As part of the global cyber security programme, you will support the business in continuously challenging and thus strengthening the confidentiality, integrity and availability of its client's data, our intellectual property, and our IT assets.
As a member of the team, you will be responsible for risk assessments and reviews of business and IT processes and solutions, technical security assessments of new applications or technology, due diligence reviews of outsourcing partners.
As part of our global cyber security programme, you will support the business in continuously challenging and thus strengthening the confidentiality, integrity and availability of its client's data, our intellectual property, and our IT assets.
As a member of the Cyber Risk Management team, you will be responsible for various cyber risk related activities that include: risk assessments and reviews of business and IT processes and solutions, technical security assessments of new applications or technology, due diligence reviews of outsourcing partners, security awareness training and provide cyber risk consultancy.
- Conduct risk assessments of new or materially changed systems and facilitate or conduct associated security penetration testing.
- Act as the technical lead on mobile security risk assessments.
- Conduct risk reviews and spot-checks to ensure ongoing compliance with security regulations.
- Provide training and education for staff on all aspects of Information Security.
- Perform vendor due diligence and risk assessments to gain assurance of their Information Security practice, including ongoing reviews.
- Respond to Information and Cyber Security questionnaires and audits by clients and regulators in close collaboration with the business functions, IT, and Legal.
- Assist with development and maintenance Global InfoSec policies and standards in-line with changing business and regulatory requirements as well as changing industry good practice.
- Contribute to the ongoing development of the Information Security function, its processes, and tools.
- A graduate or masters degree in Computer Science, IT or related fields - ideally with an IT security focus or equivalent background.
- At least 5 years' experience in a related role, preferably in a similar position at a financial, insurance, or healthcare institution with a global footprint.
- Experience in performing application and infrastructure penetration tests and using associated frameworks and tools (OWASP, Nessus, etc.)
- Understanding of protocols and application techniques like HTTP, Kerberos, OAuth, SAML, containerisation technologies, microservice infrastructure, secure APIs, secure DevOps practices.
- A history as developer and have a good infrastructure engineering and security related background (optional extra)
- Strong knowledge and practical implementation experience of security frameworks and regulations (ISO27001/2, NIST, HIPAA, OWASP, PCI).
- An in-depth understanding of cyber security threats, attacks and countermeasures.
- Must be able to work independently under limited supervision and to coordinate and prioritize work to meet agreed deadlines.
- Excellent communication, interpersonal, and presentation skills.
- Analytical thinking, structured approach to address complex topics in a concrete manner for the relevant audiences across the organisation.
- Proactive in conducting your own research and are strongly focused on continuous personal development in the field to keep up to date on new and emerging technologies, regulations, and risks.
- Experience with the security aspects of Microsoft technologies such as Exchange, SharePoint, Active Directory, Office 365, and Azure.
- Familiarity with multi-cloud environments, and security automation of cloud blueprints across platforms.
- Solid knowledge of mobile security technologies and MDM
- Knowledge in securing all cloud related architecture, including PaaS and SaaS applications, as well as big data solutions.