Aviva’s strategy is ‘Digital First’ which involves transforming our business to become a major online financial services organisation operating with a FinTech mind-set to keep Aviva ahead of the market by delivering the greatest value direct to our customers through the provision of exemplary online services.
To drive this transformation:
- Digital business units are being established, starting in the UK and Singapore, to focus on digital/online sales and support direct to customers
- A global Digital CIO organisation has been created to provide Aviva Group business units a consistent set of online services on a ‘build once, use many’ principle
The Digital CISO team are tasked with securing these services wherever they might be deployed and on securing Aviva’s global perimeter. This role encompasses product security architecture to ensure applications and customer data is secure, that hosting is secure and services monitored and that the Digital business units operate in a secure manner and meet all regulatory, legal and Aviva Group security standards.
This role is part of the Global Digital Market Security Team and is focused on driving secure web application design and operation and ensuring these standards are applied universally.
This role is at the cutting edge of digital transformation and protection and responsible for developing secure application design and coding practices and in ensuring the security of the digital cloud hosting platform:
- Define and develop approaches to enhance the security of Digital CIO products by incorporating the most appropriate best practices and architecture to support Aviva’s digital vision
- Assist in the bigger picture of defining and delivering Aviva’s Global Digital CIO security strategy, policy & standards so customer and Group data managed by Digital services is protected from theft and misuse. This will align closely with the Group CISO security strategy
- Define and develop approaches for enhancing the intelligence and adaptive behaviour of Digital CIO applications. This is critical for improving the way applications respond to cyber threats. For example, applications that can consume intelligence information and adapt their behaviour appropriately
- To identify and extend the Group’s abilities to detect and prevent fraud by continually reviewing new technologies and methods and introducing them to the Group’s digital systems
- Act as a hub coordinating with Digital CIO, CTO and Group Security Consultancy, Architecture & Design to ensure Digital CIO technology selection and patterns, and Group CISO security strategy and technologies are incorporated into Digital CIO products
- To act as Product Manager for all security aspects of Digital CIO products
- To set the standards for web application and perimeter security standards and ensure these are deployed universally on all Internet-facing services, no matter where operated, including both Digital CIO and market-specific services
Duties & Responsibilities
- Defining the architecture required in a digital world to support Aviva’s vision to become a leading FinTech
- How to digitise the traditional paper based services to be available online
- How best to protect customer data to support this strategy
- Considering customer experience as well as technical controls, e.g. leadership in work such a reuniting customers with ‘lost’ policies, e.g. secure but accessible registration for products containing sensitive personal data, even when product details may be lost
- Defining policy for the use of different technologies such as the use of 2FA to protect our customer’s data while ensuring the customer experience is enhanced
- Define and evangelise the adoption of Adaptive Applications
- Develop techniques for detecting and preventing fraud
- Identify key areas of risk for applications, from credential stuffers to all OWASP and SANS threats, and DDoS protection
- Define how Adaptive Applications should work using the data at Aviva’s disposal working closely with the Digital Security Services Manager
- Define Future direction for security technology to be used by all Digital CIO services and Aviva Internet services:
- To continually evolve Aviva’s security technology stack, evaluating and bringing in new technologies in conjunction with Digital CIO CTO and Group Security Consultancy, Architecture & Design as appropriate, so as to enhance Aviva’s security posture
- To look ahead and review new technologies and methods for customer verification, identification and authentication to ensure Aviva’s services remain current and ahead of the competition
- To identify and extend the Group’s abilities to detect and prevent fraud by continually reviewing new technologies and methods and introducing them to the Group’s digital systems along with recommendations of implementing new in-house technologies building on our own data “making our applications smarter”
- To continually appraise the security posture of Aviva’s online service and look ahead at emerging threats and mitigation trends to steer Aviva’s security to counter such threats as and before they emerge
Skills & Experience required
- University Degree in technology/Diploma in Management/MBA/appropriate technical qualification
- Excellent understanding of information security
- Through understanding of cloud technologies and how to leverage the cloud to enhance Aviva’s security posture
- Experience of operating at senior management level
- Leadership skills – able to inspire, energise and motivate people around our vision, values and objectives
- Technology Visionary
- Understanding of Aviva’s global footprint and distribution channels
- Ability to think long-term strategically as well as operationally
- Heightened relationship management skills at all levels
- Ability to anticipate future trends and needs as well as managing current environment
Nice to have
- Experience in C#, Java or other language application development
- Experience working in a regulated business
- Understanding of infrastructure security concepts including firewalls, IDS/IPS and network zoning
- Understanding of IP network addressing, load balancing and high availability applications and infrastructure
What will you get for this role?
- Competitive salary depending on skills, experience and qualifications
- Generous defined contribution pension scheme
- Annual performance related bonus and pay review
- Minimum holiday allowance of 25 days plus bank holidays and the option to buy/sell up to 5 additional days
- Up to 30% discount for some Aviva products through “My Aviva Extras” plus discounts for Friends and Family
- Excellent range of flexible benefits to include a matching share save scheme
Bring to Aviva what makes you different and we’ll support you to do the best work of your life. We encourage applications from everyone who wants to help us achieve our purpose of helping our customers to Defy Uncertainty.
One of Aviva’s core values is Care More, and this is brought to life through the flexible ways we like to work. This may include working from home some of the time, or flexible work schedules to accommodate parent and carer responsibilities, further studies and hobbies.
We prefer all applications to be submitted online, however if you require an alternative method of applying please contact us directly
As a disability confident employer we guarantee to interview anyone with a disability, (As defined in the The Equality Act 2010) whose application meets the minimum criteria for the post. (By ‘minimum criteria’ we mean that you must provide us with evidence which demonstrates that you generally meet the level of competence required, as well as meeting any of the qualifications, skills or experience defined as essential). Please apply through the website. and then notify us that you meet the conditions for the guaranteed interview scheme.
We prefer all applications to be submitted online, however if you require an alternative method of applying please contact Vicky Gianre in the Resourcing team on 0117 928 4420