the financial ecosystem. You'll be surrounded by bright, customer-focused and intellectually curious people in a collaborative, friendly, open and inclusive environment.At Swift we are trusted every instant. Everything we do has an impact that matters. And as a member of our team, you are trusted to make your impact every day. Job Alertan account and register for a Job Alert and we will let you know when new jobs matching your career interests become available.
Hello, we're Starling. Banking was broken - so we decided to fix it. The vision? Fast technology, fair service and honest values. All at the tap of a phone, all the time. We built Britain's first digital bank. One hard-won banking licence later, we set about giving people a new way to spend, save and manage their money (and take better care of the planet, too). We're changing banking for good. Back then, we were obsessed with unravelling the knotty world of finance and solving people's problems rather than selling them stuff. We still are. Since then, we've grown. A lot. Over four million accounts (and four account types!). A team of thousands. Headquartered in London with offices in Cardiff, Dublin, Manchester and Southampton. Five years voted Which? Recommended Provider and Britain's Best Banking Brand. Still zero branches. Our culture is open, inclusive and focused on solving real customer problems, with an emphasis on doing the right thing, even when it's not always the easy thing. From our approach to working together and sustainability to how we build our products, our decisions need to make the world - and Starling - a better place to be. Everyone at Starling is essential to our mission, which is really quite simple: to solve our customer's problems - and build the best bank in the world! And now we're providing Starling to other banks, via a Software-as-a-Service (SaaS) proposition through our subsidiary Engine, using the proprietary technology platform that it uses to power our own bank. The Role: We are looking for a Risk and Controls Manager to join our People team on a fixed term contract for 12 months. This strategic role will support the Group Chief People Officer (GCPO) and wider People and Facilities Management teams by overseeing the governance and management of non-financial risks, including Health & Safety, for the Starling Group (Starling Group Holdings and its subsidiaries). You will partner with Risk and Control Owners to serve as a trusted advisor and create a culture of effective and consistent controls assurance, risk management, oversight, and reporting. You will play a pivotal role in ensuring Starling operates within its risk appetite while driving risk awareness in the first line. The Risk and Controls Manager will bring robust Risk Management experience within the banking sector (first or second line), ideally with experience managing 1LoD risk for a multinational organisation. You must have a proven record of risk governance and control oversight. Experience gained in People function is an advantage, as is the ability to manage Health & Safety risk frameworks. We are looking for someone with passion and enthusiasm who can build strong relationships to drive risk awareness. Key Accountabilities & Responsibilities: Risk Strategy & Governance 1LoD Oversight: Responsible for the ongoing monitoring and strategic oversight of the first line of defence (1LoD) People and Facilities risk and control profile, using insight and information from various sources. Health & Safety Risk Management: Lead the identification, assessment, and mitigation of Health & Safety risks, ensuring compliance with relevant safety legislation and internal policies. Advisory & Culture: Act as a key contributor to the ongoing development of a risk-aware culture within the 1LoD. Work with Risk and Control owners by providing advice, challenge, and input on key decisions, enabling them to clearly articulate and manage their risk profile. Policy & Emerging Risk: Engage with 2LoD, 3LoD, and other key stakeholders on the development of policy, socialising it within the 1LoD, and overseeing embedding and adherence. Collaborate with the People and Facilities Management Leadership Team to scan for emerging risks. Operational Risk Management RCSA: Support the Risk Controls Self Assessment (RCSA) process. Testing & Assurance: Oversee the creation and execution of 1LoD Control testing plans and challenge the risk and control environment to drive improvements. Committee Management: Support the operation of risk governance fora (People Risk Management Forum/ Health and Safety Forum) and support the 1LoD risk reporting, providing senior management with oversight of key themes, risks, and issues. Event Management: Oversee Operational Event management and reviews, ensuring robust root cause analysis, containment, lessons learned, and read across are completed. System Maintenance: Oversee the maintenance of Risk information in the GRC system (CAMMS). Experience & Knowledge Multinational Experience: Ideally, you must have experience managing 1LoD risk for a multinational organisation, understanding the complexities of risk across different jurisdictions. Health & Safety: Proven ability to support and manage Health & Safety Risk Management frameworks. Risk Frameworks: A deep understanding of risk management frameworks, controls testing methodologies, and experience executing or overseeing controls testing to a high standard. Regulatory Knowledge: Understanding of Conduct Risk, employment related legislation, and the Consumer Duty would be an advantage. Behaviours & Competencies Stakeholder Management: A natural ability to build strong stakeholder relationships. Analytical Mindset: An inquisitive and analytical mind to understand risks, controls, and processes, identifying control gaps and suggesting improvements. Proactive: A proactive approach to managing workloads with a 'can do' attitude, using initiative to take ownership and see complex issues through to resolution. Challenger: Ability to challenge the status quo, helping us shape operations to be best in class across financial services. Skills Proficient in Google Suite products (Docs and Sheets). Exposure to working within First or Second line risk. 25 days holiday (plus take your public holiday allowance whenever works best for you) An extra day's holiday for your birthday Annual leave is increased with length of service, and you can choose to buy or sell up to five extra days off 16 hours paid volunteering time a year Salary sacrifice, company enhanced pension scheme Life insurance at 4x your salary Private Medical Insurance with VitalityHealth including mental health support and cancer care. Partner benefits include discounts with Waitrose, Mr&Mrs Smith and Peloton Generous family-friendly policies Perkbox membership giving access to retail discounts, a wellness platform for physical and mental health, and weekly free and boosted perks Access to initiatives like Cycle to Work and Salary Sacrificed Gym partnerships About Us You may be put off applying for a role because you don't tick every box. Forget that! While we can't accommodate every flexible working request, we're always open to discussion. So, if you're excited about working with us, but aren't sure if you're 100% there yet, get in touch anyway. We're on a mission to radically reshape banking - and that starts with our brilliant team. Whatever came before, we're proud to bring together people of all backgrounds and experiences who love working together to solve problems. Starling Bank is an equal opportunity employer, and we're proud of our ongoing efforts to foster diversity & inclusion in the workplace. Individuals seeking employment at Starling Bank are considered without regard to race, religion, national origin, age, sex, gender, gender identity, gender expression, sexual orientation, marital status, medical condition, ancestry, physical or mental disability, military or veteran status, or any other characteristic protected by applicable law. By submitting your application, you agree that Starling Bank may collect your personal data for recruiting and related purposes. Our Privacy Notice explains what personal information we may process, where we may process your personal information, its purposes for processing your personal information, and the rights you can exercise over our use of your personal information.
Jan 06, 2026
Full time
Hello, we're Starling. Banking was broken - so we decided to fix it. The vision? Fast technology, fair service and honest values. All at the tap of a phone, all the time. We built Britain's first digital bank. One hard-won banking licence later, we set about giving people a new way to spend, save and manage their money (and take better care of the planet, too). We're changing banking for good. Back then, we were obsessed with unravelling the knotty world of finance and solving people's problems rather than selling them stuff. We still are. Since then, we've grown. A lot. Over four million accounts (and four account types!). A team of thousands. Headquartered in London with offices in Cardiff, Dublin, Manchester and Southampton. Five years voted Which? Recommended Provider and Britain's Best Banking Brand. Still zero branches. Our culture is open, inclusive and focused on solving real customer problems, with an emphasis on doing the right thing, even when it's not always the easy thing. From our approach to working together and sustainability to how we build our products, our decisions need to make the world - and Starling - a better place to be. Everyone at Starling is essential to our mission, which is really quite simple: to solve our customer's problems - and build the best bank in the world! And now we're providing Starling to other banks, via a Software-as-a-Service (SaaS) proposition through our subsidiary Engine, using the proprietary technology platform that it uses to power our own bank. The Role: We are looking for a Risk and Controls Manager to join our People team on a fixed term contract for 12 months. This strategic role will support the Group Chief People Officer (GCPO) and wider People and Facilities Management teams by overseeing the governance and management of non-financial risks, including Health & Safety, for the Starling Group (Starling Group Holdings and its subsidiaries). You will partner with Risk and Control Owners to serve as a trusted advisor and create a culture of effective and consistent controls assurance, risk management, oversight, and reporting. You will play a pivotal role in ensuring Starling operates within its risk appetite while driving risk awareness in the first line. The Risk and Controls Manager will bring robust Risk Management experience within the banking sector (first or second line), ideally with experience managing 1LoD risk for a multinational organisation. You must have a proven record of risk governance and control oversight. Experience gained in People function is an advantage, as is the ability to manage Health & Safety risk frameworks. We are looking for someone with passion and enthusiasm who can build strong relationships to drive risk awareness. Key Accountabilities & Responsibilities: Risk Strategy & Governance 1LoD Oversight: Responsible for the ongoing monitoring and strategic oversight of the first line of defence (1LoD) People and Facilities risk and control profile, using insight and information from various sources. Health & Safety Risk Management: Lead the identification, assessment, and mitigation of Health & Safety risks, ensuring compliance with relevant safety legislation and internal policies. Advisory & Culture: Act as a key contributor to the ongoing development of a risk-aware culture within the 1LoD. Work with Risk and Control owners by providing advice, challenge, and input on key decisions, enabling them to clearly articulate and manage their risk profile. Policy & Emerging Risk: Engage with 2LoD, 3LoD, and other key stakeholders on the development of policy, socialising it within the 1LoD, and overseeing embedding and adherence. Collaborate with the People and Facilities Management Leadership Team to scan for emerging risks. Operational Risk Management RCSA: Support the Risk Controls Self Assessment (RCSA) process. Testing & Assurance: Oversee the creation and execution of 1LoD Control testing plans and challenge the risk and control environment to drive improvements. Committee Management: Support the operation of risk governance fora (People Risk Management Forum/ Health and Safety Forum) and support the 1LoD risk reporting, providing senior management with oversight of key themes, risks, and issues. Event Management: Oversee Operational Event management and reviews, ensuring robust root cause analysis, containment, lessons learned, and read across are completed. System Maintenance: Oversee the maintenance of Risk information in the GRC system (CAMMS). Experience & Knowledge Multinational Experience: Ideally, you must have experience managing 1LoD risk for a multinational organisation, understanding the complexities of risk across different jurisdictions. Health & Safety: Proven ability to support and manage Health & Safety Risk Management frameworks. Risk Frameworks: A deep understanding of risk management frameworks, controls testing methodologies, and experience executing or overseeing controls testing to a high standard. Regulatory Knowledge: Understanding of Conduct Risk, employment related legislation, and the Consumer Duty would be an advantage. Behaviours & Competencies Stakeholder Management: A natural ability to build strong stakeholder relationships. Analytical Mindset: An inquisitive and analytical mind to understand risks, controls, and processes, identifying control gaps and suggesting improvements. Proactive: A proactive approach to managing workloads with a 'can do' attitude, using initiative to take ownership and see complex issues through to resolution. Challenger: Ability to challenge the status quo, helping us shape operations to be best in class across financial services. Skills Proficient in Google Suite products (Docs and Sheets). Exposure to working within First or Second line risk. 25 days holiday (plus take your public holiday allowance whenever works best for you) An extra day's holiday for your birthday Annual leave is increased with length of service, and you can choose to buy or sell up to five extra days off 16 hours paid volunteering time a year Salary sacrifice, company enhanced pension scheme Life insurance at 4x your salary Private Medical Insurance with VitalityHealth including mental health support and cancer care. Partner benefits include discounts with Waitrose, Mr&Mrs Smith and Peloton Generous family-friendly policies Perkbox membership giving access to retail discounts, a wellness platform for physical and mental health, and weekly free and boosted perks Access to initiatives like Cycle to Work and Salary Sacrificed Gym partnerships About Us You may be put off applying for a role because you don't tick every box. Forget that! While we can't accommodate every flexible working request, we're always open to discussion. So, if you're excited about working with us, but aren't sure if you're 100% there yet, get in touch anyway. We're on a mission to radically reshape banking - and that starts with our brilliant team. Whatever came before, we're proud to bring together people of all backgrounds and experiences who love working together to solve problems. Starling Bank is an equal opportunity employer, and we're proud of our ongoing efforts to foster diversity & inclusion in the workplace. Individuals seeking employment at Starling Bank are considered without regard to race, religion, national origin, age, sex, gender, gender identity, gender expression, sexual orientation, marital status, medical condition, ancestry, physical or mental disability, military or veteran status, or any other characteristic protected by applicable law. By submitting your application, you agree that Starling Bank may collect your personal data for recruiting and related purposes. Our Privacy Notice explains what personal information we may process, where we may process your personal information, its purposes for processing your personal information, and the rights you can exercise over our use of your personal information.
Hello, we're Starling. Banking was broken - so we decided to fix it. The vision? Fast technology, fair service and honest values. All at the tap of a phone, all the time. We built Britain's first digital bank. One hard-won banking licence later, we set about giving people a new way to spend, save and manage their money (and take better care of the planet, too). We're changing banking for good. Back then, we were obsessed with unravelling the knotty world of finance and solving people's problems rather than selling them stuff. We still are. Since then, we've grown. A lot. Over four million accounts (and four account types!). A team of thousands. Headquartered in London with offices in Cardiff, Dublin, Manchester and Southampton. Five years voted Which? Recommended Provider and Britain's Best Banking Brand. Still zero branches. Our culture is open, inclusive and focused on solving real customer problems, with an emphasis on doing the right thing, even when it's not always the easy thing. From our approach to working together and sustainability to how we build our products, our decisions need to make the world - and Starling - a better place to be. Everyone at Starling is essential to our mission, which is really quite simple: to solve our customer's problems - and build the best bank in the world! And now we're providing Starling to other banks, via a Software-as-a-Service (SaaS) proposition through our subsidiary Engine, using the proprietary technology platform that it uses to power our own bank. The Role: We are looking for a Risk and Controls Manager to join our People team on a fixed term contract for 12 months. This strategic role will support the Group Chief People Officer (GCPO) and wider People and Facilities Management teams by overseeing the governance and management of non-financial risks, including Health & Safety, for the Starling Group (Starling Group Holdings and its subsidiaries). You will partner with Risk and Control Owners to serve as a trusted advisor and create a culture of effective and consistent controls assurance, risk management, oversight, and reporting. You will play a pivotal role in ensuring Starling operates within its risk appetite while driving risk awareness in the first line. The Risk and Controls Manager will bring robust Risk Management experience within the banking sector (first or second line), ideally with experience managing 1LoD risk for a multinational organisation. You must have a proven record of risk governance and control oversight. Experience gained in People function is an advantage, as is the ability to manage Health & Safety risk frameworks. We are looking for someone with passion and enthusiasm who can build strong relationships to drive risk awareness. Key Accountabilities & Responsibilities: Risk Strategy & Governance 1LoD Oversight: Responsible for the ongoing monitoring and strategic oversight of the first line of defence (1LoD) People and Facilities risk and control profile, using insight and information from various sources. Health & Safety Risk Management: Lead the identification, assessment, and mitigation of Health & Safety risks, ensuring compliance with relevant safety legislation and internal policies. Advisory & Culture: Act as a key contributor to the ongoing development of a risk-aware culture within the 1LoD. Work with Risk and Control owners by providing advice, challenge, and input on key decisions, enabling them to clearly articulate and manage their risk profile. Policy & Emerging Risk: Engage with 2LoD, 3LoD, and other key stakeholders on the development of policy, socialising it within the 1LoD, and overseeing embedding and adherence. Collaborate with the People and Facilities Management Leadership Team to scan for emerging risks. Operational Risk Management RCSA: Support the Risk Controls Self Assessment (RCSA) process. Testing & Assurance: Oversee the creation and execution of 1LoD Control testing plans and challenge the risk and control environment to drive improvements. Committee Management: Support the operation of risk governance fora (People Risk Management Forum/ Health and Safety Forum) and support the 1LoD risk reporting, providing senior management with oversight of key themes, risks, and issues. Event Management: Oversee Operational Event management and reviews, ensuring robust root cause analysis, containment, lessons learned, and read across are completed. System Maintenance: Oversee the maintenance of Risk information in the GRC system (CAMMS). Experience & Knowledge Multinational Experience: Ideally, you must have experience managing 1LoD risk for a multinational organisation, understanding the complexities of risk across different jurisdictions. Health & Safety: Proven ability to support and manage Health & Safety Risk Management frameworks. Risk Frameworks: A deep understanding of risk management frameworks, controls testing methodologies, and experience executing or overseeing controls testing to a high standard. Regulatory Knowledge: Understanding of Conduct Risk, employment related legislation, and the Consumer Duty would be an advantage. Behaviours & Competencies Stakeholder Management: A natural ability to build strong stakeholder relationships. Analytical Mindset: An inquisitive and analytical mind to understand risks, controls, and processes, identifying control gaps and suggesting improvements. Proactive: A proactive approach to managing workloads with a 'can do' attitude, using initiative to take ownership and see complex issues through to resolution. Challenger: Ability to challenge the status quo, helping us shape operations to be best in class across financial services. Skills Proficient in Google Suite products (Docs and Sheets). Exposure to working within First or Second line risk. 25 days holiday (plus take your public holiday allowance whenever works best for you) An extra day's holiday for your birthday Annual leave is increased with length of service, and you can choose to buy or sell up to five extra days off 16 hours paid volunteering time a year Salary sacrifice, company enhanced pension scheme Life insurance at 4x your salary Private Medical Insurance with VitalityHealth including mental health support and cancer care. Partner benefits include discounts with Waitrose, Mr&Mrs Smith and Peloton Generous family-friendly policies Perkbox membership giving access to retail discounts, a wellness platform for physical and mental health, and weekly free and boosted perks Access to initiatives like Cycle to Work and Salary Sacrificed Gym partnerships About Us You may be put off applying for a role because you don't tick every box. Forget that! While we can't accommodate every flexible working request, we're always open to discussion. So, if you're excited about working with us, but aren't sure if you're 100% there yet, get in touch anyway. We're on a mission to radically reshape banking - and that starts with our brilliant team. Whatever came before, we're proud to bring together people of all backgrounds and experiences who love working together to solve problems. Starling Bank is an equal opportunity employer, and we're proud of our ongoing efforts to foster diversity & inclusion in the workplace. Individuals seeking employment at Starling Bank are considered without regard to race, religion, national origin, age, sex, gender, gender identity, gender expression, sexual orientation, marital status, medical condition, ancestry, physical or mental disability, military or veteran status, or any other characteristic protected by applicable law. By submitting your application, you agree that Starling Bank may collect your personal data for recruiting and related purposes. Our Privacy Notice explains what personal information we may process, where we may process your personal information, its purposes for processing your personal information, and the rights you can exercise over our use of your personal information.
Jan 05, 2026
Full time
Hello, we're Starling. Banking was broken - so we decided to fix it. The vision? Fast technology, fair service and honest values. All at the tap of a phone, all the time. We built Britain's first digital bank. One hard-won banking licence later, we set about giving people a new way to spend, save and manage their money (and take better care of the planet, too). We're changing banking for good. Back then, we were obsessed with unravelling the knotty world of finance and solving people's problems rather than selling them stuff. We still are. Since then, we've grown. A lot. Over four million accounts (and four account types!). A team of thousands. Headquartered in London with offices in Cardiff, Dublin, Manchester and Southampton. Five years voted Which? Recommended Provider and Britain's Best Banking Brand. Still zero branches. Our culture is open, inclusive and focused on solving real customer problems, with an emphasis on doing the right thing, even when it's not always the easy thing. From our approach to working together and sustainability to how we build our products, our decisions need to make the world - and Starling - a better place to be. Everyone at Starling is essential to our mission, which is really quite simple: to solve our customer's problems - and build the best bank in the world! And now we're providing Starling to other banks, via a Software-as-a-Service (SaaS) proposition through our subsidiary Engine, using the proprietary technology platform that it uses to power our own bank. The Role: We are looking for a Risk and Controls Manager to join our People team on a fixed term contract for 12 months. This strategic role will support the Group Chief People Officer (GCPO) and wider People and Facilities Management teams by overseeing the governance and management of non-financial risks, including Health & Safety, for the Starling Group (Starling Group Holdings and its subsidiaries). You will partner with Risk and Control Owners to serve as a trusted advisor and create a culture of effective and consistent controls assurance, risk management, oversight, and reporting. You will play a pivotal role in ensuring Starling operates within its risk appetite while driving risk awareness in the first line. The Risk and Controls Manager will bring robust Risk Management experience within the banking sector (first or second line), ideally with experience managing 1LoD risk for a multinational organisation. You must have a proven record of risk governance and control oversight. Experience gained in People function is an advantage, as is the ability to manage Health & Safety risk frameworks. We are looking for someone with passion and enthusiasm who can build strong relationships to drive risk awareness. Key Accountabilities & Responsibilities: Risk Strategy & Governance 1LoD Oversight: Responsible for the ongoing monitoring and strategic oversight of the first line of defence (1LoD) People and Facilities risk and control profile, using insight and information from various sources. Health & Safety Risk Management: Lead the identification, assessment, and mitigation of Health & Safety risks, ensuring compliance with relevant safety legislation and internal policies. Advisory & Culture: Act as a key contributor to the ongoing development of a risk-aware culture within the 1LoD. Work with Risk and Control owners by providing advice, challenge, and input on key decisions, enabling them to clearly articulate and manage their risk profile. Policy & Emerging Risk: Engage with 2LoD, 3LoD, and other key stakeholders on the development of policy, socialising it within the 1LoD, and overseeing embedding and adherence. Collaborate with the People and Facilities Management Leadership Team to scan for emerging risks. Operational Risk Management RCSA: Support the Risk Controls Self Assessment (RCSA) process. Testing & Assurance: Oversee the creation and execution of 1LoD Control testing plans and challenge the risk and control environment to drive improvements. Committee Management: Support the operation of risk governance fora (People Risk Management Forum/ Health and Safety Forum) and support the 1LoD risk reporting, providing senior management with oversight of key themes, risks, and issues. Event Management: Oversee Operational Event management and reviews, ensuring robust root cause analysis, containment, lessons learned, and read across are completed. System Maintenance: Oversee the maintenance of Risk information in the GRC system (CAMMS). Experience & Knowledge Multinational Experience: Ideally, you must have experience managing 1LoD risk for a multinational organisation, understanding the complexities of risk across different jurisdictions. Health & Safety: Proven ability to support and manage Health & Safety Risk Management frameworks. Risk Frameworks: A deep understanding of risk management frameworks, controls testing methodologies, and experience executing or overseeing controls testing to a high standard. Regulatory Knowledge: Understanding of Conduct Risk, employment related legislation, and the Consumer Duty would be an advantage. Behaviours & Competencies Stakeholder Management: A natural ability to build strong stakeholder relationships. Analytical Mindset: An inquisitive and analytical mind to understand risks, controls, and processes, identifying control gaps and suggesting improvements. Proactive: A proactive approach to managing workloads with a 'can do' attitude, using initiative to take ownership and see complex issues through to resolution. Challenger: Ability to challenge the status quo, helping us shape operations to be best in class across financial services. Skills Proficient in Google Suite products (Docs and Sheets). Exposure to working within First or Second line risk. 25 days holiday (plus take your public holiday allowance whenever works best for you) An extra day's holiday for your birthday Annual leave is increased with length of service, and you can choose to buy or sell up to five extra days off 16 hours paid volunteering time a year Salary sacrifice, company enhanced pension scheme Life insurance at 4x your salary Private Medical Insurance with VitalityHealth including mental health support and cancer care. Partner benefits include discounts with Waitrose, Mr&Mrs Smith and Peloton Generous family-friendly policies Perkbox membership giving access to retail discounts, a wellness platform for physical and mental health, and weekly free and boosted perks Access to initiatives like Cycle to Work and Salary Sacrificed Gym partnerships About Us You may be put off applying for a role because you don't tick every box. Forget that! While we can't accommodate every flexible working request, we're always open to discussion. So, if you're excited about working with us, but aren't sure if you're 100% there yet, get in touch anyway. We're on a mission to radically reshape banking - and that starts with our brilliant team. Whatever came before, we're proud to bring together people of all backgrounds and experiences who love working together to solve problems. Starling Bank is an equal opportunity employer, and we're proud of our ongoing efforts to foster diversity & inclusion in the workplace. Individuals seeking employment at Starling Bank are considered without regard to race, religion, national origin, age, sex, gender, gender identity, gender expression, sexual orientation, marital status, medical condition, ancestry, physical or mental disability, military or veteran status, or any other characteristic protected by applicable law. By submitting your application, you agree that Starling Bank may collect your personal data for recruiting and related purposes. Our Privacy Notice explains what personal information we may process, where we may process your personal information, its purposes for processing your personal information, and the rights you can exercise over our use of your personal information.
Job description Contract type: Permanent Location: London with a minimum of 2 days per week in the office Salary: c£62,000 per annum plus civil service pension scheme employer contribution of 28.9% Nationality Requirements: UK nationals Nationals of Commonwealth countries who have the right to work in the UK Nationals from the EU, EEA or Switzerland with (or eligible for) status under the European Union Settlement Scheme (EUSS) Please note, we are not able to sponsor work visas. Please contact us should you have any questions on your nationality eligibility. The closing date for applications is 11.59pm 7 Jan 2026. First stage interviews over MS Teams will take place between 19-21 January 2026. Second stage interviews will take place at our offices in Victoria on Wednesday 28 and Friday 30 January. About the National Audit Office The National Audit Office (NAO) is the UK's main public sector audit body. Independent of government, we have responsibility for auditing the accounts of various public sector bodies, examining the propriety of government spending, assessing risks to financial control and accountability, and reviewing the economy, efficiency and effectiveness of programmes, projects and activities. We report directly to Parliament, through the Committee of Public Accounts of the House of Commons which uses our reports as the basis of its own investigations. We employ around 1,000 staff, most of whom are qualified accountants, trainees or technicians. They work in either of our two service lines, financial audit or value for money (VFM) audit or within the corporate enabling group. The NAO welcomes applications from everyone. We value diversity in all its forms and the difference it makes to our organisation. By removing barriers and creating an inclusive culture all our people have the opportunity to develop and maximise their full potential. As members of the Business Disability Forum and the Disability Confident Scheme we guarantee to interview all disabled applicants who meet the minimum criteria. The NAO supports flexible working and is happy to discuss this with you at application stage. How Digital Services enable the NAO Digital Services (DS) enables the NAO by delivering a resilient, scalable, and strategically aligned IT service architecture that empowers teams to operate efficiently and innovate confidently. Through clearly defined roles, structured governance, and a separation of reactive and proactive workstreams, DS ensures that operational delivery supports the NAO's broader strategic outcomes. The team's purpose is rooted in enabling high-quality, secure, and user-focused digital services-spanning Infrastructure, Cloud, Networks, End User Computing (EUC), and service management-while fostering continuous improvement and partner assurance. By embedding ITIL and Digital, Data and Technology (DDaT) aligned capabilities across its structure, DS enhances transparency, accountability, and agility, allowing the NAO to lead by example in digital maturity and operational excellence. Who are the Service Management Team? This role sits within a 3-person team under the Head of Digital Operations that work together with the Infrastructure Operations Team and both work with all other teams across DS as well as multi supplier partners. DS is strengthening governance around Service Management including partner assurance, change management, service transition, continuity, problem, availability and capacity management. Ensuring new and existing services are onboarded safely, are compliant, and meet operational readiness before go-live and are actively managed and assured. This role will focus on assuring that partners and suppliers are delivering in line with contracted agreements, with a primary focus on End-User Computing (EUC) and supporting other leads within Infrastructure Operations to assure their partners are doing the same. Responsibilities What are the main responsibilities of this role? Manage partners/suppliers to assure service continuity and supplier performance in terms of technical quality and performance metrics. Responsible for EUC service delivery, ensuring availability, performance, and compliance. Produce Statements of work for Suppliers to deliver to and manage delivery, assure success and technical quality of the work delivered. Lead endpoint strategy, lifecycle planning, and BIOS/driver governance. Manage Intune migration and endpoint refresh programmes. Oversee AV device management (Surface Hubs, Cisco, Neat Boards). Collaborate with InfoSec on endpoint security to ensure EUC estate is compliant. Drive automation, standardisation, and proactive monitoring. Act as escalation point for EUC-related incidents and problems. Maintain structured documentation, SOPs, and CMDB accuracy. How does this align to the Government Digital Service DDaT Roles? This position aligns with the Digital, Data and Technology (DDaT) profession role of "IT Service Manager" within the Government Digital Service framework. While this serves as a reference point for capability and expectations, the responsibilities of this role extend beyond the standard DDaT definition. For further details, please refer to the official DDaT role description: IT Service Manager - DDaT Capability Framework. Relationships: Reporting to: Head of Service Management Relationships: Part of a 3-person team alongside the Service Management Lead working under the Head of Service Management, which in turn works alongside the Infrastructure Operations team under the Head of Digital Operations. Internal: Working with all teams across Digital Services and Information Security (InfoSec). External: Multiple third-party support vendors. Resources Managed: None Security Clearance: NAO DS Operators at this level must be SC cleared as part of the onboarding process. Responsibilities: Organisational Admin & Management Maintain structured documentation and SOPs for EUC services. Support internal communications and cross-team knowledge sharing. Contribute to CMDB accuracy and asset lifecycle governance. Participate in team engagement and improvement workshops. Lead and assurance of onboarding new devices and services. Represent EUC operations in governance forums. Service Delivery Ensure availability, performance, and SLA compliance across EUC platforms including supplier performance management. Responsible for MDM tooling and endpoint refresh programmes. Administer Windows Operating System, Office 365, and third-party applications. Lead Video Conferencing/Audio-visual device management (Surface Hubs, Cisco, Neat, etc.) including peripherals and managing supplier who supports and develops. Maintain accurate configuration and asset data in ITSM Tools. Lead on service validation and testing for new deployments. Manage vendors and suppliers to ensure service continuity and upgrades. Monitor endpoint performance and identify improvement opportunities. Manage patching, backup, and DR readiness for endpoint platforms. Lead onboarding of EUC services into operational support. Strategic Lead endpoint strategy, BIOS/driver/firmware governance, and app lifecycle planning. Produce technology roadmaps to ensure architecture decisions for all EUC and AV services are fit for purpose. Write Statements of work, engaging in supplier workshops to determine solutions where necessary. Contribute to service catalogue evolution and governance frameworks. Recommend tooling improvements and automation opportunities. Provide input into training needs and capability uplift. Liaise with senior stakeholders on EUC priorities. Develop metrics and dashboards for EUC performance and risk. Advocate for cost-effective and scalable endpoint solutions. Support Act as escalation point for EUC-related incidents and problems. Conduct root cause analysis and manage known error records. Provide mentoring and guidance on structured troubleshooting. Support resolution of ad hoc technical issues with a strategic approach. Deliver remote support to Newcastle office and mobile users. Collaborate with Problem Management Lead to remediate recurring issues. Collaborate with Service Delivery Manager on queue management to ensure incidents are resolved within SLA/KPIs Security & Risk Implement endpoint security controls and compliance policies. Collaborate with InfoSec on vulnerability remediation and access governance. Support change governance and compliance processes; provide evidence for GRC audits and align to industry certifications where applicable (including, but not limited to ISO 27001 & CE+). Track and report on endpoint-related risk metrics and posture improvements. Development Contribute to automation scripts and tooling enhancements. Participate in pilots for new endpoint technologies and service improvements. Emergency Capacity Provide capacity for major and urgent incidents. Working Environment & Requirements • You'll work on an agreed support rota to ensure coverage from 08:00 - 18:00, with core hours of 09:00 - 17:00, Monday to Friday, on-site in Victoria, London . click apply for full job details
Jan 01, 2026
Full time
Job description Contract type: Permanent Location: London with a minimum of 2 days per week in the office Salary: c£62,000 per annum plus civil service pension scheme employer contribution of 28.9% Nationality Requirements: UK nationals Nationals of Commonwealth countries who have the right to work in the UK Nationals from the EU, EEA or Switzerland with (or eligible for) status under the European Union Settlement Scheme (EUSS) Please note, we are not able to sponsor work visas. Please contact us should you have any questions on your nationality eligibility. The closing date for applications is 11.59pm 7 Jan 2026. First stage interviews over MS Teams will take place between 19-21 January 2026. Second stage interviews will take place at our offices in Victoria on Wednesday 28 and Friday 30 January. About the National Audit Office The National Audit Office (NAO) is the UK's main public sector audit body. Independent of government, we have responsibility for auditing the accounts of various public sector bodies, examining the propriety of government spending, assessing risks to financial control and accountability, and reviewing the economy, efficiency and effectiveness of programmes, projects and activities. We report directly to Parliament, through the Committee of Public Accounts of the House of Commons which uses our reports as the basis of its own investigations. We employ around 1,000 staff, most of whom are qualified accountants, trainees or technicians. They work in either of our two service lines, financial audit or value for money (VFM) audit or within the corporate enabling group. The NAO welcomes applications from everyone. We value diversity in all its forms and the difference it makes to our organisation. By removing barriers and creating an inclusive culture all our people have the opportunity to develop and maximise their full potential. As members of the Business Disability Forum and the Disability Confident Scheme we guarantee to interview all disabled applicants who meet the minimum criteria. The NAO supports flexible working and is happy to discuss this with you at application stage. How Digital Services enable the NAO Digital Services (DS) enables the NAO by delivering a resilient, scalable, and strategically aligned IT service architecture that empowers teams to operate efficiently and innovate confidently. Through clearly defined roles, structured governance, and a separation of reactive and proactive workstreams, DS ensures that operational delivery supports the NAO's broader strategic outcomes. The team's purpose is rooted in enabling high-quality, secure, and user-focused digital services-spanning Infrastructure, Cloud, Networks, End User Computing (EUC), and service management-while fostering continuous improvement and partner assurance. By embedding ITIL and Digital, Data and Technology (DDaT) aligned capabilities across its structure, DS enhances transparency, accountability, and agility, allowing the NAO to lead by example in digital maturity and operational excellence. Who are the Service Management Team? This role sits within a 3-person team under the Head of Digital Operations that work together with the Infrastructure Operations Team and both work with all other teams across DS as well as multi supplier partners. DS is strengthening governance around Service Management including partner assurance, change management, service transition, continuity, problem, availability and capacity management. Ensuring new and existing services are onboarded safely, are compliant, and meet operational readiness before go-live and are actively managed and assured. This role will focus on assuring that partners and suppliers are delivering in line with contracted agreements, with a primary focus on End-User Computing (EUC) and supporting other leads within Infrastructure Operations to assure their partners are doing the same. Responsibilities What are the main responsibilities of this role? Manage partners/suppliers to assure service continuity and supplier performance in terms of technical quality and performance metrics. Responsible for EUC service delivery, ensuring availability, performance, and compliance. Produce Statements of work for Suppliers to deliver to and manage delivery, assure success and technical quality of the work delivered. Lead endpoint strategy, lifecycle planning, and BIOS/driver governance. Manage Intune migration and endpoint refresh programmes. Oversee AV device management (Surface Hubs, Cisco, Neat Boards). Collaborate with InfoSec on endpoint security to ensure EUC estate is compliant. Drive automation, standardisation, and proactive monitoring. Act as escalation point for EUC-related incidents and problems. Maintain structured documentation, SOPs, and CMDB accuracy. How does this align to the Government Digital Service DDaT Roles? This position aligns with the Digital, Data and Technology (DDaT) profession role of "IT Service Manager" within the Government Digital Service framework. While this serves as a reference point for capability and expectations, the responsibilities of this role extend beyond the standard DDaT definition. For further details, please refer to the official DDaT role description: IT Service Manager - DDaT Capability Framework. Relationships: Reporting to: Head of Service Management Relationships: Part of a 3-person team alongside the Service Management Lead working under the Head of Service Management, which in turn works alongside the Infrastructure Operations team under the Head of Digital Operations. Internal: Working with all teams across Digital Services and Information Security (InfoSec). External: Multiple third-party support vendors. Resources Managed: None Security Clearance: NAO DS Operators at this level must be SC cleared as part of the onboarding process. Responsibilities: Organisational Admin & Management Maintain structured documentation and SOPs for EUC services. Support internal communications and cross-team knowledge sharing. Contribute to CMDB accuracy and asset lifecycle governance. Participate in team engagement and improvement workshops. Lead and assurance of onboarding new devices and services. Represent EUC operations in governance forums. Service Delivery Ensure availability, performance, and SLA compliance across EUC platforms including supplier performance management. Responsible for MDM tooling and endpoint refresh programmes. Administer Windows Operating System, Office 365, and third-party applications. Lead Video Conferencing/Audio-visual device management (Surface Hubs, Cisco, Neat, etc.) including peripherals and managing supplier who supports and develops. Maintain accurate configuration and asset data in ITSM Tools. Lead on service validation and testing for new deployments. Manage vendors and suppliers to ensure service continuity and upgrades. Monitor endpoint performance and identify improvement opportunities. Manage patching, backup, and DR readiness for endpoint platforms. Lead onboarding of EUC services into operational support. Strategic Lead endpoint strategy, BIOS/driver/firmware governance, and app lifecycle planning. Produce technology roadmaps to ensure architecture decisions for all EUC and AV services are fit for purpose. Write Statements of work, engaging in supplier workshops to determine solutions where necessary. Contribute to service catalogue evolution and governance frameworks. Recommend tooling improvements and automation opportunities. Provide input into training needs and capability uplift. Liaise with senior stakeholders on EUC priorities. Develop metrics and dashboards for EUC performance and risk. Advocate for cost-effective and scalable endpoint solutions. Support Act as escalation point for EUC-related incidents and problems. Conduct root cause analysis and manage known error records. Provide mentoring and guidance on structured troubleshooting. Support resolution of ad hoc technical issues with a strategic approach. Deliver remote support to Newcastle office and mobile users. Collaborate with Problem Management Lead to remediate recurring issues. Collaborate with Service Delivery Manager on queue management to ensure incidents are resolved within SLA/KPIs Security & Risk Implement endpoint security controls and compliance policies. Collaborate with InfoSec on vulnerability remediation and access governance. Support change governance and compliance processes; provide evidence for GRC audits and align to industry certifications where applicable (including, but not limited to ISO 27001 & CE+). Track and report on endpoint-related risk metrics and posture improvements. Development Contribute to automation scripts and tooling enhancements. Participate in pilots for new endpoint technologies and service improvements. Emergency Capacity Provide capacity for major and urgent incidents. Working Environment & Requirements • You'll work on an agreed support rota to ensure coverage from 08:00 - 18:00, with core hours of 09:00 - 17:00, Monday to Friday, on-site in Victoria, London . click apply for full job details
Discover your opportunity with Mitsubishi UFJ Financial Group (MUFG), one of the world's leading financial groups. Across the globe, we're 150,000 colleagues, striving to make a difference for every client, organization, and community we serve. We stand for our values, building long-term relationships, serving society, and fostering shared and sustainable growth for a better world.With a vision to be the world's most trusted financial group, it's part of our culture to put people first, listen to new and diverse ideas and collaborate toward greater innovation, speed and agility. This means investing in talent, technologies, and tools that empower you to own your career.Join MUFG, where being inspired is expected and making a meaningful impact is rewarded.MUFG (Mitsubishi UFJ Financial Group) is one of the world's leading financial groups. Headquartered in Tokyo and with approximately 350 years of history, MUFG is a global network with around 2,300 offices in over 50 countries including the Americas, Europe, the Middle East and Africa, Asia and Oceania, and East Asia. The group has over 150,000 employees, offering services including commercial banking, trust banking, securities, credit cards, consumer finance, asset management, and leasing.As one of the top financial groups globally with a vision to be the world's most trusted, we want to attract, nurture and retain the most talented individuals in the market. The size and range of MUFG's global business creates opportunities for our employees to stretch themselves and reap the rewards, whilst our common values, to behave with integrity and responsibility, and to build a culture which is fair, transparent, and honest, underpin everything that we do. We aim to be the financial partner of choice for our clients, whatever their requirements, building long-term relationships, serving society, and fostering shared and sustainable growth for a better world.Please visit our website for more information - Risk, Security & Control department covers cyber security strategy maintenance and tactical planning and operations to provide IT Security protection, governance, risk management and reporting. This includes promoting the global Information Security Standards and Procedures (ISSP) requirements and local security requirements.The department deploys, supports and monitors security solutions such as virus protection, vulnerability management, complianfce monitoring and threat/incident management activities to reduce risk. MAIN PURPOSE OF THE ROLE To lead a team of Governance Risk and Control SMEs responsible for carrying out IT Security Assessments (Secure-by-Design) on technology projects. To ensure that all projects comply with IT security policies and requirements. KEY RESPONSIBILITIES In this role, you will be responsible for managing the secure-by-design team activities across MUFG's banking arm and securities business under a dual-hat arrangement. Under this arrangement, you will act and make decisions on behalf of both the bank and the securities business, subject to the same remit and level of authority, and irrespective of the entity which employs you. The responsibilities include, but not limited to: Delivering on the secure-by-design process to help ensure that all relevant TEC projects undergo security review prior to implementation. Managing the team of GRC SMEs delivering on the Secure-by-Design activities: Outlining relevant KPIs and measuring the team against the KPIs Interviewing business and technology stakeholders responsible for controls (technical and non-technical) Reviewing the team's reports and conclusions and ensuring suitability of the relevant evidence required to demonstrate the operating effectiveness Developing a testing strategy for testing operating effectiveness of controls Arriving at informed conclusions regarding gaps in control operating effectiveness Documentation of risks, gaps, findings and recommended actions Managing your and the team's time to ensure testing is completed in a timely manner WORK EXPERIENCE Essential Experience in managing multiple tasks with broad scope, ambiguity, and high degree of difficulty Experience in providing assurance for cybersecurity technologies, policies, standards and procedures Demonstrable proficiency in a wide range of information IT security domains such as Security Governance, Identity and Access Management, Access Controls, Threat Intelligence, Asset Management, Risk Management, Security Assessment/Testing, Security Incident Management and Vulnerability and Patch Management Understand global IT risk management structure Demonstrable experience of senior stakeholder management and relevant management reporting. Ability to coach team members through knowledge transfer and constructive feedback SKILLS AND EXPERIENCE Functional / Technical Competencies Essential: Good understanding of cybersecurity/IT control frameworks including but not limited to frameworks from SOX, FFIEC, ISO27001, NIST, Cloud Security Alliance, and PCI-DSS Good managerial skills Experience of working as an IT auditor, security auditor or governance, risk and compliance analyst Proven understanding of current best practice approach to security assurance and the application of security frameworks Planning and prioritizing multiple project work streams in response to rapidly developing and changing portfolios. Broad knowledge of computer, networking and IT security systems including operating systems, databases, firewalls, SIEM, DLP etc. Good presentation, documentation and reporting skillsPreferred: Experience in project management Experience in providing assurance for cybersecurity technologies, policies, standards and procedures Ability to maintain a working knowledge of cybersecurity principles and elements Understand global IT risk management structure Demonstrable experience of senior stakeholder management and relevant management reporting. Education / Qualifications: Essential Degree educated and / or equivalent experience.Preferred: Relevant certifications (e.g. CISA, CRISC, CISM, CISSP .) PERSONAL REQUIREMENTS Personal alignment to MUFG Values + Integrity & Responsibility + Professionalism & Teamwork + Challenge ourselves to grow Personal alignment to EMEA Cultural Principles + Client Centric + People Focused + Listen Up, Speak Up + Innovate & Simplify + Own & ExecuteIn addition: Excellent communication skills Results driven, with a strong sense of accountability A proactive, motivated approach. The ability to operate with urgency and prioritize work accordingly Strong decision making skills, the ability to demonstrate sound judgement A structured and logical approach to work Strong problem solving skills A creative and innovative approach to work Excellent interpersonal skills The ability to manage large workloads and tight deadlines Excellent attention to detail and accuracy A calm approach, with the ability to perform well in a pressurized environment Strong numerical skills Excellent Microsoft Office skills A confident approach, with the ability to provide clear direction to your team Excellent managerial/leadership experience The ability to lead a high performing team A strategic approach, with the ability to lead and motivate your teamWe are open to considering flexible working requests in line with organisational requirements.MUFG is committed to embracing diversity and building an inclusive culture where all employees are valued, respected and their opinions count. We support the principles of equality, diversity and inclusion in recruitment and employment, and oppose all forms of discrimination on the grounds of age, sex, gender, sexual orientation, disability, pregnancy
Jan 01, 2026
Full time
Discover your opportunity with Mitsubishi UFJ Financial Group (MUFG), one of the world's leading financial groups. Across the globe, we're 150,000 colleagues, striving to make a difference for every client, organization, and community we serve. We stand for our values, building long-term relationships, serving society, and fostering shared and sustainable growth for a better world.With a vision to be the world's most trusted financial group, it's part of our culture to put people first, listen to new and diverse ideas and collaborate toward greater innovation, speed and agility. This means investing in talent, technologies, and tools that empower you to own your career.Join MUFG, where being inspired is expected and making a meaningful impact is rewarded.MUFG (Mitsubishi UFJ Financial Group) is one of the world's leading financial groups. Headquartered in Tokyo and with approximately 350 years of history, MUFG is a global network with around 2,300 offices in over 50 countries including the Americas, Europe, the Middle East and Africa, Asia and Oceania, and East Asia. The group has over 150,000 employees, offering services including commercial banking, trust banking, securities, credit cards, consumer finance, asset management, and leasing.As one of the top financial groups globally with a vision to be the world's most trusted, we want to attract, nurture and retain the most talented individuals in the market. The size and range of MUFG's global business creates opportunities for our employees to stretch themselves and reap the rewards, whilst our common values, to behave with integrity and responsibility, and to build a culture which is fair, transparent, and honest, underpin everything that we do. We aim to be the financial partner of choice for our clients, whatever their requirements, building long-term relationships, serving society, and fostering shared and sustainable growth for a better world.Please visit our website for more information - Risk, Security & Control department covers cyber security strategy maintenance and tactical planning and operations to provide IT Security protection, governance, risk management and reporting. This includes promoting the global Information Security Standards and Procedures (ISSP) requirements and local security requirements.The department deploys, supports and monitors security solutions such as virus protection, vulnerability management, complianfce monitoring and threat/incident management activities to reduce risk. MAIN PURPOSE OF THE ROLE To lead a team of Governance Risk and Control SMEs responsible for carrying out IT Security Assessments (Secure-by-Design) on technology projects. To ensure that all projects comply with IT security policies and requirements. KEY RESPONSIBILITIES In this role, you will be responsible for managing the secure-by-design team activities across MUFG's banking arm and securities business under a dual-hat arrangement. Under this arrangement, you will act and make decisions on behalf of both the bank and the securities business, subject to the same remit and level of authority, and irrespective of the entity which employs you. The responsibilities include, but not limited to: Delivering on the secure-by-design process to help ensure that all relevant TEC projects undergo security review prior to implementation. Managing the team of GRC SMEs delivering on the Secure-by-Design activities: Outlining relevant KPIs and measuring the team against the KPIs Interviewing business and technology stakeholders responsible for controls (technical and non-technical) Reviewing the team's reports and conclusions and ensuring suitability of the relevant evidence required to demonstrate the operating effectiveness Developing a testing strategy for testing operating effectiveness of controls Arriving at informed conclusions regarding gaps in control operating effectiveness Documentation of risks, gaps, findings and recommended actions Managing your and the team's time to ensure testing is completed in a timely manner WORK EXPERIENCE Essential Experience in managing multiple tasks with broad scope, ambiguity, and high degree of difficulty Experience in providing assurance for cybersecurity technologies, policies, standards and procedures Demonstrable proficiency in a wide range of information IT security domains such as Security Governance, Identity and Access Management, Access Controls, Threat Intelligence, Asset Management, Risk Management, Security Assessment/Testing, Security Incident Management and Vulnerability and Patch Management Understand global IT risk management structure Demonstrable experience of senior stakeholder management and relevant management reporting. Ability to coach team members through knowledge transfer and constructive feedback SKILLS AND EXPERIENCE Functional / Technical Competencies Essential: Good understanding of cybersecurity/IT control frameworks including but not limited to frameworks from SOX, FFIEC, ISO27001, NIST, Cloud Security Alliance, and PCI-DSS Good managerial skills Experience of working as an IT auditor, security auditor or governance, risk and compliance analyst Proven understanding of current best practice approach to security assurance and the application of security frameworks Planning and prioritizing multiple project work streams in response to rapidly developing and changing portfolios. Broad knowledge of computer, networking and IT security systems including operating systems, databases, firewalls, SIEM, DLP etc. Good presentation, documentation and reporting skillsPreferred: Experience in project management Experience in providing assurance for cybersecurity technologies, policies, standards and procedures Ability to maintain a working knowledge of cybersecurity principles and elements Understand global IT risk management structure Demonstrable experience of senior stakeholder management and relevant management reporting. Education / Qualifications: Essential Degree educated and / or equivalent experience.Preferred: Relevant certifications (e.g. CISA, CRISC, CISM, CISSP .) PERSONAL REQUIREMENTS Personal alignment to MUFG Values + Integrity & Responsibility + Professionalism & Teamwork + Challenge ourselves to grow Personal alignment to EMEA Cultural Principles + Client Centric + People Focused + Listen Up, Speak Up + Innovate & Simplify + Own & ExecuteIn addition: Excellent communication skills Results driven, with a strong sense of accountability A proactive, motivated approach. The ability to operate with urgency and prioritize work accordingly Strong decision making skills, the ability to demonstrate sound judgement A structured and logical approach to work Strong problem solving skills A creative and innovative approach to work Excellent interpersonal skills The ability to manage large workloads and tight deadlines Excellent attention to detail and accuracy A calm approach, with the ability to perform well in a pressurized environment Strong numerical skills Excellent Microsoft Office skills A confident approach, with the ability to provide clear direction to your team Excellent managerial/leadership experience The ability to lead a high performing team A strategic approach, with the ability to lead and motivate your teamWe are open to considering flexible working requests in line with organisational requirements.MUFG is committed to embracing diversity and building an inclusive culture where all employees are valued, respected and their opinions count. We support the principles of equality, diversity and inclusion in recruitment and employment, and oppose all forms of discrimination on the grounds of age, sex, gender, sexual orientation, disability, pregnancy
Overview Adaptive is announcing the integration of clonoSEQ MRD Testing into OncoEMR . At Adaptive, we're Powering the Age of Immune Medicine. Our goal is to harness the power of the adaptive immune system to transform the way diseases are diagnosed and treated. As an Adapter, you'll have the opportunity to contribute to meaningful work and collaborate with colleagues at the apex of innovation and application. It's time for your next chapter. Discover your story with Adaptive. Position Overview The Staff Information Security Engineer is responsible for driving information security functions related to specific domain(s) of cyber security. This role is accountable for governing information security risk by developing and implementing processes to oversee and manage risk. As part of the Information Security team, this role will collaborate with leaders in Information Technology, Software Development, and other departments to implement and manage Adaptive's information security strategy and policies, and to offer independent advice and recommendations to mature information security and risk management posture. Key Responsibilities and Essential Functions Strategic Leadership & Governance Serve as subject matter expert on information security, guiding cross-functional partners and leading enterprise-wide risk committees and security reviews. Participate in the definition and evolution of Adaptive's cybersecurity strategy, architecture, and GRC roadmap aligned with business priorities. Develop and maintain security reference architecture across cloud, hybrid, and on-prem environments. Policy & Compliance Management Drive the development and implementation of security policies and ISMS practices, ensuring alignment with ISO 27001, SOC 2, TX-RAMP, HIPAA, and other regulatory frameworks. Lead internal and external audits and certification efforts. Security Architecture & Control Design Collaborate with IT, Privacy, and Engineering to design and implement layered security controls across identity, access, network, endpoint, application, and data environments. Continuously evaluate and integrate emerging technologies to strengthen Adaptive's security architecture. Conduct enterprise risk assessments, maintain the risk register, and monitor key indicators to identify and remediate non-compliance. Support customer audits, contract negotiations, and third-party risk management. Lead the assessment, management and response efforts for incidents, vulnerabilities, and other security events. Control Implementation & Optimization Ensure effective deployment and optimization of security tools (e.g., SIEM, EDR, DLP, IAM) to meet GRC requirements and business needs. Lead control testing, continuous monitoring, and third-party penetration testing engagements. Reporting & Stakeholder Communication Develop and maintain KPIs, metrics, dashboards and reporting to measure the effectiveness of information security program activities. Translate technical risks into business impact for non-technical stakeholders and support customer audits and inquiries. All other duties as assigned. Position Requirements Bachelors + 12 years of related experience, or Masters + 8 years of related experience Understanding of Risk Management principles and tools to address high-risk areas. Solid knowledge of ISO 27001, NIST and other information security standards, with some experience implementing these standards. Good communicator in dynamic environments with solid attention to detail and ability to summarize. Ability to multi-task and meet deadlines; proven ability to perform in a fast-moving environment. Understanding of information security risk assessment and technology risk management and compliance procedures and methodologies. Ability to establish and maintain relationships across all levels of the organization, vendors, and business partners. Thorough knowledge of information security and compliance including SOC 2, ISO 27001/2, and HIPAA. Life sciences/healthcare experience, particularly with FDA cybersecurity guidance, is ideal. Solid understanding of application security, cloud security, security operations, incident response and infrastructure security. Ability to translate technical data into business impact information for non-technical audiences. Proven analytical and problem-solving abilities. Preferred certifications: internal auditor; certified lead implementor; CISSP, CISM, CISA, or equivalent experience. Working Conditions Administrative work in a home/office environment. Regular weekday work hours, with occasional weekend/after-hours planned or unplanned work as needed. Compensation Salary Range: $143,200 - $214,800 Other compensation elements: equity grant Important Notices Adaptive Biotechnologies is an Affirmative Action and Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, or disability. Adaptive may provide accommodations to applicants with disabilities upon request.
Jan 01, 2026
Full time
Overview Adaptive is announcing the integration of clonoSEQ MRD Testing into OncoEMR . At Adaptive, we're Powering the Age of Immune Medicine. Our goal is to harness the power of the adaptive immune system to transform the way diseases are diagnosed and treated. As an Adapter, you'll have the opportunity to contribute to meaningful work and collaborate with colleagues at the apex of innovation and application. It's time for your next chapter. Discover your story with Adaptive. Position Overview The Staff Information Security Engineer is responsible for driving information security functions related to specific domain(s) of cyber security. This role is accountable for governing information security risk by developing and implementing processes to oversee and manage risk. As part of the Information Security team, this role will collaborate with leaders in Information Technology, Software Development, and other departments to implement and manage Adaptive's information security strategy and policies, and to offer independent advice and recommendations to mature information security and risk management posture. Key Responsibilities and Essential Functions Strategic Leadership & Governance Serve as subject matter expert on information security, guiding cross-functional partners and leading enterprise-wide risk committees and security reviews. Participate in the definition and evolution of Adaptive's cybersecurity strategy, architecture, and GRC roadmap aligned with business priorities. Develop and maintain security reference architecture across cloud, hybrid, and on-prem environments. Policy & Compliance Management Drive the development and implementation of security policies and ISMS practices, ensuring alignment with ISO 27001, SOC 2, TX-RAMP, HIPAA, and other regulatory frameworks. Lead internal and external audits and certification efforts. Security Architecture & Control Design Collaborate with IT, Privacy, and Engineering to design and implement layered security controls across identity, access, network, endpoint, application, and data environments. Continuously evaluate and integrate emerging technologies to strengthen Adaptive's security architecture. Conduct enterprise risk assessments, maintain the risk register, and monitor key indicators to identify and remediate non-compliance. Support customer audits, contract negotiations, and third-party risk management. Lead the assessment, management and response efforts for incidents, vulnerabilities, and other security events. Control Implementation & Optimization Ensure effective deployment and optimization of security tools (e.g., SIEM, EDR, DLP, IAM) to meet GRC requirements and business needs. Lead control testing, continuous monitoring, and third-party penetration testing engagements. Reporting & Stakeholder Communication Develop and maintain KPIs, metrics, dashboards and reporting to measure the effectiveness of information security program activities. Translate technical risks into business impact for non-technical stakeholders and support customer audits and inquiries. All other duties as assigned. Position Requirements Bachelors + 12 years of related experience, or Masters + 8 years of related experience Understanding of Risk Management principles and tools to address high-risk areas. Solid knowledge of ISO 27001, NIST and other information security standards, with some experience implementing these standards. Good communicator in dynamic environments with solid attention to detail and ability to summarize. Ability to multi-task and meet deadlines; proven ability to perform in a fast-moving environment. Understanding of information security risk assessment and technology risk management and compliance procedures and methodologies. Ability to establish and maintain relationships across all levels of the organization, vendors, and business partners. Thorough knowledge of information security and compliance including SOC 2, ISO 27001/2, and HIPAA. Life sciences/healthcare experience, particularly with FDA cybersecurity guidance, is ideal. Solid understanding of application security, cloud security, security operations, incident response and infrastructure security. Ability to translate technical data into business impact information for non-technical audiences. Proven analytical and problem-solving abilities. Preferred certifications: internal auditor; certified lead implementor; CISSP, CISM, CISA, or equivalent experience. Working Conditions Administrative work in a home/office environment. Regular weekday work hours, with occasional weekend/after-hours planned or unplanned work as needed. Compensation Salary Range: $143,200 - $214,800 Other compensation elements: equity grant Important Notices Adaptive Biotechnologies is an Affirmative Action and Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, or disability. Adaptive may provide accommodations to applicants with disabilities upon request.
Cyber security is critical to every organisation. We are shaping strategies and transforming the management of cyber risk and we need you to join us. You'll build strong relationships as one of the areas of our cyber practice with over 450 extremely talented individuals in the UK alone, as part of a Technology and Transformation practice of 7500 people. Cyber security is a business problem, not just a technical problem, and we need people with a diverse array of backgrounds and skills sets to help our clients solve it. Join us and you will help our clients solve the latest cyber security challenges, in a business with very significant growth ambitions enjoying the kind of professional development that will set your potential free. Providing guidance to and support to executives to develop complete and actionable cybersecurity strategics for the organizations, taking a risk-based approach to support new, digitally enabled business models. Supporting organisations in developing actionable transformation programmes for the organisations, and navigating cyber transformation to support new, digitally enabled business models. Designing effective governance roles and operational frameworks to assess and define prioritised, risk-based roadmaps to increase cyber maturity, prepare for and support regulatory compliance, and allow cyber to play a key role in business enablement and expansion Connect to your career at Deloitte Deloitte drives progress. Using our vast range of expertise, we help our clients' become leaders wherever they choose to compete. To do this, we invest in outstanding people. We build teams of future thinkers, with diverse talents and backgrounds, and empower them all to reach for and achieve more. What brings us all together at Deloitte?It'show we approach the thousands of decisions we make everyday. How we behave, our beliefs and our attitudes. In other words: our values. Whatever we do, whereverwe arein the world, welead the way,serve with integrity, take care of each other ,fosterinclusion, andcollaborate for measurable impact. These five shared values lead every decision wemake and action we take, guiding us to deliver impact how and where it mattersmost . Connect to your opportunity We are a team with a passion and curiosity, for cyber security and technology, comfortable with operating in fast-paced environments defining and leading the development of cyber strategy, cyber programmes and managing cyber risk. We are looking for likeminded individuals who thrive on the challenge of solving the toughest cyber security challenges faced by organisations today. Typically this will be people with a blend of technical and soft skills that allows them to both analyse the challenges in cyber security but also to communicate to a range of stakeholders from end users and technical specialists through to senior IT professionals and members of the board. Connect to your skills and professional experience Successfully applicants typically have a degree or equivalent experience, with real world experience working in cyber security. They are agile thinkers capable of helping stakeholders manage a range of security challenges. They bring an ability to apply a robust understanding of security principles and technologies to support clients with varying risk appetite in the pragmatic management of cyber risk. Cyber Security Skills: Strong skills in areas such as cyber strategy, cyber risk, cyber maturity, security architecture, cyber transformation and regulatory compliance for cyber. Experience of various recognised cyber security relevant standards and regulations, such as NIST CSF, CRI2.0, ISO27001, NCSC CAF, GDPR and NIS2. Experience working in a variety of environments or organisational contexts to develop cyber strategy and manage cyber risk. Desire to work with large organisations trying to solve the latest cyber security problems. Relevant certifications, such as M.Inst.ISP, CISSP, CISM, CISA or an MSc in cyber security or a related discipline. Practical experience across various areas of cyber security, such as cyber architecture, cyber GRC, cyber threat management, vulnerability management, cyber security reviews. Detail oriented and strong problem-solving skills. Excellent oral and written communication skills including concisely communicating status and creating customer reports and presentations. Consulting Skills: Project management - Experience with waterfall and agile type methodologies, often working within client specified frameworks. Delivery team management: Working with and managing teams across a mix of locations, cultures, and experience levels, both remotely and face to face. Ability to think laterally to solve problems. Client stakeholder management - Strong communication and relationship skills to manage a variety of client stakeholders from developers, to CISO, to business stakeholder. In addition to the above the following are beneficial: Consulting experience Understanding of modern security concepts and principles, including cyber risk, strategy, maturity assessment Ability to hold Security Clearance Connect to your business -Technology and Transformation Distinctive thinking, deep expertise, innovation and collaborative working. That's what connects us. That's what makes us Deloitte. If you want to help solve some of the biggest tech and transformational challenges around, join us. Together, we'll make an impact that matters. Cyber The modern world is more complex than ever before, and we are navigating an ever-changing landscape. We help clients to operate with resilience and grow with confidence to secure success and minimise risk. Personal independence Regulation and controls are standard practice in our industry and Deloitte is no exception. These controls provide important legal protection for both you and the firm. We are subject to a number of audit regulations, one of which requires that certain colleagues abide by specific personal independence constraints (e.g., in relation to any financial interests and employment relationships). This can mean that you and your "Immediate Family Members" are not permitted to hold certain financial interests (shares, funds, bonds etc.) with audit clients of the firm, and also prohibitions on certain employment relationships (e.g., you are not permitted to hold a secondary employment role with SEC audit clients of the firm whilst being employed by the firm). The recruitment team will provide further detail as you progress through the recruitment process or you can contact the Independence team upon request. Connect with your colleagues "At Deloitte you're surrounded by subject matter experts; industry experts, technology experts, and you can access that knowledge whenever you need to." -Christian, Technology and Transformation "We have a great culture, and the number of opportunities here mean you can develop as an individual in the direction that suits you best." -Gurpal, Technology and Transformation Our hybrid working policy You'll be based in London with hybrid working. At Deloitte we understand the importance of balancing your career alongside your home life. That's why we'll support you to work flexibly through our hybrid working policy. Depending on the requirements of your role, you'll have the opportunity to work in your local office, virtual collaboration spaces, client sites and remotely. You'll get the chance to meet face to face when needed, while you collaborate and learn from colleagues, share your experiences, and build the relationships that will fuel your career and prioritiseyour wellbeing. Please check with your recruiter for the specific working requirements that may apply for your role. Our commitment to you Making an impact is more than just what we do: it's why we're here. So we work hard to create an environment where you can experience a purpose you believe in, the freedom to be you, and the capacity to go further than ever before. We want you. The true you. Your own strengths, perspective and personality. So we're nurturing a culture where everyone belongs, feels supported and heard, and is empowered to make a valuable, personal contribution. You can be sure we'll take your wellbeing seriously, too. Because it's only when you're comfortable and at your best that you can make the kind of impact you, and we, live for. Your expertise is our capability, so we'll make sure it never stops growing. Whether it's from the complex work you do, or the people you collaborate with, you'll learn every day. Through world-class development, you'll gain invaluable technical and personal skills. Whatever your level, you'll learn how to lead. Connect to your next step A career at Deloitte is an opportunity to develop in any direction you choose. Join us and you'll experience a purpose you can believe in and an impact you can see. You'll be free to bring your true self to work every day. And you'll never stop growing, whatever your level . Discover more reasons to connect with us, our people and purpose-driven culture at deloitte.co.uk/careers
Jan 01, 2026
Full time
Cyber security is critical to every organisation. We are shaping strategies and transforming the management of cyber risk and we need you to join us. You'll build strong relationships as one of the areas of our cyber practice with over 450 extremely talented individuals in the UK alone, as part of a Technology and Transformation practice of 7500 people. Cyber security is a business problem, not just a technical problem, and we need people with a diverse array of backgrounds and skills sets to help our clients solve it. Join us and you will help our clients solve the latest cyber security challenges, in a business with very significant growth ambitions enjoying the kind of professional development that will set your potential free. Providing guidance to and support to executives to develop complete and actionable cybersecurity strategics for the organizations, taking a risk-based approach to support new, digitally enabled business models. Supporting organisations in developing actionable transformation programmes for the organisations, and navigating cyber transformation to support new, digitally enabled business models. Designing effective governance roles and operational frameworks to assess and define prioritised, risk-based roadmaps to increase cyber maturity, prepare for and support regulatory compliance, and allow cyber to play a key role in business enablement and expansion Connect to your career at Deloitte Deloitte drives progress. Using our vast range of expertise, we help our clients' become leaders wherever they choose to compete. To do this, we invest in outstanding people. We build teams of future thinkers, with diverse talents and backgrounds, and empower them all to reach for and achieve more. What brings us all together at Deloitte?It'show we approach the thousands of decisions we make everyday. How we behave, our beliefs and our attitudes. In other words: our values. Whatever we do, whereverwe arein the world, welead the way,serve with integrity, take care of each other ,fosterinclusion, andcollaborate for measurable impact. These five shared values lead every decision wemake and action we take, guiding us to deliver impact how and where it mattersmost . Connect to your opportunity We are a team with a passion and curiosity, for cyber security and technology, comfortable with operating in fast-paced environments defining and leading the development of cyber strategy, cyber programmes and managing cyber risk. We are looking for likeminded individuals who thrive on the challenge of solving the toughest cyber security challenges faced by organisations today. Typically this will be people with a blend of technical and soft skills that allows them to both analyse the challenges in cyber security but also to communicate to a range of stakeholders from end users and technical specialists through to senior IT professionals and members of the board. Connect to your skills and professional experience Successfully applicants typically have a degree or equivalent experience, with real world experience working in cyber security. They are agile thinkers capable of helping stakeholders manage a range of security challenges. They bring an ability to apply a robust understanding of security principles and technologies to support clients with varying risk appetite in the pragmatic management of cyber risk. Cyber Security Skills: Strong skills in areas such as cyber strategy, cyber risk, cyber maturity, security architecture, cyber transformation and regulatory compliance for cyber. Experience of various recognised cyber security relevant standards and regulations, such as NIST CSF, CRI2.0, ISO27001, NCSC CAF, GDPR and NIS2. Experience working in a variety of environments or organisational contexts to develop cyber strategy and manage cyber risk. Desire to work with large organisations trying to solve the latest cyber security problems. Relevant certifications, such as M.Inst.ISP, CISSP, CISM, CISA or an MSc in cyber security or a related discipline. Practical experience across various areas of cyber security, such as cyber architecture, cyber GRC, cyber threat management, vulnerability management, cyber security reviews. Detail oriented and strong problem-solving skills. Excellent oral and written communication skills including concisely communicating status and creating customer reports and presentations. Consulting Skills: Project management - Experience with waterfall and agile type methodologies, often working within client specified frameworks. Delivery team management: Working with and managing teams across a mix of locations, cultures, and experience levels, both remotely and face to face. Ability to think laterally to solve problems. Client stakeholder management - Strong communication and relationship skills to manage a variety of client stakeholders from developers, to CISO, to business stakeholder. In addition to the above the following are beneficial: Consulting experience Understanding of modern security concepts and principles, including cyber risk, strategy, maturity assessment Ability to hold Security Clearance Connect to your business -Technology and Transformation Distinctive thinking, deep expertise, innovation and collaborative working. That's what connects us. That's what makes us Deloitte. If you want to help solve some of the biggest tech and transformational challenges around, join us. Together, we'll make an impact that matters. Cyber The modern world is more complex than ever before, and we are navigating an ever-changing landscape. We help clients to operate with resilience and grow with confidence to secure success and minimise risk. Personal independence Regulation and controls are standard practice in our industry and Deloitte is no exception. These controls provide important legal protection for both you and the firm. We are subject to a number of audit regulations, one of which requires that certain colleagues abide by specific personal independence constraints (e.g., in relation to any financial interests and employment relationships). This can mean that you and your "Immediate Family Members" are not permitted to hold certain financial interests (shares, funds, bonds etc.) with audit clients of the firm, and also prohibitions on certain employment relationships (e.g., you are not permitted to hold a secondary employment role with SEC audit clients of the firm whilst being employed by the firm). The recruitment team will provide further detail as you progress through the recruitment process or you can contact the Independence team upon request. Connect with your colleagues "At Deloitte you're surrounded by subject matter experts; industry experts, technology experts, and you can access that knowledge whenever you need to." -Christian, Technology and Transformation "We have a great culture, and the number of opportunities here mean you can develop as an individual in the direction that suits you best." -Gurpal, Technology and Transformation Our hybrid working policy You'll be based in London with hybrid working. At Deloitte we understand the importance of balancing your career alongside your home life. That's why we'll support you to work flexibly through our hybrid working policy. Depending on the requirements of your role, you'll have the opportunity to work in your local office, virtual collaboration spaces, client sites and remotely. You'll get the chance to meet face to face when needed, while you collaborate and learn from colleagues, share your experiences, and build the relationships that will fuel your career and prioritiseyour wellbeing. Please check with your recruiter for the specific working requirements that may apply for your role. Our commitment to you Making an impact is more than just what we do: it's why we're here. So we work hard to create an environment where you can experience a purpose you believe in, the freedom to be you, and the capacity to go further than ever before. We want you. The true you. Your own strengths, perspective and personality. So we're nurturing a culture where everyone belongs, feels supported and heard, and is empowered to make a valuable, personal contribution. You can be sure we'll take your wellbeing seriously, too. Because it's only when you're comfortable and at your best that you can make the kind of impact you, and we, live for. Your expertise is our capability, so we'll make sure it never stops growing. Whether it's from the complex work you do, or the people you collaborate with, you'll learn every day. Through world-class development, you'll gain invaluable technical and personal skills. Whatever your level, you'll learn how to lead. Connect to your next step A career at Deloitte is an opportunity to develop in any direction you choose. Join us and you'll experience a purpose you can believe in and an impact you can see. You'll be free to bring your true self to work every day. And you'll never stop growing, whatever your level . Discover more reasons to connect with us, our people and purpose-driven culture at deloitte.co.uk/careers
