Allow us to introduce ourselves - our purpose is to create a cyber-secure organisation so that our people and customers are kept safe, sound and secure for generations to come. We’re managing cyber risk today and investing for the future, through intelligent protection, detection, response, recovery and resilience.
Check out the teams that make this happen and see where you might fit in!
Cyber Identity & Protection Management
At the heart of Cyber is the Identity & Protection Management team - proactively designing, metricising, governing and reporting on Group cyber security controls to ensure that we have secure networks, applications, and systems. We’re continuously training our people to protect against cyber-attacks and transparently report on our status and incrementally drive improvement.
The control domains of the Cyber Identity & Protection Management team include Network security, Identity Lifecycle Management, End User Protection, Data Protection and Access monitoring.
Cyber Defence Operations
As our first and last line of defence, this team is responsible for detecting and responding to cyber-attacks against our systems and cybercrime against our customers. This is underpinned by a detection engineering function in addition to performing real-world red, purple and OSINT (open source intelligence) team testing to continuously improve our detective capability.
We also focus on providing cyber-attack and vulnerability assessments against Group assets to help reduce our attackable surface, in turn supporting the Group meeting its cyber regulatory and compliance requirements. Through the integration of these activities, the team aims to improve operational effectiveness and identify and escalate opportunities to uplift the Group’s security posture.
Cyber Resilience & Recovery
The Cyber Resilience and Recovery team enables Cyber Security to be increasingly intel-driven. They’re informed about the changes in the threat environment including cyber-attacks against our supplier and partner ecosystem. Our team’s functions include cyber recovery planning, data breach and third party incident response to support the Group’s Cyber Security posture and maintain a standout reputation across the Group and market.
We’re responsible for scanning the external environment for threats to the Group, working closely with partners in industry and government to ensure there’s proactive management of cyber risks and appropriate cyber recovery measures in place.
Cyber Delivery & Transformation
The Cyber Delivery and Transformation team focuses on the prioritisation, design, planning, and execution of change programs at high velocity leveraging best practice and implementation disciplines across the Group. The key focus is to uplift controls and implement best of breed technology to enhance our cyber risk profile.
We work closely with all teams across Technology and the businesses to interlock and sequence core foundational cyber technology change Group-wide. The discipline of embedding technology, uplift controls, and simplifying processes end-to-end for sustainability and future-proofing is at the core of our approach to strengthen the security of the Group’s cyber platform for our businesses and customers.