Infosec SME - AppSec - Banking
Posted 1 day ago by Rothstein Recruitment
Negotiable
Undetermined
Undetermined
London Area, United Kingdom
Summary: The Application Security Consultant role focuses on enhancing security processes within a technology transformation program at a bank. The consultant will lead security efforts in application development, collaborating with various stakeholders to address security challenges while ensuring compliance with regulatory standards. This position requires a proactive approach to risk management and the ability to integrate security practices into the software development lifecycle. The role emphasizes autonomy and problem-solving in a critical industry setting.
Key Responsibilities:
- Lead risk and control assessments, including supplier due diligence and privacy impact assessments.
- Support workstreams in identifying and managing risks, documenting controls, and ensuring timely actions.
- Provide specialist advice on information security best practices and UK regulatory requirements.
- Develop expertise in the bank's secure change processes and shepherd workstreams through assessments.
- Build trust-based relationships with stakeholders within delivery teams.
- Participate actively in delivery team activities, including daily stand-ups and planning sessions.
- Communicate complex security issues effectively to both technical and non-technical audiences.
- Integrate application security controls into CI/CD pipelines and understand cloud security and microservices.
- Support technology change initiatives to ensure secure solution delivery.
- Conduct security assessments of complex systems and platforms.
Key Skills:
- Solid experience in application security and secure coding practices.
- Understanding of risk management and its relation to information security in financial services.
- Strong communication skills for conveying security issues to diverse audiences.
- Experience with SDLC and integrating security into development processes.
- Knowledge of cloud security and modern architecture.
- Ability to build strong interpersonal relationships across teams.
- Proactive problem-solving skills and a delivery-focused mindset.
- Awareness of knowledge gaps and ability to seek guidance.
Salary (Rate): undetermined
City: London Area
Country: United Kingdom
Working Arrangements: undetermined
IR35 Status: undetermined
Seniority Level: undetermined
Industry: IT
Application Security Consultant - Banking
We are seeking a versatile and proactive AppSecurity Consultant to join a major technology transformation programme. We are modernising our tech stack whilst preserving trust and security. Y ou will act as the security lead in an application development delivery team working across a complex hybrid tech stack including Java/React, J2EE microservices, RPG/JSP hosted on z/OS and an API driven architecture. A key focus of this role will involve uplifting our application development security processes to enable the team to deliver quickly and securely. You will operate our existing secure change process whilst helping revise and uplift the application development security assurance operating model. Your work will cover metrics, templates, controls, automation, secure code practices and workflows. The Bank operates an model where information security consultants are Embedded into workstreams acting as the security lead for that delivery team. This is not a traditional advisory role - you will be actively participating in solving information security problems, working closely with engineers, product managers, and business stakeholders to identify, assess, and collaboratively solve security challenges and ensure the team can continue to deliver a pace. This is a unique opportunity to work on an exciting technology change programme, influencing the security posture of critical Bank systems while collaborating closely with engineers, product managers, and business stakeholders. You'll often operate independently of other security and privacy subject matter experts, so a broad and deep understanding of security and privacy domains is essential - from secure architecture and threat modelling to data protection and regulatory compliance If you thrive on autonomy, love solving complex problems, and want to see the real-world impact of your work in a critical industry - this is the role for you.
Main Responsibilities
- Risk and Control Assessments - You will lead risk & control assessments using the Banks defined processes, covering supplier due diligence, privacy impact assessments and project security.
- Risk Management - You will support your workstream identify and articulate risks, steering them towards appropriate treatment plans, documenting mitigating controls and ensuring these are actions within agreed timeframes. You will operate in line with the Bank's Risk Management framework (including sub-frameworks) and relevant risk and compliance policies and procedures, ensuring appropriate and timely escalation of any concerns to your line manager.
- Advisory - You will provide specialist advice and interpretation of Information Security best practice and UK regulatory requirements to a range of different stakeholders as new products, processes and systems are developed. You will need to be aware of your own knowledge gaps and when & where to seek specialist input to solve a particular problem or query
- Subject Matter Expertise - You will develop a deep knowledge of the Banks secure change processes and procedures, shepherding your workstream through various assessments and approval gates
- Relationship Management - You will build deep, trust based relationships with key stakeholders within your delivery team such as developers, testers, product managers, delivery leads and tech leads. You will be an active member of the delivery team, attending daily stand-ups, PI planning sessions and working groups.
- You have a blend of technical skills (secure coding, threat modelling, SAST/DAST tooling etc) and SDLC experience with a focus on securing software throughout the life cycle
- You are a skilled communicator, able to convey complex security issues to a wide audience, including non-technical colleagues.
- You have a pragmatic, delivery-focused mindset and are comfortable owning outcomes and taking accountability.
- You love building strong interpersonal relationships across engineering, product, compliance, and business teams to foster a culture of shared security ownership.
- You are great at identifying information security risks and you enjoy finding creative solutions problems.
- You have a wide range of information security knowledge and crucially, you are aware of your own knowledge gaps and able to seek support and guidance as required.
- You understand the intersection of Risk Management and Information Security and how these relate to each other in a Financial Service business (3LoD model)
- Application Security - Solid, practical and demonstrable experience of integrating application security controls (technical and non technical aspects), covering SDLC and secure coding practices, into CI/CD pipelines.
- Understanding of cloud security, microservices and modern architecture.
- Privacy - You don't need to be a privacy expert but you will require a good understanding of core privacy concepts and how these apply to technology change initiatives
- Technology Change - Demonstrable experience of supporting technology change initiatives to deliver solutions securely
- Risk and Control Assessments - Although your primary focus will be SDLC and secure coding practices, you'll also need experience of undertaking security assessments of complex systems and platforms.
Appsec Application Security Information Security InfoSec Bank Banking Financial Services