CISO Security Specialist

An excellent opportunity has arisen in the Security Advisory Team within CISO (UK/Shared Services) for an experienced Cyber/Information Security practitioner. The role resides in the team who provide a bespoke security consultancy and risk assessment services to markets, functions and major programmes The focus of the role will be to provide specialist advice and guidance on a variety of information and cyber security matters, as well as, performing risk assessments and security design reviews as part of projects ensuring alignment to Cyber Policy, industry best practice and compliance with the Aviva Business Protection Standard (BPS). The advisor will be required to represent the CISO function in different forums. To reduce the risk of change activity (IT and Cyber initiatives) to Aviva, the successful candidate will provide: Security consultancy advice and guidance, security review of solution designs including recommendations, advice and guidance to promote secure by design and carry out Information Security Risk Assessments (ISRA) to better manage Aviva risks against reputational damage, system outage and data loss potentially leading to regulatory fines, as data security becomes a greater focus across the globe. The team is made up of professional people who are passionate about providing a top-class service and protecting Aviva, whilst also supporting each other. This is accomplished through knowledge sharing and maintaining an enjoyable working environment. The role will require someone with in-depth technical knowledge, who can collaborate well with colleagues across multiple disciplines as the team works with technical and operational teams across the business to ensure change activity meets Aviva’s security requirements whilst adopting the necessary security controls. Duties & Responsibilities: Project/Change Triage: Initial assessment of the change activity to trigger level of Security Advisory Engagement and understanding of inherent threat to Aviva. Identifying security issues in technical designs. Threat Modelling: Scenario based identification of related threats according to threat landscape affecting change activity. Control Effectiveness: Assessment of BPS control strength to reduce the impact of a threat. Vulnerability Assessment: Scenario based assessment of existing controls effectiveness. Provide guidance on Aviva security processes such as penetration testing and business impact assessment. Deliver consultancy on the Aviva security governance processes (e.g. security fundamentals, TPISA processes etc). Producing management information reports and creating / presenting security awareness training. Promoting good security practice with our partners and third parties. Providing cyber security input to projects. Timely and accurate management of findings ensuring risks have relevant owners, remediation plans or risk acceptances. Creation of materials to articulate risks with clear risk treatment options and recommendations, for business use. Skills & Experience required: Communicates in a clear and respectful manner and can produce in-depth written material that distils complex technical / security topics into plain English. Manage a variety of stakeholders (internal and external IT and no-IT) and projects simultaneously. Ability to influence and apply pragmatism. Risk Assessment methods and frameworks (IRAM2, OCTAVE, NIST, ISO 27005 etc). Information Security Management System frameworks and standards and their application Knowledge of governance processes and practices, including ISMS monitoring and control management frameworks such as, ISO, ISF and COBIT, their relationships to other frameworks and the application within a financial services environment. Compliance frameworks relevant to financials services including SOX, PCI DSS, SSAE16, etc Good working knowledge of one or more security technologies and domains, including, but not limited to network security, cyber security, data security, identity and access management, application security & cloud security Experience in advising on or developing security architectures and designs for one or more security technology domains. Experience working in security advisory roles with multiple stakeholders across IT and business functions, preferably in a regulated industry such as FS. Experience and working knowledge of security testing and assurance solutions and systems would be advantageous. Security technologies (firewalls, WAFs, DLP, cryptography, vulnerability scanning, identity and access management, etc.) Experience in designing security in Cloud environments. Exposure in designing security architecture for on-prem to cloud migrations. Understanding of hardening techniques for networks, servers, applications, dockers using appropriate tools such as CIS Benchmarks. Working knowledge of Secure Development Lifecycles and their application in an agile environment. Industry certification such as CISSP, CISM, CRISC, Member of CIISEC would be advantageous. Degree in Computer Science, IT, Information Security, or equivalent experience would be desirable. What will you get for this role? Salary of circa £50,000 depending on skills, experience, qualifications & location. Generous defined contribution pension scheme Annual performance related bonus and pay review Holiday allowance of 29 days plus bank holidays and the option to buy/sell up to 5 additional days Up to 40% discount for some Aviva products through “My Aviva Extras” plus discounts for Friends and Family. (Some exclusions apply) Excellent range of flexible benefits to include a matching share save scheme Working at Aviva At Aviva, we’re people with a purpose. To be with you today, for a better tomorrow. We bring this to life by ensuring managing risk is at the heart of the way we all work. We love people who do the right thing for our customers, and our colleagues. We want people who speak up, who take responsibility, and who make good decisions. The way we do this is important too. We’re all about our people – that’s you – so we can be pretty flexible. If you want to work from home some of the time or change your hours so you can pick up your kids or care for someone in your family, we’re very open to that. In fact, we don’t advertise roles as either part or full time, because we know each person has different needs, just as each business area has different needs. So, it’s up to you to discuss working hours during your interview. We care deeply about being inclusive and that means we encourage applications from people with diverse backgrounds and experiences. We want our employees to bring their whole self to work and that starts with you. We interview every disabled applicant* that meets the minimum criteria for the job. Once you’ve applied, please send us a separate email stating that you have a disclosed disability, and we’ll make sure we interview you. We’d love it if you could submit your application online. If you require an alternative method of applying, please give Alice Neal a call on 07393469953 or send an email to alice.neal@aviva.com. *As defined in The Equality Act 2010*. By ‘minimum criteria’ we mean you should provide us with evidence which demonstrates that you generally meet the level of competence required and have the qualifications, skills or experience defined as essential to perform the role.