Group Information Security (GIS) at OSB supports the business by protecting the bank, its customers, and its critical assets while enabling the organisation to operate safely and effectively. We identify, assess, and manage security risks across people, processes, technology, data, and third-party suppliers, ensuring risks remain within the bank’s risk appetite.

The function establishes security policies, standards, and governance frameworks, oversees compliance with regulatory and industry requirements, and works closely with business and technology teams to embed security into new products, services, and change initiatives. It also monitors and responds to security incidents, promotes operational resilience, manages third-party security risks, and drives security awareness across the organisation. Through these activities, the security function helps maintain customer trust, supports regulatory compliance, and enables the bank to achieve its strategic objectives while effectively managing risk.

As the Head of Security Operations you will be accountable for the effective operation, continuous improvement and resilience of the Bank's security operations capability, covering Security Operations Centre monitoring and response, Identity and Access Management services, security analysis, operational security controls and supplier-delivered security services.

The Head of Security Operations is a senior leadership role within the Group Information Security (GIS) function, reporting directly to the Information Security Director.

The role leads a team of approximately 15-20 security professionals located in the UK and India offices, supported where appropriate by third-party managed security service providers. The team provides 24x7 or extended-hours security monitoring and response, identity and access management operations, vulnerability and threat analysis, security tooling administration, control assurance support, reporting, and operational support.

Your responsibilities will include…

Security Operations Leadership & Strategy

• Leading and developing the Security Operations function, setting clear direction, priorities, and performance expectations for a team of 15–20 professionals
• Build a high-performing, collaborative and service-focused culture, supported by workforce planning and recruitment, performance management and professional development whilst ensuring the function has the appropriate capability, capacity, tooling, and governance to meet current and future business needs

Cyber Security Operations (SOC & Incident Response)

• Owning the end-to-end security monitoring and cyber incident response, including internal SOC and third-party services
• Overseeing detection, triage, investigation and response to threats using security tooling (e.g. SIEM, SOAR, EDR/XDR) and acting as the senior escalation point and cyber incident commander where required
• Ensuring incident response plans, playbooks, testing, and post-incident reviews are effective and continuously improved

Identity & Access Management (IAM)

• Leading IAM operations, ensuring secure, compliant access to systems, data and platforms whilst driving improvements in IAM automation, governance, and control effectiveness, ensuring risks are identified, reported and remediated in line with policy

Security Analysis, Assurance & Risk Management

• Leading security analyst services including threat analysis, vulnerability management, investigations, reporting and control assurance
• Ensuring security risks, vulnerabilities and control weaknesses are identified, prioritised, and remediated in partnership with technology teams
• Support risk assessments, change initiatives, and assurance activities while maintaining alignment with risk frameworks, policies, and regulatory requirements

Service Delivery, Performance & Continuous Improvement

• Defining and tracking KPIs, KRIs and SLAs to measure performance, risk reduction and control effectiveness
• Delivering clear, insightful reporting for operational teams, senior stakeholders, audit and regulators
• Driving continuous improvement through automation, tooling optimisation, and process enhancements

Third-Party & Service Management

• Managing relationships and performance of security vendors and managed service providers to ensure third-party services meet contractual, regulatory and security requirements

Operational Resilience & Business Continuity

• Ensuring Security Operations services are resilient and recoverable, supporting the Bank through incidents and disruptions whilst maintaining continuity and disaster recovery plans for critical security services

Stakeholder Management & Governance

• Building effective relationships with the wider Group to successfully and effectively achieve the above outlined responsibilities
• Providing appropriate challenge on risk and control issues and represent Security Operations at IT Security governance forums

We offer a competitive base salary depending on experience from £120,000 - £135,000 and a competitive benefits package including:

• Discretionary annual bonus opportunity of up to 50%
• 30 days annual leave plus bank holidays
• Car allowance of £7,500
• Contributory pension (8% employer 5% employee)
• Life Assurance (4x salary) plus Group Income Protection
• Access to Private Medical Insurance and Medical Cash Plan

Please use this link to see the fantastic benefits available at OSB: OSB Careers 

At OSB Group, we understand how much our people bring to our organisation, which is why we try our best to give back too! Our Purpose is to help our customers, colleagues and communities prosper and we are on a transformation journey to become ‘the bank of the future’.

Our commitment to professional development, flexible working, and employee well-being fosters a dynamic and supportive workplace.

We are looking for talented individuals who have the experience and knowledge set out below:

• Essential experience:

  • Leading a Security Operations function within a complex, regulated or financial services environment managing medium-sized, multi-disciplinary security teams (c.15–25), including analysts, engineers, IAM specialists and team leads
  • Strong operational experience across SOC monitoring, cyber incident response, escalation management and Identity & Access Management
  • Experience delivering security analysis and operational services, including threat and vulnerability management, control monitoring and reporting
  • Strong understanding of risk, audit, compliance and governance requirements within a regulated environment
  • Experience managing third-party security providers, including MSP’s and outsourced services
  • Proven ability to develop and use operational metrics and produce effective management reporting
  • Experience in incident management, root cause analysis and continuous improvement, alongside exposure to operational resilience, business continuity and disaster recovery
  • Strong stakeholder management skills, with the ability to influence and clearly communicate complex security issues

If this sounds like you, please apply now! For internal applications please visit the internal careers page to apply.

Still on the fence? Hear from our team or explore our process: OSB Careers

Shortlisted candidates will go through a personalised recruitment process, that is relevant and conversational. If you need any adjustments or support, we’re here to make sure you can show your best self.

We are proud to be a Disability Confident employer and are committed to creating an inclusive and accessible workplace where everyone can thrive.

We welcome applications from people of all backgrounds and encourage candidates with disabilities and long-term health conditions to apply.

If you meet the minimum criteria for the role and would like to be considered under our Disability Confident Scheme, please indicate this on your application.

Diversity, Equity & Inclusion

Our team value spending time together in the office, typically 3 days a week to support collaboration and connection with colleagues, but we’re happy to have a conversation about what flexibility might look like for you.

Not sure if you meet the spec? Let us decide. Research tells us that those from marginalised groups feel like they need to meet 100% of the criteria to apply. Here at OSB, we are committed to inclusivity and understand the value different experiences and perspectives can bring, so please don’t feel like you need to check every box to apply for a role internally.

We champion diversity at all levels, with Board-level Diversity Champions tracking our progress. We are proud to be signed up to the Women in Finance Charter to actively support the growth and development of senior women in our sector and are dedicated to treating all our employees and job applicants equally, opposed to discrimination on any grounds.