- Entry level
- No Education
- Salary £40,000.00 - £50,000.00 gross per year
Purpose of the Role:
The role will primarily be responsible for delivering proactive 'security by design' as a technical security SME by overseeing and/or supporting the business in identifying appropriate security solutions and ensuring alignment to security polices, standards and minimum controls (and where applicable, industry standards at a technical level i.e. CIS) to ensure that the business operates within agreed risk appetites for information security, data and cyber.
The role holder will be expected to proactively identify, assess and address areas of risk and potential business and customer impact, aligning processes and controls to the Information and Cyber Security framework and internal security management system, group risk and audit objectives, and overall business security strategy. The role holder will be expected to understand areas of concern and in conjunction with business stakeholders, provide advice and recommendations and support resolution or mitigation as required.
On occasion, the role holder may also be required to carry out independent assessments and/or assurance reviews - and will also provide SME support for incident response.
The role holder will be required to:
- Perform security risk and control assessments (All security domains, with particular focus on technical / IT security) of IT change projects, suppliers (new or existing) and/or processes (in relation to applications, infrastructure and services), report findings, advise on policy and standards requirements (new or revised), track and co-ordinate corrective actions.
- Work with change teams, suppliers and vendors as required to define, agree and implement end-to-end security control solutions, requirements and configurations as appropriate to Ardonagh Group Policies and Standards and external regulatory and legislative obligations (PII, PCI etc) .
- Proactively support the ongoing development and maintenance of robust security controls and processes for the organization as appropriate, contributing to the development and/or consultation of relevant documentation in order to embed these within IT.
- Promote and maintain functional synergies and alignment in approaches across group-wide teams and engage with other related functions and stakeholders where required i.e. Risk & Compliance, Internal Audit, Legal/Data teams.
- Through provision of technical security subject matter expertise, support investigations, audit actions, breaches, incident response and recovery activities as required, assess outcomes and root causes and translate into learnings and/or process and control improvements for the organization.
- Develop and maintain a set of standard security tests to identify weaknesses in any application and website (internally hosted/managed) security controls, including the planning and delivery of in-house penetration testing. In addition, co-ordinate and manage externally delivered pen testing (perimeter etc) as required.
- Provide regular management information, as required, on the overall status of Information Security and Cyber within the business.
- Proactively support the Group CISO in maintaining up-to-date industry views on threat environment, new products and services.
- Undertake activities as required to help promote the importance of information and cyber security to the wider business - including provision of SME in educating and providing awareness as required.
Key Role Accountabilities:
- Security design and architecture advice
- Project/Change Risk Assessment
- Supplier Risk Assessment
- Penetration testing
- Controls Assurance and oversight
- Breach and Incident management SME support
- Security Policy, Standards and Controls development and advice
- Industry updates
- Threat Intelligence
- Management Information contributions, as relevant to role
Essential Criteria - Must be clearly demonstrated on CV
- Expert and up-to-date in Information/Cyber Security protective tooling solutions, expert in technical security controls, expert in industry frameworks and application of thereof (NIST, CIS, ISF, ISO), cloud security, network security, infrastructure security, email security, endpoint security, identity and access
- Practical hand-on operational experience in a similar role and/or Pen testing, Controls testing, security engineering, Cloud Security, Secure SDLC, Data Security
- Strong knowledge of undertaking risk and control assessments and aligning to security strategy, policies and standards, plus understanding of best practices and industry frameworks in information and cyber security risk management.
- Strong technical knowledge of IT infrastructure, applications, and various security related technologies.
- Professional certification such as CISSP, CCSP or other equivalent qualifications or degree. (Note: alternatively, long term hands-on experience in similar role will also be considered in lieu of qualifications)
- Knowledge of DPA / GDPR requirements and PCI-DSS
- Good organisational and time management skills with the ability to adapt quickly to changing priorities.
- Good customer focus and recognition of the importance in IT providing a service to the business.
- Strong communication and interpersonal skills; the ability to communicate at all levels.
- Strong documentation and analytical skills with keen attention to detail.
- Ability to work well both within a team and individually.
- Experience of working in a complex, federated and/or multi-vendor environment.
- Financial services experience.
- CISSP, CCSP and/or other technical security qualifications preferred
- Relevant degree qualifications an advantage i.e. Computer Science, Digital Forensics
- ITIL Certification (Foundation)
Please apply online - no agencies