What you will be doing
1. Accountable for setting, agreeing and maintaining the Security Controls & Reporting Functional plan with the Head of Security Assurance & Controls and then organising, managing and motivating the Security Controls & Reporting Team to effectively deliver that plan.
2. Responsible for the Information Security Training and Awareness Programme so that all employees are aware of the many threats they face and how to respond to them appropriately, when they do.
3. Lead on defining, gathering, analysing, the presentation and dissemination of all information necessary to provide a consistent view of the 'state of security' across the UK&I businesses.
4. Ensure the approved cycle of Penetration Testing is carried out and that communication on the plan is known by all relevant stakeholders
5. Accountable for establishing and maintaining the inventory of 'Crown Jewel' data assets and ensuring the controls that should protect them are in place and they are effective.
6. Responsible for agreeing the PCI scope and recertification submission to the acquiring bank and the Annual ISO assessment or re-submission to Ernst & Young.
7. Responsible for Access Approval and Re-certification to the infrastructure, Software and Services received in the Security Mailbox or ServiceNow queue
8. Accountable for the Governance, tracking and co-ordination of the Internal and Financial Controls frameworks
9. Accountable for maintaining a log and tracking Internal Audit and Transversal Information Security and Cyber audit actions.
10. Accountable for the performance management, development, training, cross functional collaboration and succession planning to raise the capability, efficiency and performance of the Security Controls & Reporting Team and wider UK Security Team.
What we can offer you
Bonus Scheme linked to yours and the company’s performance
Pension scheme with employer contributions as well as your own
35 hour working week
25 days holiday increasing with service plus bank holidays
Interest free season ticket loan scheme
Share Plan Scheme Flexible benefits scheme
Discount on all Insurance products, including insurance, breakdown cover & healthcare
Who are we looking for?
Degree level qualification or equivalent work experience Relevant professional qualifications e.g. CISSP, CISM, CISA, CRISC, MIISP, QSA, ISA, PCIP desirable but not essential
Skills & Knowledge
In depth experience of Security domains, control environments, architectures, logging & monitoring tools, reporting metrics and risk management.
Understanding of the workings of UK General Insurance.
Excellent communication, interpersonal skills and behaviours.
In depth knowledge of one or more sets of business processes, applications or key technologies (e.g. Networks, desktop and mid-range infrastructure, communication technologies) in use within the Company Excellent understanding of systems life cycles and project management.
Ability to assimilate information quickly, clearly identify key issues and present information concisely. Ability to develop and maintain a wide network of contacts across the business.
Ability to be Self Sufficient and motivate staff.
Previous business and / or IT security Control & Reporting experience in a large commercial organisation. Extensive experience in an Information Security Controls & Reporting role.