Aviva’s strategy is ‘Digital First’ which involves transforming our business to become a major online financial services organisation operating with a FinTech mind-set to keep Aviva ahead of the market by delivering the greatest value direct to our customers through the provision of exemplary online services.
To drive this transformation:
- Digital business units have been established, starting in the UK and Singapore, to focus on digital/online sales and support direct to customers
- A global Digital CIO organisation has been created to provide Aviva Group business units a consistent set of online services on a ‘build once, use many’ principle
The Digital CISO team are tasked with securing these services wherever they might be deployed. This role encompasses product security architecture to ensure applications and customer data is secure, that hosting is secure and services monitored and that the Digital business units operate in a secure manner and meet all regulatory, legal and Aviva Group security standards.
This role is part of the Service Security & Continuous Improvement team and is primarily focussed on continuous review of service operations and traffic, identifying patterns that might indicate application performance or functional issues or attempted malicious behaviour. This intelligence will be used to continually enhance both the services and their operational security.
This role is at the cutting edge of digital transformation and protection. The successful candidate will:
- Have an opportunity to make a big impact into what will become a significant market disrupting business
- Learn on the job and develop expertise in a growing field
- Gain understanding of working with web application firewall (WAF) and other application protection technologies
- Work in an exciting start-up; ‘can-do, will-do’ culture
- Need an enquiring mind; you need to have the drive and self-direction to start with a blank sheet of paper and go looking for potential issues and help device methods to resolve whatever you might find
You will be looking to identify ways to enhance Aviva’s applications to make them more reliable, performant and usable to customers by understanding real-world use of online systems while simultaneously identifying means to enhance the protection of the services from the myriad of threats in a digital world.
Duties & Responsibilities
As a member of a new Service Security & Continuous Improvement team within the Digital CISO function, this role will:
- Hold responsibility for taking newly provisioned feeds of operational data and turning them into actionable intelligence
- Be actively involved in hunting for and investigating abnormal patterns of system and user behaviour
- Monitor web (http) traffic and use host metrics and application logs to provide an overall picture of service status and identification of potentially malicious activity
- Be responsible for developing and ensuring implementation of key counter measures as deemed necessary.
- Create and extend operational dashboards and alerts to support:
- Real-time monitoring and identification of issues
- Provision of summary information to management teams and for reporting purposes
The team will cooperate with and support the Aviva Global Cyber Security Operations (GSOC) team, with this team’s focus being on provision of in-depth hunting and advice to GSOC or investigating unusual patterns of behaviour advised by GSOC. This team is not a 24x7 live service monitoring and incident management team; that is the role of GSOC.
Skills & Experience required
- Good understanding of Internet and web protocols, particularly HTTP and DNS, and client/server interactions and the meaning of numerous formats of system log
- Understanding of information security
- A Levels/BTEC National Diploma in Computer Science or University Degree in Computer Science
- Analytical and inquisitive mind and desire to gain a better understanding of what lies behind what may initially look ‘nothing more than a blip’
- Self-drive and motivation to investigate proactively without needing instruction or detailed direction
- Experience with analytical tools such as Splunk, Sumo Logic or similar data management tooling
- Good team working and ability to work as a member of multiple virtual teams and within a matrix structure
- Experience of remediating Web application vulnerabilities and involvement in application penetration testing
- Understanding of web application firewalls (WAF)
- Understanding of Transport Layer Security (TLS)
What will you get for this role?
- Competitive salary (dependent on skills & experience)
- Generous defined contribution pension scheme
- Annual performance related bonus and pay review
- Minimum holiday allowance of 29 days plus bank holidays and the option to buy/sell up to 5 additional days
- Up to 30% discount for some Aviva products through “My Aviva Extras” plus discounts for Friends and Family
- Excellent range of flexible benefits to include a matching share save scheme
We’re here to free people from the fear of uncertainty. Our insurance, savings and investment products help some 31 million customers enjoy life today, knowing that tomorrow is covered. And we definitely know how to look after our own people. If you love doing a great job to improve things for customers, you’ll be at home here. Help us build a future to be proud of and get ready to fulfil your potential with Aviva.
‘Bring to Aviva what makes you different and we’ll support you to do the best work of your life. We encourage applications from everyone who wants to help us achieve our purpose of helping our customers to Defy Uncertainty’
One of Aviva’s core values is Care More, and this is brought to life through the flexible ways we like to work. This may include working from home some of the time, or flexible work schedules to accommodate parent and carer responsibilities, further studies and hobbies.
We prefer all applications to be submitted online, however if you require an alternative method of applying please contact Jenny Dao in the Resourcing team on email@example.com
We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, colour, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.