Role: Platform Security Specialist
Location: York & Eastleigh
Salary: Circa £30,000 to £60,000 + very competitive benefits package
Exciting opportunity for an experienced information security professional to progress their career within an exciting, dynamic and rewarding environment, working for a client of mine who is a global player in the insurance sector.
The team lead on:
- Bringing together and driving solutions for the GI Business and Operations.
- Driving platform stability, integrity and security for their customers through robust operational discipline.
- Ensuring that platform change and engagement is simple, fast and cost effective by building world class engineering capability, enabling us to Defy Uncertainty for our customers at pace.
- Ensuring that the platforms remain highly competitive and cost optimised by driving simplification in all aspects, strong partnerships and a culture of innovation and agile working.
- Key systems owned and managed by this area include Exceed, Appian, Blue Prism, Image, Exstream and Guidewire.
- Provide dedicated support and security related technical expertise to enable platform leads to deliver safe and secure platform services to our business and its customers.
- Ensure IT Platforms develop, build and operate secure applications and install secure IT and business infrastructure.
- IT Platforms in achieving its objectives and to mitigate any risks through the adoption of industry best practice via policy, effective risk management, assurance and training.
- Articulate and drive clear and unambiguous security technical solutions in response to ever changing threats, both with the run and change aspects of the platform area.
- Bridge and unite the Platform and CISO organisations.
Key aspects of the role:
- Enabling the platform lead to securely own technical assets on behalf of CIO and ensuring their long term integrity.
- Engage with key stakeholders to actively support and coordinate secure technical and non technical platform deliveries.
- Ensuring all Changes adhere to BP Controls and IT standards.
- Working to the UK policies and standards set by the UK CISO team and industry best practice to ensure the security aspects of the Platforms area are implemented and managed in an effective and appropriate manner via the proactive and reactive engagement in change and run initiatives.
- Promote the processes and standards set by the Global & UK CISO teams to ensure all Platform initiatives, projects and programs are secure by design and well managed and that a sustainable control environment is embedded.
- Develop strong relationships with all necessary security, IT Platform, Supplier and Business stakeholders to ensure the security risk picture is well understood and managed effectively.
- Develop firm understanding of local business plans, products and objectives.
- Establish and embed appropriate processes to ensure that adequate security assurance is undertaken in relations to the change initiatives.
- Take an active lead to evangelisation of security concepts and promote secure design across the Platform organisation.
- Analysing and producing MI and insight, establishing root cause, identifying any remedial actions to take and liaising with the relevant team/area to get issues resolved.
Risks & Controls:
- Identify, own and manage the specific key risks and/or IT controls and BP standards that you are identified as the owner and/or nominee for on iCARE.
- Ensure that issues and actions associated to controls / risks are remediated in a timely manner.
- Maintain appropriate records and ensure that controls are sufficiently well designed and operating effectively to keep the risks that they mitigate within my clients tolerance level.
- What type of problems need to be solved:
- Ability to give high and detailed level understanding of outcomes wanted for secure technical deliveries, and recognising dependencies, across all Platform changes and competing demands.
- Provide solutions for deficiencies in process and operational procedures.
- Ability to apply a sophisticated level of reasoning to competing demands on cost, time, quality and security.
- What are the key decisions taken:
- Risk based decision making ensuring that Platform staff interpret standards appropriately and translate into appropriate technical and procedural solutions.
- Agree upon and make decisions around the effective interpretation of threat intelligence and its potential impact to platforms including decisions on the most appropriate mitigating solutions and actions.
Experience / Skills Required:
- Has to be fantastic at establishing strong relationships with an excellent ability to influence and apply pragmatism where we often meet competing demands. Ability to bust the paradoxical with level 4 thinking.
- Broad experience of security management concepts built up over a number of years in dedicated technical and security operations and / or management roles.
- In-depth knowledge of IS governance processes and practices, including ISMS monitoring and control frameworks such as, ISO, ISF and COBIT, their relationships to other frameworks and their application within a financial services environment or other highly regulated industry.
- Good understanding of Secure Development Lifecycles and their application in an agile environment.
- Good understanding of security architecture principles and processes.
- Good knowledge of IT Operations procedures and best practices.
- Excellent stakeholder management.
- Excellent influencing, negotiating and communication (written and verbal) skills.
- Disciplined and organised mind-set.
- Actively seeks opportunities to develop knowledge and experience, internally and externally.
- Platform security