This an exciting opportunity for an Information Security Controls Assurance Specialist to join the team here at IAG for a Permanent opportunity on a full-time basis.
IAG’s strategy is to build our digital DNA and create the best digital insurance and ancillary company globally by moving towards more open systems and connecting with partners.
In doing this IAG needs to ensure that our uplift in Digital capability is matched with a major uplift in our information security capability.
The purpose of this role is to help protect IAG’s digital and information assets by ensuring continued operation of assessment solutions as well as validation of required cyber controls through security certification / assessment.
A major sophisticated cyber-attack against IAG could have a catastrophic impact on the business, and this team is one of the main lines of defense against such an attack.
What’s in it for you?
You will join a high performing, close knit team that foster a culture of diligence and delivery. You will be surrounded by experts to leverage their knowledge, skills and experience to set yourself up for a great career in Cyber Security.
And finally, the team love to have fun so bring your sense of humour.
You are a person that has excellent attention to detail, who can work autonomously but also an ability to change your style to engage and collaborate with a variety of different stakeholders within Distribution Partnering and across IAG.
You will be a person that is genuine, hardworking and solution oriented in your approach to a vast array of complexities.
Key Responsibilities :
Remediation Management : involves active tracking and monitoring of vulnerabilities detected via automated security scanning tools and manual security testing processes and working with Vulnerability Owners to define treatment plans and implement remediation solutions in accordance with Cyber Security standards.
Operational Support : Assessment Applications : ensure that solutions in use by the Assessment team remain operational.
This requires vendor engagement and following up on tickets when issues occur.
Secure Build : is a certification process that involves assessing the security of solutions at the build stage, to verify alignment of the as-built controls with those specified in the upstream architecture and detailed designs.
Third Party Security Assessment : ensure that third parties comply with legislative, regulatory and internal security requirements by conducting assessments of systems and / or processes.
Security Control Assessment : ensure that systems and third parties comply with legislative, regulatory and internal security requirements by conducting assessments of systems and / or processes.
Reporting & analytics : update and maintain Assessment dashboards and assist the Cyber Security Assessment team to develop and implement regular reports that showcase how Assessment positively affects the overall risk profile.
Process Improvement : identify practical improvements to processes and automation opportunities that would improve agility and allow greater utilisation of self-service capabilities.
Skills & Experience :
4+ Years’ Experience working with 3rd Part Security Assurance or IT Systems based security controls testing.
A tertiary degree in Engineering, Computer Science or related discipline is essential
One or more relevant industry certifications, such as CISSP, CISA, ISO 27001 Lead Auditor, PCI-P / PCI ISA
Good written and verbal communication skills
A strong desire to constantly learn
Proven experience working with Vulnerability Management technologies such as Tenable and Qualys, and with designing and operating processes around vulnerability remediation and management.
Nice to have : Thorough understanding of Cloud and other Security Standards / Frameworks e.g. CSA CCM, NIST CSF, ISO 27001, PCI-DSS Proven experience working with ticketing and orchestration solutions such as ServiceNow and JIRA.
Experience developing reports in tools such as PowerBI or Tableau