Security & Resilience Principal Consultant

As a Security Consultant, you will be responsible for ensuring that all services and change initiatives within your designated business areas are delivered securely and in full compliance with relevant standards. Operating in a matrix environment, you'll collaborate closely with business, change, and delivery teams-supporting initiatives ranging from minor technology updates to large-scale transformation programmes. Your role will be pivotal in championing the implementation of our Security and Resilience strategies and policies, applying them in a constructive and practical way that empowers colleagues to achieve their business goals.

You will be conducting security risk assessments and providing recommendations on appropriate controls to ensure services and systems operate within risk appetite. Assessing the impact of change initiatives and issuing appropriate security requirements to ensure compliance with security policy and standards and advising on the implementation of security control requirements, ensuring the design and approach of these both achieve the desired security outcome and are operationally viable. Supporting change initiatives in navigating and utilising our central security services, including security monitoring, penetration testing and access management.

You will be responsible to assure that security control requirements are met, in conjunction with our Application Security Testing team, through the project lifecycle. Acting as the initial point of contact for all security and resilience related questions, queries, challenges and escalations for your aligned areas. By building strong relationships with colleagues across multiple areas, you will work collaboratively and proactively to ensure Security & Resilience is effectively embedded in all projects and programmes., Our customer first behaviours put customers and members at the heart of how we work together. They are the set of behaviours that every colleague needs to display, in every role:

• Feel what customers feel - We step into our customers' shoes, using their feedback
• and insights to empathise with them and to understand their needs, so that every
• decision we make starts and finishes with our customers in mind
• Say it straight - We are brave in speaking out and saying what we think - we're honest and direct with good intent, openly sharing diverse perspectives to reach the best conclusions and using language everyone can understand ·
• Push for better - We don't settle for mediocrity, we challenge the status quo, taking responsibility for continuous improvement and personal development ·
• Get it done - We prioritise what will have the greatest impact, we are decisive, and we take accountability for delivering brilliant customer outcomes.

You can strengthen your application by showing how our customer first behaviours resonate with you, and where you may have already demonstrated these.

Do you have experience in NIST standards?, * Have experience in Security Consultancy role, or a related discipline e.g. Security Governance Risk and Control or Operations

• Have a relevant professional qualification (or be working towards certification), such as Security+ / Network+ / CISM / CISSP
• Have a developed understanding of risk and control methodologies and experience of practical risk assessment (ideally but not essentially in a security environment)
• Have knowledge and understanding of relevant industry standards, frameworks and best practice, e.g. ISO / NIST / COBIT / COSO
• Be a resilient and highly motivated self-starter, with demonstratable robust judgement, decision making and creative problem-solving ability
• Be able to understand and assess the security elements of technical designs / solutions and have a proven ability to constructively challenge to deliver better business and security outcomes
• Ability to communicate complex risks / issues to technical and non-technical stakeholders to influence critical business decisions

There are all sorts of employee benefits available at Nationwide, including:

• 25 days holiday, pro rata
• From January 2026, all colleagues will have access to fully funded private medical insurance
• A personal pension - if you put in 7% of your salary, we'll top up by a further 16%
• Access to an annual performance related bonus
• Access to training to help you develop and progress your career
• A great selection of additional benefits through our salary sacrifice scheme
• Life assurance worth 8x your salary
• Wellhub - access to a range of free and paid options for health and wellness
• Up to 2 days of paid volunteering a year

Nationwide is the world's largest building society and it's an exciting time to join us, as we evolve to a new future that sees us accelerate delivery of value to our 16.3 million Members and engage our 18,000 colleagues around new ways of working. We are seeking a Security Consultant to join our Security Consultancy team, part of the wider Security & Resilience function. Our mission is clear: working collaboratively with colleagues across the business, we ensure that services, financial assets, and data remain consistently available and secure. At Nationwide we offer hybrid working wherever possible. More rewarding relationships are supported through our hybrid approach, bringing colleagues together across our UK wide estate, whilst also supporting generous access to home working. We value our time in the office to solve problems, to learn, and to feel connected. We are happy to consider flexible working approaches to help you perform at your best., As a mutual, we're owned by our members - those customers who bank, save or have a mortgage with us. We challenge the financial sector status quo. We don't see customers as the engine of our own profit. We share our profits with them and put their needs first. Always there when they need us. Supporting them and their lives. If you're inspired by fairer finances, passionate about making a meaningful impact, and truly care about our customers, you're one of us. At Nationwide, you are challenged to grow and rewarded for doing so. Valued. Recognised. Inspired to be your best. As a community we want our working lives to count. As a team, we celebrate what we achieve. As a standard-setter, we work for the good of customers, communities, and broader society. We are purpose-driven. Uncompromisingly customer. Unstoppably Nationwide.