Skip to content

ORX is currently searching for a skilled Information Security Assistant Manager to to be involved in all aspects of information security and cyber, including multiple deliverables across project workstreams through the programme. 


ORX is an equal opportunity employer. We create an environment where everyone has an equal chance to succeed during our recruitment phase and through their career at ORX. We are committed to building a diverse, equitable and inclusive culture where everyone can be part of a community where you will belong and thrive.

Job description

Job Details: 

Job title: 

Information Security Assistant Manager 

Reporting to: 

Information Security Manager

Contract and hours:

Fixed Term Contract (FTC) 12 months

37.5 hours per week (Mon-Fri)

Hybrid working – 10 office days per quarter

Application deadline:

 24th June 2024

Location:

Bath, United Kingdom 

About ORX 

ORX is the largest operational risk management association in the financial services sector. Established in 2002 by financial firms looking to share loss data, ORX is committed to improving the management and measurement of operational risk. Owned and driven by our member institutions, we bring together hundreds of operational risk professionals to share their knowledge, expertise and experience in the financial services industry. We are a not-for-profit industry association incorporated in Geneva, Switzerland.

The role

The ORX Information Security Assistant Manager role will be a challenging yet rewarding opportunity to be a part of a programme that will deliver a modern cloud-based platform for our members. Your responsibilities will include providing support on the information security project workstream, applying your knowledge to facilitate the successful delivery of the programme with the assistance of the Information Security Manager. This will involve both a foundational knowledge of working with AWS cloud technologies and how information security best practices are applied to the AWS platform.
The Information Security Assistant Manager will have knowledge and experience of infosec security, risk, and control frameworks (ISO27001), and be an effective and enthusiastic communicator with an ability to build strong professional relationships with third party suppliers, ORX members, and subscribers.

Principal duties and responsibilities 

Key duties and responsibilities will include:

The Information Security Manager will be responsible for: 

Development:
  • Familiarity with AWS security tools and embedding security within an AWS cloud environment
  • Comfortable working within the software development life cycle
  • Experienced with working within Agile and Scrum project management frameworks
  • Working alongside third party development teams and holding them to account
Assurance and customer onboarding:
  • Manage reviews requested by ORX member and subscriber organisations (and prospective customers), managing and addressing any resultant findings
  • Create and maintain documentation to enable members and subscribers to transition to the new platform in a repeatable, reliable and consistent way
  • Respond to member and subscriber reviews, escalating queries to the Information Security Manager where required
  • Working with the project team, maintain oversight of new platforms to identify weaknesses or gaps in line with industry control standards
  • Ensure third party suppliers are compliant against our supplier management framework
  • Identify and challenge behaviours or activities that contravene risk policies and procedures
Subject matter expertise & continuous improvement:
  • Maintain an up-to-date working knowledge of the relevant regulations and legislation, e.g. ISO27001, ISO9001 standards (and other information governance standards)
  • Maintain an up-to-date working knowledge of a broad range of technologies including common vulnerabilities and exploits, with a comprehensive knowledge of security controls
  • Be proactively aware of what ORX member and subscribers will expect from ORX services
Communicating, training and awareness:
  • Provide advice and input on the risk aspects of all programme activity to ensure it has been considered and is taken into account appropriately
  • Run information security awareness and training as appropriate for members and subscribers
Infosec strategy and improvement programme:
  • Assist the Information Security Manager to build and enhance new and existing stakeholder relationships, with external supplier but also with other internal business areas
  • Help drive general alignment with ISO27001 principles for the management of our most confidential data within the new data exchange platform
Policies and procedures:
  • Work with the Information Security Manager to ensure alignment within the programme with existing InfoSec policies and procedures, in line with risk appetite and good practice
Infosec risk management, governance and reporting:
  • Provide input into the programme risk and control register, with general alignment to ISO27001 where in scope
  • Act as the subject matter expert and be responsible for information security in the programme
  • Work with the Information Security Manager to plan, build and oversee execution of business continuity plans and business incident tests (including disaster and phishing tests) as required for the programme
  • Identify programme and project risks and work with the programme and operational teams to reach a satisfactory resolution
  • Keep appropriate records and provide periodic business reports regarding the programme security posture for reporting up to the Executive Team and Board Audit, Risk and Quality Committee (BARQC)

There will also be a requirement to deputise for the Information Security Manager in their absence and cover other ad hoc duties as required.

Find out more about the recruitment process

Find out more about the recruitment process: 

  • 1st stage of interview process will be a virtual call with hiring manager
  • 2nd stage of interview process will be a formal interview with hiring managers in person in our central office in Bath, there will be a task at this stage
  • 3rd stage of interview process will be a virtual call with Project lead consultant

Applications are to be emailed to careers@orx.org (we would like them to email their CV, cover letter with salary expectations)

How can I be supported?

You can share any adjustments you need at any stage of the application process by contacting people@orx.org. If you have a disability, if you are neurodivergent, or if you have a health condition that may affect you during the application process, we encourage you to discuss adjustments with our People team.

Some reasons why candidates may need support include but are not limited to: physical disability, dyslexia, dyspraxia, hearing/visual impairment, stammer, stutter, anxiety, depression, menopause, and long-term health conditions.

Some examples of adjustments that can be made for candidates include, but are not limited to:

  • Additional time to complete online assessments or interviews
  • Providing information about assessments during a briefing call
  • Adjusted font size or contrast settings on online assessments, exercises, tasks, and presentations
  • Completing assessments via video call rather than online
Workplace adjustments

The support we offer throughout the recruitment process doesn’t end after the application. We know that employees have varying needs in the application process and at work, which is why we want to help employees at ORX get the support they need to thrive.

ORX is committed to providing employees with the tools and support they need, we can consider adjusting, removing, or reducing any barriers you might face if you have a disability, health concern, or mental health condition.

Workplace adjustments (or accommodations) help us do this and can be considered for all our employees.

Some of the adjustments we’ve provided for our employees include but are not limited to:

  • Ordering specialist equipment (like assistive technology and ergonomic furniture)
  • Adjustments to objectives or targets
  • Changing working arrangements, using flexible working or regular breaks

What else do we offer

Hybrid working:

We offer a hybrid working (mix of remote and office working) built around supporting your role and your home life commitments wherever possible. The minimum days in the office are 10 per quarter. 

Benefits:

  • Competitive salary
  • Discretionary performance related bonus scheme
  • 25 days holiday a year, increasing by 1 day for each year of service to a maximum of 28 days
  • 8% company contribution to pension
  • Employee recognition scheme
  • Support for training and development
  • Life assurance
  • Health cash plan
  • Perks at work scheme
  • Employee assistance programme
  • Holiday trading
  • Sabbaticals and long service awards
  • Summer and Xmas social events
  • Cycle to work
  • Inclusive and supportive working environment under benefits please can we add in
  • Electric car scheme
  • Workplace nursery scheme

Our culture

We have a great culture and we’re proud of our people and the high engagement demonstrated year after year in our employee survey. We recognise and reward hard work, whilst respecting work-life balance. Our hybrid working sees our team getting together when necessary. Days in the office are 10 per quarter, which enables our teams to establish a working pattern that suits us, and you. We recognise that family time, being there for the school run and enjoying life at home is as important as collaborating with others, socialising as a team, and maximising the informal learning and innovation that happens when we’re together in the same place.

Download more information about the position 

Click the download button below to read the full job description.

Information Security Assistant Manager

contact-icon

Find out more about ORX

Find out more