Setting the scene
The CISO (Cyber Security) team keeps Aviva safe and secure globally – that’s everywhere we operate the Aviva brand. We enable & protect the business, underpinning the digital agenda using our knowledge and capabilities to move the business forward faster and with confidence. We are committed to providing enhanced security, with ongoing investment to maintain secure and resilient control over our information assets against the new cyber threats in this digital era.
Ultimately, we ensure our employee and customer data is rigorously protected from attack and theft, but also securing what makes Aviva so special, our frameworks and models that are unique and highly valuable, so we also need to protect ‘what makes Aviva, Aviva”.
We are now looking to appoint a Security Architect to define and oversee the implementation of our strategic cyber security capabilities and to engage with business and IT change areas across our markets to embed the security architecture, roadmaps and the ‘security by design principles’.
What you will bring:
You’ll be an enthusiastic catalyst for change. You’ll be the kind of person who can be pragmatic, whilst seeing the art of the possible and articulating longer term visions. You already know just how important security and information protection is to businesses and you can often spot the issues or gaps that need plugging before something negative happens. You will be adept at identifying and addressing emerging domain trends and articulating considerations, impacts and future decisions.
You’ll have an analytical mind and will be able to understand complex policies and advise on ways to communicate them effectively and engage our people in the ‘why’. You’ll be able to manage all kinds of stakeholders and be able to turn people around to a new way of thinking, even when they’ve got no desire to change. You’ll be able to build networks quickly and confidently and you’ll become a ‘go to’ person for security architecture topics.
You will also:
- Be Educated to Degree level (or equivalent) preferably in Technology or Information Security
- Hold a Professional qualification in Information Security e.g. Certified Information Systems Security Professional (CISSP) or similar and/ or Professional qualification in Architecture Development methods (e.g. TOGAF)
- Have demonstrable, well grounded experience in an information security field including key technologies and use of key Information Security Frameworks (e.g. ISF, NIST, ISO)
- Have experience of operating in a home team, and in virtual teams aligned to Domains and Projects
What you’ll do
- Take ownership of one or more of the Security Architecture Domains (see below), creating and maintaining domain assets such as Requirements, Landscapes, Principles, Visions, Target Architectures, Standards, and Roadmaps for each
- Liaise with Project Managers and Solutions Architects/Designers to set projects up for success at the start, ensuring strategic value is delivered and tactical effort/spend is minimised
- Facilitate workshops with Technical and Business stakeholders to provide direction or drive issue resolution - providing analysis, distilling down to key decisions, and capturing next steps or plan for issue resolution
- Perform strategic design reviews at key points of the project lifecycle to identify any risks or capability gaps that need addressing
- Perform architecture governance using CISO and Group Architecture governance processes and board structures
- Provide ad-hoc reports, viewpoints and white papers to respond to management questions, project issues etc
- Engage, lead and direct activity with and through resources in other areas/teams (e.g. Group and Market CISO, Group and Market IT and Businesses)
- Through roadmap creation, be responsible for the planning and optimisation of complex projects / programmes, typically with a 1-2-year timeframe, that will impact multiple markets
The Security Domains include:
- Information Protection: - Data discovery, labelling & classification, data monitoring & data loss prevention, rights management
- Security Management Services: - Security monitoring, event correlation and user behaviour analytics, vulnerability management, risk management, and threat intelligence
- Application & Database Security: - SDLC tooling incl. code scanning solutions, Database firewall & activity monitoring, application secrets management
- Identity & Access Management: - RBAC, recertification, federation, key & certificate management, conditional and posture based access, MFA incl. biometric, privileged access management
- Infrastructure protection: - Signature and advanced anti-malware, endpoint lockdown, network security incl. gateways and IDS/IPS, infrastructure patching, build and patch compliance
If this sounds like the role for you we would love to hear from you. Please feel free to get in touch if you have any questions. Here at Aviva, we will offer you all the support you need to be successful and build a strong and positive career.
What will you get for this role?
- Salary from £60,000.00 to £70,000.00 depending on skills, experience and qualifications
- Generous defined contribution pension scheme
- Annual performance related bonus and pay review
- Minimum holiday allowance of 29 days plus bank holidays and the option to buy/sell up to 5 additional days
- Up to 30% discount for some Aviva products through “My Aviva Extras” plus discounts for Friends and Family
- Excellent range of flexible benefits to include a matching share save scheme
Bring to Aviva what makes you different and we’ll support you to do the best work of your life. We encourage applications from everyone who wants to help us achieve our purpose of helping our customers to Defy Uncertainty.
One of Aviva’s core values is Care More, and this is brought to life through the flexible ways we like to work. This may include working from home some of the time, or flexible work schedules to accommodate parent and carer responsibilities, further studies and hobbies.
As a disability confident employer, we guarantee to interview anyone with a disability, (As defined in the The Equality Act 2010) whose application meets the minimum criteria for the post. (By ‘minimum criteria’ we mean that you must provide us with evidence which demonstrates that you generally meet the level of competence required, as well as meeting any of the qualifications, skills or experience defined as essential). Please apply through the website. and then notify us that you meet the conditions for the guaranteed interview scheme.
We prefer all applications to be submitted online, however if you require an alternative method of applying please contact Alex Stumpo in the Resourcing team at