Head of 2LOD Data & InfoSec

About Allica Bank

Allica is the UK’s fastest growing company - and the fastest-growing financial technology (Fintech) firm ever. Our purpose is to help established SMEs, one of the last major underserved opportunities in Fintech.

Established SMEs are the backbone of local communities - representing over a third of our economy - yet have been largely neglected both by traditional high street banks and modern fintech providers.

Role Description

This role will strategically develop and maintain the 2nd line of defence oversight of Data and Information Security Risk. This includes providing coverage of how 1LOD identify potential data and info sec threats and associated mitigating actions.

Using comprehensive sources of data, you will provide challenge and oversight of 1LOD security monitoring and alerting strategies. You will ensure 1LOD security threat analysis and detection is fit for purpose and suitable for a fast-growing dynamic fintech.

This role is required to provide review and challenge of data and info sec risks identified and assessed through Allica’s RCSA process, including control testing and gap analysis.

You will provide oversight on how 1LOD are managing the data integrity risks, ensuring that data quality is effectively measured and managed with suitable MI to identify risks and appropriate mitigation.

This role will also provide 2LOD oversight of the risks surrounding the collection and storage of data including liaising with the Bank’s Data Protection Office.

Principal Accountabilities

• To review and support the updating of the Bank’s Data Risk Management Framework which articulates how Allica should think about managing Data and information Security risks.

• Provide oversight of 1LOD security operations ensuring they are set up to monitor, detect, and respond to potential threats in a timely manner with the appropriate tools and technologies. 

• Review the cloud security frameworks that safeguard sensitive data and applications providing challenge where appropriate and ensuring they protect our data. 

• Challenge the Cybersecurity Incident Response Plans (CSIRP) and Disaster Recovery Plans (DRP) ensuring they are appropriate for Allica.

• Conducting independent testing and challenge of information security controls and their effectiveness.

• Challenge the approach to Data integrity assessment, measurement and remediation. 

• Be engaged in data and cybersecurity incidents, including post-incident analysis.

• Ensure data and info sec risk assessments and due diligence is suitably performed for third-party vendors and partners. 

• Review compliance with relevant regulations (e.g., PCI DSS, GDPR, SOC 2, ISO 27001)

• Ensure suitable data & information security metrics are measured and reported to senior management. Use data and analytics to identify issues, trends and potential vulnerabilities.

Personal Attributes & Experience

• Experience of Data Risk Management including measuring data quality and integrity.

• Skills in Data privacy protection and management

• Expertise in security operations, cloud security, application security, and incident response.  

• Strong knowledge of security frameworks (e.g., NIST, CIS, ISO 27001) and compliance standards (e.g., PCI-DSS, PSD2, GDPR). 

• Hands-on experience with security technologies (e.g., SIEM, endpoint protection, cloud security tools). 

• Exceptional leadership and communication skills, with the ability to engage and influence diverse stakeholders. 

• Excellent communication skills both verbal and written

• Excellent presentational skills – the ability to convey complex subjects in an easily understood format

• An ability to provide constructive challenge in a range of circumstances

  #LI-AD1

Working at Allica Bank

At Allica Bank we want to ensure our employees have the right tools and environment in which to succeed in their role and in support of our customers.

Our employees are at the heart of everything we do, so our benefits are designed with you in mind:

• Full onboarding support and continued development opportunities

• Options for flexible working

• Regular social activities

• Pension contributions

• Discretionary bonus scheme

• Private health cover

• Life assurance

• Family friendly policies including enhanced Maternity & Paternity leave

Don’t tick every box?

Don’t worry if you don’t have all the skills or requirements listed on the job description. If you think you’ll be a good fit, we’d still love to hear from you!

Flexible working

We know the ‘9-to-5’ isn’t right for everyone. That’s why Allica Bank is fully committed to flexible and hybrid working. Please let us know what is best for you and, if we can, we will do our best to accommodate.

Diversity

We’re a diverse bunch here at Allica, with all kinds of experiences, backgrounds and lifestyles. Our openness and differences make us stronger, and we want everybody to feel comfortable bringing as much of themselves to work with them as they like.