Risk Analyst

Risk Analyst - Nottingham Building Society

Join to apply for the Risk Analyst role at Nottingham Building Society.

Location:

Head Office, Nottingham (Hybrid working, minimum 2 days per week)

Application process:

Please apply via the application button which will direct you to our careers site. If you require any adjustments to assist you in applying, please contact

We are looking for a proactive Information Security Risk Analyst to join our dynamic Information Security Team. In this role, you will play a crucial part in strengthening our governance, risk, and compliance initiatives related to information security. Your efforts will help ensure our organisation meets regulatory standards, effectively manages security risks, and maintains a robust security posture to safeguard our customers and sensitive data.

We welcome candidates from all backgrounds to apply and contribute to our diverse and inclusive team.

• Framework Development:
  Develop and maintain the organisation’s information security governance, risk, and compliance framework.
• Risk Assessments:
  Conduct risk assessments to identify vulnerabilities, focusing on protecting customer data and financial systems.
• Regulatory Compliance:
  Ensure compliance with regulations and standards like GDPR, ISO 27001, CQuest, SOC 2, and FCA and PRA guidelines.
• Effectiveness Monitoring:
  Monitor and assess the effectiveness of security controls, policies, and procedures.
• Audit Support:
  Support audits by preparing documentation and facilitating review processes.
• Vendor Risk Assessments:
  Perform vendor risk assessments to evaluate third‑party security risks.
• Department
  
  Collaboration:
  
  Collaborate with various departments to implement security policies across all business units and technologies.
• Incident Management:
  Manage and track security incidents and breaches, ensuring appropriate mitigation and response strategies.

• Information Security Frameworks:
  Familiarity with frameworks such as NIST, ISO 27001, SOC 2, and GDPR.
• Financial Sector Requirements:
  Knowledge of specific information security needs for financial institutions and building societies.
• Security Controls and
  
  Risk Management:
  
  Strong understanding of security controls, risk management practices, and compliance requirements in the financial sector.
• GRC Software
  
  Experience:
  
  Experience with platforms like Archer, Service Now, Logic Gate, and One Trust is a plus.
• Analytical
  
  Skills:
  
  Excellent ability to assess security risks and suggest actionable remediation plans.
• Communication
  
  Skills:
  
  Strong written and verbal communication skills to convey complex security and compliance issues to both technical and non‑technical stakeholders.
• Professional Background:
  Experience in information security, GRC, or related fields, ideally within a financial services environment.

• Competitive Package:
  Fair salary benchmarked against market data, annual discretionary bonus, and 29 days holiday plus bank holidays.
• Health & Wellbeing:
  Access to Medicash healthcare, mental health first aiders, and a suite of wellbeing resources to support you inside and outside of work.
• Work‑Life Balance: 35‑hour working week for full‑time roles, with flexibility to help you perform at your best.
• Career Growth:
  Ongoing personal and professional development, we’ll support your ambitions and help you grow your potential.
• Inclusive Culture:
  Be part of a friendly, values‑led team that genuinely cares about doing the right thing for colleagues and customers.
• Giving Back:
  Use two paid volunteering days each year to support causes close to your heart, through our Samuel Fox Foundation.
• Sustainability Focus:
  Join a business committed to reducing its carbon footprint and making a positive impact on the environment.
• Free access to Octopus Money:
  Financial coaching & tools that help you plan, manage, and make the most of your money.

Associate

Full‑time

Information Technology