The UK banking and financial services sector operates in one of the most highly regulated and risk-intensive environments in the world. From established high-street banks and building societies to digital-first challengers, financial institutions must protect vast amounts of customer data, maintain operational resilience, and meet strict regulatory expectations. Cybersecurity leadership plays a central role in enabling trust, stability, and innovation across the sector. The following CISOs and security leaders are recognised for their experience and responsibility within some of the UK’s most prominent banking and financial services organisations.
Matt Rowe — Chief Security Officer, Lloyds Banking Group
Matt Rowe is Chief Security Officer at Lloyds Banking Group, a role he has held since July 2022. He is responsible for security leadership within one of the UK’s largest banking groups. Alongside this role, Matt serves as a Board Member of the Cyber Defence Alliance and became a Member of the Board of Directors at FS-ISAC in December 2025.
Prior to Lloyds, Matt spent nearly eight years at Nationwide Building Society, where he progressed through senior security leadership roles including Head of Cyber Security, Director of Security (CISO), and Chief Security & Resilience Officer. Earlier in his career, he held senior information security roles at the Bank of England and served as a Senior Investigator within the UK Government. His experience spans banking, public sector, and industry collaboration.
Kevin Fielder — Chief Information Security Officer, NatWest Boxed
Kevin Fielder is CISO at NatWest Boxed, accountable for all aspects of information and cyber security across the organisation. His remit includes NatWest Boxed’s banking-as-a-service platform for large enterprises and Mettle, the digital banking application for small businesses. His responsibilities also cover regulatory compliance, security culture, secure use of AI technologies, and colleague and client technology services.
Kevin has built and led security teams across a range of organisations and is focused on embedding security and resilience into business operations. In addition to his executive role, he serves as a non-executive director and board advisor to multiple startups, supporting their growth with a focus on security and resilience.
Thomas Harvey — Chief Information Security Officer, Santander UK
Thomas Harvey is CISO at Santander UK, where he leads the organisation’s cybersecurity strategy and fraud prevention efforts. His role focuses on protecting customers, data, and systems across the bank.
Thomas is an international cybersecurity executive with over 20 years of experience spanning national security, critical infrastructure, and financial services. His background includes leading large-scale security programmes and responding to high-impact cyber threats. He has also acted as an advisor to boards and governments, bringing experience from both public and private sector environments.
David Boda — Chief Security and Resilience Officer, Nationwide Building Society
David Boda is Chief Security and Resilience Officer at Nationwide Building Society, a position he has held since January 2023. He has worked in cybersecurity across public and private sectors for approximately two decades.
Before joining Nationwide, David was Chief Information Security Officer at Camelot for nearly eight years. Earlier in his career, he served as Head of Cyber Security at the Foreign and Commonwealth Office within HM Diplomatic Service. He has also held board-level roles supporting regional cyber resilience initiatives.
Santi de Pedro Olabarri — Chief Information Security Officer, TSB Bank
Santi de Pedro Olabarri is CISO at TSB Bank. In this role, he is responsible for driving cyber resilience, managing risk, and enabling secure business growth within the organisation. His position focuses on aligning cybersecurity with TSB’s business objectives while maintaining a strong risk management posture.
Samaroha Das — Chief Information Security and Resilience Officer, Metro Bank (UK)
Samaroha Das is Chief Information Security and Resilience Officer at Metro Bank in the UK. He is a senior IT and information security GRC leader within the banking sector and holds multiple professional certifications including CISA, CRISC, PMP, and ORM (PRMIA).
His experience includes engaging with senior executive stakeholders and supporting regulatory compliance requirements. He has also led IT audit engagements focused on identifying, assessing, and reporting technology-related business risks within financial services organisations.
Mike Bray — Chief Information Security Officer, Monzo Bank
Mike Bray has been Chief Information Security Officer at Monzo Bank since October 2020. Based in London, he leads information security for one of the UK’s leading digital banks.
Prior to Monzo, Mike operated MB Security & Risk Consultancy and held senior security roles across financial services, insurance, and regulatory organisations. His background includes contract and leadership roles at Bupa, Willis Towers Watson, the Financial Conduct Authority, and LV= Insurance. Earlier in his career, he worked as a security consultant with organisations including Atos, Spark New Zealand, LogicaCMG, and BT Group.
Securing the Future of UK Banking
Cybersecurity leadership in UK banking requires deep sector knowledge, regulatory awareness, and the ability to manage risk at scale. The CISOs featured in this list bring extensive experience across retail banking, digital banking, building societies, and financial services regulation. Their roles highlight how information security and resilience remain fundamental to maintaining customer trust, operational stability, and the long-term integrity of the UK financial system.