Information Security Assurance Consultant

Job Description

    • Halifax
  • We are an agile team of tech experts, game-changers and creative-thinkers, changing the future of insurance forever and making a real difference in people’s lives. We are using human-centred technology to make insurance more personal, relevant and predictive to the way that people live today. We are setting the pace of change for our industry, and we do this by always asking what’s next, by never being satisfied with the status quo, and by breaking barriers together.

     

    We are a team of individuals with a shared passion for solving problems, a hunger to learn, a super positive attitude and a burning desire to make a difference in the world. We’re a diverse group of curious, creative-thinkers of any and all kinds who know that true innovation only comes from working together with an open mind. We start with people first, bringing together data, the latest technology, the most innovative processes and the brightest brains to create ground-breaking ideas that will have the biggest impact on people’s lives. We build, test, learn, pivot and fail fast to bring the best ideas to life. And when we’ve got a great idea, we will throw everything we’ve got at to make it a success.

     

    Unlike other insurance companies who step in only when things go wrong, we are developing technologies that will help our customers stop the worst from happening by integrating seamlessly into the lives of their consumers.

     

    What would you be responsible for in this role?

    • Collaborate with stakeholders to identify, assess and treat internal and third party information risks; tracking the risks and the associated controls.

    • Manage, develop, and maintain the information risk register, information asset register, and support continuous improvement and maturation of information security risk management processes

    • Manage and mentor Lead Information Security and Risk Analysts

    • Provide advisory support to business function and IT teams in understanding risk and security considerations of business operations, new projects, and third party suppliers.

    • Ensure that the security requirements for new and change business projects are defined, based on the assessment of risk within the framework provided by Group Policy

    • Assist IT teams in defining and executing action plans to implement controls

    • Monitor compliance with the agreed controls on a regular basis

    • Contribute to the definition and maintenance of a practical and comprehensive Risk Assessment methodology, with supporting tools where appropriate

    • Control and manage assurance monitoring and tracking, including the retention of adequate records.

    • Schedule information risk and compliance audits, review the outcomes audit process; direct compliance issues to appropriate resources for investigation and resolution

    • Ensuring IT and Information Security risks are captured and articulated and that appropriate controls assurance, compliance and reporting activities are conducted to enable effective identification and management of related issues and exceptions

    • Ensuring reviews of IT and information risk controls are undertaken, oversee related remedial activities and make recommendations to management in order to make IT and information security controls more robust

     

    What would we like to see in you?

     

    We’re looking for an experienced Information Security and Risk professional with experience in the following areas: Information Security, IT Audit, supplier security assessments, working within a control framework. They will have strong knowledge of Risk Management Frameworks and excellent communication skills.

    • Risk Management Framework experience (IRAM, CRAM etc.)

    • Experience of Policy and Standards writing and management

    • Knowledge of security related products, Information Security Management Systems and security / risk strategies

    • Proven information security and cloud based systems risk management experience.

    • Experience of security controls both within cloud environments and on premise.

    • Experience in the following areas: Information Security, IT Audit, supplier security assessments, working within a control framework

    • Strong knowledge of ISO series of standards, PCI DSS and GDPR

    • Knowledge of Cybersecurity Frameworks such as CIS Critical Security Controls, OWASP, Cloud Security Alliance etc.

    • Good knowledge and understanding of software development lifecycle and its implications on BAU service.

    • Have excellent relationship management skills and able to influence business and IT stakeholders.

    • Ability to learn quickly and apply risk/control considerations, whilst being mindful of business process impact.