Group Information Security (GIS) at OSB supports the business by protecting the bank, its customers, and its critical assets while enabling the organisation to operate safely and effectively. We identify, assess, and manage security risks across people, processes, technology, data, and third-party suppliers, ensuring risks remain within the bank’s risk appetite.
The function establishes security policies, standards, and governance frameworks, oversees compliance with regulatory and industry requirements, and works closely with business and technology teams to embed security into new products, services, and change initiatives. It also monitors and responds to security incidents, promotes operational resilience, manages third-party security risks, and drives security awareness across the organisation. Through these activities, the security function helps maintain customer trust, supports regulatory compliance, and enables the bank to achieve its strategic objectives while effectively managing risk.
What you will be doing:
As the Head of Security Operations you will be accountable for the effective operation, continuous improvement and resilience of the Bank’s security operations capability, covering Security Operations Centre monitoring and response, Identity and Access Management services, security analysis, operational security controls and supplier-delivered security services.
The Head of Security Operations is a senior leadership role within the Group Information Security (GIS) function, reporting directly to the Information Security Director.
The role leads a team of approximately 15–20 security professionals located in the UK and India offices, supported where appropriate by third-party managed security service providers. The team provides 24×7 or extended‑hours security monitoring and response, identity and access management operations, vulnerability and threat analysis, security tooling administration, control assurance support, reporting, and operational support.
Your responsibilities will include…
Security Operations Leadership & Strategy
- Leading and developing the Security Operations function, setting clear direction, priorities, and performance expectations for a team of 15–20 professionals
- Building a high‑performing, collaborative and service‑focused culture, supported by workforce planning and recruitment, performance management and professional development whilst ensuring the function has the appropriate capability, capacity, tooling, and governance to meet current and future business needs
Cyber Security Operations (SOC & Incident Response)
- Owning the end‑to‑end security monitoring and cyber incident response, including internal SOC and third‑party services
- Overseeing detection, triage, investigation and response to threats using security tooling (SIEM, SOAR, EDR/XDR) and acting as the senior escalation point and cyber incident commander where required
- Ensuring incident response plans, playbooks, testing, and post‑incident reviews are effective and continuously improved
Identity & Access Management (IAM)
- Leading IAM operations, ensuring secure, compliant access to systems, data and platforms whilst driving improvements in IAM automation, governance, and control effectiveness, ensuring risks are identified, reported and remediated in line with policy
Security Analysis, Assurance & Risk Management
- Leading security analyst services including threat analysis, vulnerability management, investigations, reporting and control assurance
- Ensuring security risks, vulnerabilities and control weaknesses are identified, prioritised, and remediated in partnership with technology teams
- Supporting risk assessments, change initiatives, and assurance activities while maintaining alignment with risk frameworks, policies, and regulatory requirements
Service Delivery, Performance & Continuous Improvement
- Defining and tracking KPIs, KRIs and SLAs to measure performance, risk reduction and control effectiveness
- Delivering clear, insightful reporting for operational teams, senior stakeholders, audit and regulators
- Driving continuous improvement through automation, tooling optimisation, and process enhancements
Third‑Party & Service Management
- Managing relationships and performance of security vendors and managed service providers to ensure third‑party services meet contractual, regulatory and security requirements
Operational Resilience & Business Continuity
- Ensuring Security Operations services are resilient and recoverable, supporting the Bank through incidents and disruptions whilst maintaining continuity and disaster recovery plans for critical security services
Stakeholder Management & Governance
- Building effective relationships with the wider Group to successfully and effectively achieve the above outlined responsibilities
- Providing appropriate challenge on risk and control issues and representing Security Operations at IT Security governance forums
What’s in it for you?
We offer a competitive base salary depending on experience from £120,000 – £135,000 and a competitive benefits package including:
- Discretionary annual bonus opportunity up to 50%
- 30 days annual leave plus bank holidays
- Car allowance £7,500
- Access to Private Medical Insurance and Medical Cash Plan
Do you have the skills?
We are looking for talented individuals who have the experience and knowledge set out below:
- Leading a Security Operations function within a complex, regulated or financial services environment managing medium‑sized, multi‑disciplinary security teams (c.15–25), including analysts, engineers, IAM specialists and team leads
- Strong operational experience across SOC monitoring, cyber incident response, escalation management and Identity & Access Management
- Experience delivering security analysis and operational services, including threat and vulnerability management, control monitoring and reporting
- Strong understanding of risk, audit, compliance and governance requirements within a regulated environment
- Experience managing third‑party security providers, including MSPs and outsourced services
- Proven ability to develop and use operational metrics and produce effective management reporting
- Experience in incident management, root cause analysis and continuous improvement, alongside exposure to operational resilience, business continuity and disaster recovery
- Strong stakeholder management skills, with the ability to influence and clearly communicate complex security issues
Diversity, Equity & Inclusion
We are proud to be a Disability Confident employer and are committed to creating an inclusive and accessible workplace where everyone can thrive.
We welcome applications from people of all backgrounds and encourage candidates with disabilities and long‑term health conditions to apply.
If you meet the minimum criteria for the role and would like to be considered under our Disability Confident Scheme, please indicate this on your application.
Not sure if you meet all the criteria? Let us decide. Studies show that candidates from underrepresented backgrounds often feel they need to meet 100% of the criteria before applying. At OSB, we value the unique perspectives and experiences that diversity brings. We’re committed to creating an inclusive space where everyone feels empowered to apply – even if you don’t check every box.
We actively promote diversity at all levels, with Board‑level Diversity Champions monitoring our progress. We’re proud to be signatories of the Women in Finance Charter, supporting the growth of senior women in our sector. Our commitment extends to treating all employees and applicants equitably, ensuring fairness and respect for all.
#J-18808-Ljbffr…
