As part of a small and well-respected team within our leading financial services organisation, the Information Security Assurance Consultant will have exposure to a wide range of information and cyber security controls and frameworks both within our own business and at our key outsourced service providers. Additionally, you will take the lead on a number of key areas and will have the chance to really make a difference. If you already have a good grounding in information security and/or assurance, this is an ideal opportunity for you to further develop your skills in a supportive and well rewarded environment.
- Contributing to and maintaining the Information Security framework, meeting Phoenix Group Policy and regulatory requirements
- Managing and monitoring performance of security controls, engaging with internal and external stakeholders including strategic outsourced partners
- Providing Information Security advice, support and assistance to the business to ensure compliance with Policies and Standards
- Participating in governance and oversight forums and management committees
- Completing due diligence of new suppliers and technology solutions
- Overseeing IT vulnerability scanning and patching processes to ensure they are operated effectively
- Production of clear management information and reporting for committees and stakeholders.
The Role specifics:
This is a broad information security role and would suit someone who enjoys variety on this subject matter. The bullet points below will highlight the breadth of accountabilities. We are therefore looking for someone who has proven transferable experience in at least three of the five key areas below:
- Planning and executing IS assurance reviews on the performance and effectiveness of information security controls within Phoenix and key outsourced service providers
- Managing our Data Leakage Protection (DLP) processes including review, tracking of issues, escalation and reporting
- Overseeing our penetration test processes; including scoping, selection of suppliers and issue remediation
- Conducting due diligence of new suppliers ensuring information security controls have been properly risk assessed and providing advice to the onboarding team regarding supplier suitability
- Overseeing the IT vulnerability scanning and patching processes to ensure they are operated effectively, identified issues are appropriate considered and remediation applied in appropriate timescales
We are also looking for:
- A broad knowledge of information security risks with a good understanding of the full spectrum of Information Security controls
- The ability to pick up new skills and tasks quickly and effectively
- A well-rounded technical IT knowledge as it relates to information security risks
- The ability to work flexibly and supportively within a small team
- The ability to communicate with and challenge counterparts in outsourcers and other external suppliers
- The ability to describe, communicate and promote information security solutions in a manner that the wider business community can understand
- Good planning and organising skills, with strong knowledge of Microsoft Excel and PowerPoint
- The ability to plan and manage external dependencies
- The ability to define challenging objectives and achieve them
- Candidates will ideally have appropriate security qualifications such as CISSP, CISM or CISA, but it's not essential
In return, you can look forward to a great package, excellent conditions and a superb working environment, plus the chance to make your mark in a rapidly developing FTSE listed company.
N.B. When on the Phoenix Careers site, first time visitors will be asked to register before applying.
Closing date: Midnight, Thursday 18th July 2019.
To apply, simply click the APPLY button.