Information Security Manager - Admiral Pioneer

About Admiral

Admiral Group is a FTSE100 Financial Services company with a presence in eight countries. The company was set up in 1993 as a car insurance specialist, but since then the Group has expanded in other countries and other insurance verticals such as household and travel insurance, in loans, price comparison platforms, and has developed innovative products.

The Group has 7 million customers worldwide and employs over 11,000 people across its operations. Admiral is a growth story with an enviable track record of strong financial performances, ROE consistently over 50%, a turnover of £3.5 bn, and a profit before tax of £520 m in 2019.

Admiral’s philosophy is that ‘people who like what they do, do it better’ and Admiral is proud to offer an open culture where achievement is rewarded and recognised and where coming to work is exciting every day. In 2019, Admiral received a special award from ‘Best Companies to Work For’ as the only company to feature within their rankings since they began 20 years ago: a true testament to the Group’s culture.

About Admiral Pioneer

Admiral Pioneer is a new entity within the Admiral Group with the objective of seeding, launching, and scaling new businesses in areas of increasing societal importance. We are focusing on three significant domains:

• Mobility
• Future of Work
• Live to 101

These domains are long term growth areas for Admiral. We anchor around meeting customer needs and are focused on experimenting and proving new products, business models, and partnerships, through a discovery-driven approach.

We aren’t an incubator, we are building a dynamic and energizing environment where we will provide all the excitement and freedom of a start-up, with the support and stability of an established organization.

We are now looking to recruit an experienced, highly skilled Information Security Manager, with a strong technical background.

About the Role

We want to build a security-first organisation where everyone understands and considers our business and our customer's security seriously. The successful candidate will establish the security culture and support our team to deliver this. The role will be responsible for all aspects of security and our technical environments. This will be at the level of stakeholder management and strategy, down to the technical detail of implementations. You will be someone willing to get their hands dirty when needed, but with a strong outcomes-based motivation in this highly critical area of the business.

We want to ensure that Pioneer is:

• Compliant with the group, internal, and regulatory standards
• Following best practice in IT and for the insurance industry
• GDPR compliant as necessary (allowing for Brexit) and then local country-specific rules
• Taking a sensible balance of security vs. convenience
• Tracking global security threats and risks and taking mitigating steps
• Managing risks: vulnerabilities, boundary defences, data protection/access, phishing, viruses, worms, malware, network, devices/BYOD, etc.
• In the event of a breach, able to manage the crisis, and have a single point of reporting and single point of contact
• Supporting and educating any individuals who are subject to an attack
• Following legal requirements for reporting in the event of a breach, working with the ICO as needed
• Maintaining a current asset and software license database
• Matrixed into the group security community
• Able to respond quickly, tactically, and strategically to identified potential threats
• Able to identify and implement quick security wins
• Implementing and defining security basics and ensuring everyone gets training
• Managing staff entry and exit properly, so that access is given only as needed and removed quickly
• Keeping the security team lean but growing in line with the business
• Backing-up data and maintaining active ransomware mitigations

Defining and Agreeing:

• Security strategy providing a holistic approach to security that works for infrastructure, applications, and development
• Detailed security guidelines for architecture and engineering
• Detailed guidelines for how to set up windows and network engineering
• What we need to run in-house and where we should use vendors
• KPIs for information security and implementing dashboards
• Implementation of ongoing training for personnel
• Necessary security skills and leadership

Ongoing:

• Advising architects and engineers on security and ensuring secure solutions
• Reporting to management on overall security status, threats, issues, and resolutions
• Logging monitoring and mining to find potential threats
• Threat detection, management, and reporting
• All identified risks are mitigated and new risks and issues are discovered as pro-actively as possible
• Ensuring the asset list is updated through primarily automated means
• Ensuring the software license list is updating through primarily automated means
• Managing suppliers and internal team members through the technical detail of implementing the security strategy
• Refining the security strategy in line with ongoing learnings
• Monitoring security software for threats, breaches, and staff non-compliance
• Implementing security policy and any agreed changes
• Managing remediation of any audit reports
• Cooperating with any audits openly
• Building relevant, high-quality vendor relationships to acquire the specialist services we need
• Providing security input for people responsible for assessing vendors

Periodically:

• Disaster recovery testing and managing remediation of any issues
• Running security-focused AWS game days to test and develop skills of AWS developers
• Running red team events as deemed necessary
• Perform internal ‘soft’ audits to assess issues
• Run ethical hacking (with a specialist provider) to pro-actively find and remediate issues
• Re-training to account for changes in the security guidelines

About You

You are probably leading a security function in a scale-up or successful corporate. You recognize that security and speed of implementation are not mutually exclusive and get a kick out of working with small and focused delivery teams.

|Experience

• Sourcing, agreeing, and managing a range of vendor software providers/security services
• Security architecture including AWS and Windows Networking
• Able to work with engineering teams to advise on security aspects
• Experience setting up secure AWS landing zones
• Have been responsible (for at least 2 years) for security in a scale-up (circa 20-50 employees) or a bigger organisation
• Defining, building buy-in, and implementing security policies, guidelines, and rules
• Managing security breaches
• Knowledge of security practices, tools, and threats
• Familiarity with CIS, NIST, and related guidelines
• Secure infrastructure and secure development practices
• Guiding development teams on security architecture

Additional Information 

The Information Security Manager will report to the Chief Technology Officer for Admiral Pioneer, and they will have a remit that covers the Admiral Pioneer portfolio of businesses.

Salary, Benefits and Work-Life Balance

We do not have a set salary for this position, as it will be dependent on the successful candidate’s experience. We are happy to see CVs from all candidates who meet the requirements and will be happy to discuss the remuneration package.

At Admiral, we are proud to be a diverse business where we put our people and customers first. We have great benefits to ensure employees have a great work-life balance; it's one of the reasons we're voted no. 1 in the 2019 Sunday Times Best Big Companies to Work For in the UK. We want you to have an element of freedom to define a working lifestyle that supports this, so accommodate flexible hours wherever possible.

If you have any queries about this position, please the Admiral Pioneer Recruitment Officer - Jessica.SUTTON2@admiralgroup.co.uk.

#LI-LP1