Business Unit: Chief Operating Office
Salary Range: £40,800 - £51,000 per annum DOE+ benefits
Location: UK Hybrid – Glasgow or Gosforth.
Contract Type: Permanent
Our Team
Our mission is to safeguard Virgin Money by proactively identifying, analysing, and highlighting vulnerabilities and misconfigurations across our estate, shining a light on hidden risks before they can impact our customers or operations. We deliver clear, actionable, and intelligence‑led reporting that empowers teams to remediate effectively, strengthens security controls, and ensures we stay ahead of evolving threats. Through continuous monitoring, transparent communication, and data‑driven insight, we enable the organisation to make confident security decisions and maintain a resilient, secure environment.
What you’ll be doing
* Operating, administering, and maintaining the organisation’s vulnerability and exposure scanning tools (e.g. Qualys, Darktrace Defender).
* Identifying, analysing, and assessing vulnerabilities and misconfigurations across infrastructure, applications, assets, and code whilst categorising and prioritising vulnerabilities based on severity, business impact, and criticality.
* Continually monitoring vulnerability data, threat intelligence, and scanning outputs to detect emerging risks.
* Proactively recording, managing, and escalating risks and produce clear, actionable vulnerability reports for technical and business stakeholders
* Participating in continuous improvements programmes across scanning, reporting, dashboards, processes, and tooling to enhance processes, reduce risk, and ensure we perform more efficiently by improving our security posture.
* Supporting automation initiatives that enhance efficiency and reduce manual effort
* Sharing your knowledge and experience as an industry recognised SME with analysts, team members and stakeholders to uplift capability.
* Regularly contributing to and improving on existing Management Information reporting processes
We need you to have
* Hands‑on, specialist level experience with Qualys vulnerability scanning tool, including basic & advanced modules, configuration, asset management, interpreting scan outputs and the ability to tune scan profiles and targets to ensure complete and reliable scan coverage across the modules.
* Advanced specialist knowledge of vulnerabilities identified against infrastructure, web applications or code, how to apply this knowledge to vulnerability scoring and risk frameworks (CVSS, NIST) and have a proven ability to communicate vulnerabilities and risk in plain language to stakeholders, including escalations for critical or high‑risk findings.
* A track record of strong collaboration skills with Platform & Technology Owners, Application Teams, Security Champions, and project teams to plan remediation with a keen focus on tracking outcomes against progress and ensuring teams understand required actions and timelines
* Experience of common OS platforms (Windows Server & Desktop or RHEL) and 3rd party software dependencies, with an understanding of enterprise level patching processes, automation options and the ability to validate findings and provide accurate risk & environmental context.
* Understanding of patching cycles, route to live, secure configuration, and system hardening to industry standards (CIS, STIG, DISA, NIST) ensuring policy compliance and benchmarked builds.
* Ability to identify improvements (scanning, reporting, dashboards, workflows and tooling) and have a strong curiosity about emerging vulnerabilities, threat intelligence sources, exploit trends, and industry developments.
It’s a bonus if you have but not essential
* Knowledge of Cloud infrastructure (AWS, AZURE).
* Recognized industry related security qualification (e.g. CISM, CISSP) or equivalent practical security experience
* Knowledge of IT framework (e.g. ITIL, COBIT)
Red Hot Rewards
* 25 days holiday per year, increasing over time to 30. Plus, an option to buy more, giving you even more choice.
* Private medical insurance
* A highly competitive pension to help you build a strong foundation for retirement
* Access to an annual performance‑related bonus
* Training and development to help you progress your career
* A great selection of additional benefits through our flexible benefits scheme
* Life assurance to provide peace of mind for you and your loved ones
* Up to 2 days of paid volunteering a year
Say hello to Virgin Money
Virgin Money is so much more than just a bank. As part of the Nationwide group, together we're the UK's first full‑service mutual bank serving millions of retail and business customers and all driven by our purpose; Banking but fairer, more rewarding and for the good of society. With us, you’ll be part of an organisation uniquely positioned to make a difference to the lives of customers, communities and broader society and embark on a collaborative, customer obsessed, and fun‑filled career journey. Embrace the weekdays, enjoy fantastic perks, and make a meaningful positive difference. Time to discover what it means to be part of the first mutual full‑service banking provider.
Be yourself at Virgin Money
At Virgin Money, we celebrate everyone. We have fun, think big, and relentlessly include each other, all in pursuit of our purpose: Banking – but fairer, more rewarding, and for the good of society. We’re committed to creating an inclusive culture where colleagues feel safe and inspired to contribute, speak up and be heard.
As a Disability Confident Leader, we're committed to removing any obstacles to inclusion. If you need any reasonable adjustments or support making your application, contact our Talent Acquisition team at careers@virginmoney.com
Please note: If we receive a high volume of eligible applications, we may need to prioritise candidates whose skills and experience most closely align with the role, while still ensuring fair and equitable consideration for all applicants.
Now the legal bit
We’re in the process of bringing Virgin Money and Nationwide together which, subject to Court approval, will happen on 2 April 2026. You can find out more at https://uk.virginmoney.com/nationwide-transfer. If you’re successful in securing a role with us, your employment will move automatically to Nationwide when this transfer goes ahead.
Although some of our roles allow you to be based anywhere in the UK, we'll need you to confirm you have the right to work in the UK.
If you're successful in securing a role with us, there are some checks you need to complete before starting. These include credit and criminal record checks and three years' worth of satisfactory references. If the role is part of the Senior Manager Regime and Certification Regime, it requires enhanced pre‑employment checks – we’ll ask for six years of regulatory references, and once in the role, you'll be subject to periodic employment checks.
#J-18808-Ljbffr