Aviva provides around 31 million customers worldwide with insurance, savings and investment products. We are the UK’s largest insurer and one of Europe’s leading providers of life and general insurance. We combine strong life insurance, general insurance and asset management businesses under one powerful brand. We are committed to serving our customers well to build a stronger, balanced business, which makes a positive contribution to society, and for which our people are proud to work.
The UK CISO team has been built two years ago to develop and lead the security strategy for all UK Markets. The team will be working to the below Mandate within the overall CISO function:
- Accountable for security risk management, dedicated security support, and security assurance
- Responsible for handling security risks and ensuring that security operational requirements are met or exceeded, as well as driving forward the global security strategic integration programmes
- The key interface from a security leadership perspective with the UK CIO’s, ensuring adequate budget, resource, and management focus on handling security risks
- The team will act as the control and facilitation point for security related tasks and activities, which are executed in the broader local organisation in order to ensure a reliable end to end chain of responsibility from group to local execution
We are also responsible for driving forward standards of excellence within security and through discussions with the Group CISO setting the local strategy and contributing into the group strategy for security
Purpose of the Role
You will provide dedicated support and security related technical expertise to your respective IT Business Partners within the UK markets to enable the business to deliver safe and secure services to the business and our customers.
Give the business assurance over the security controls within the market and give guidance on remediation where any gaps are identified in their security controls.
You will provide technical and non-technical support to projects and change initiatives where required, ensuring that all security requirements are gathered and implemented.
Duties & Responsibilities
- Work to the UK policies and standards set by the UK CISO team and standard methodology to ensure the security aspects of the UK markets are implemented and handled in an effective and appropriate manner via the dedicated and reactive engagement in Change and BAU initiatives
- Provide security & technical expertise to ensure all UK CISO initiatives, projects and programmes are secure by design and well managed and that a balanced control environment is embedded, ensuring all changes are implemented to BP Controls and IT standards
- Develop positive relationships with all necessary security, IT Platform, Supplier and Business partners to ensure the security risk picture is well understood and led effectively
- Develop firm grasp of local business plans, products and objectives
- Establish and embed appropriate processes to ensure that adequate security assurance is undertaken in relations to the change initiatives
- Analysing and producing MI and insight, establishing root cause, identifying any remedial actions to take and liaising with the relevant team/area to get issues resolved
- Take an active lead to evangelisation of security concepts and promote secure design across the UK CISO and UK CIO markets
- CISSP and/or CISM
- Acknowledge Technical authority with broad experience of security management concepts built up over a number of years in dedicated technical and security operations and / or management roles
- In-depth knowledge of IS governance processes and practices, including ISMS monitoring and control frameworks such as, ISO, ISF and COBIT, their relationships to other frameworks and their application within a financial services environment or other highly regulated industry
- Deep understanding of Secure Development Lifecycles and their application in an agile environment
- Good understanding of security architecture principles and processes
- Good knowledge of IT Operations procedures and standard methodologies. Demonstrates the ability to identify critical data connections and patterns and to conduct in-depth analysis to reach logical conclusions
- Uses some interpretation of guidelines and procedures to deal with exceptions and make straightforward decisions which have minor consequence of error
- Verifies assumptions and information before accepting them, reviews others work and provide constructive feedback.
- Communicates in a clear and respectful manner and is able to produce in-depth written material which uses correct grammar, spelling and punctuation
What will you get for this role?
- Competitive salary depending on skills, experience and qualifications
- Generous defined contribution pension scheme
- Annual performance related bonus and pay review
- 29 Days plus bank holidays and the option to buy/sell up to 5 additional days
- Up to 30% discount for some Aviva products through “My Aviva Extras” plus discounts for Friends and Family
- Excellent range of flexible benefits to include a matching share save scheme
Please note that this role’s location is flexible and will require travel to various other locations within the Aviva portfolio
We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, coloUr, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.
Bring to Aviva what makes you different and we’ll support you to do the best work of your life. We encourage applications from everyone who wants to help us achieve our purpose of helping our customers to Defy Uncertainty.
One of Aviva’s core values is Care More, and this is brought to life through the flexible ways we like to work. This may include working from home some of the time, or flexible work schedules to accommodate parent and carer responsibilities, further studies and hobbies.
As a disability confident employer, we guarantee to interview anyone with a disability, (As defined in the The Equality Act 2010) whose application meets the minimum criteria for the post. (By ‘minimum criteria’ we mean that you must provide us with evidence which demonstrates that you generally meet the level of competence required, as well as meeting any of the qualifications, skills or experience defined as essential).
Please apply through the website and then notify us that you meet the conditions for the guaranteed interview scheme.
We prefer all applications to be submitted online, however if you require an alternative method of applying please contact Alex Stumpo in the Resourcing team at firstname.lastname@example.org