Head of Cloud Security

Admiral is fundamentally a digital business that is increasingly leveraging modern technology and engineering practices to allow us to operate as a "Fintech at Scale". 

Admiral now needs to grow its Cloud Security capability, striving for excellence and technology innovation, helping to provide a competitive advantage, through safe cloud adoption.

Scope of Role

This is a senior strategic leadership role that requires the role holder to be a delivery focused “trusted advisor” and a “visionary” for all security matters relating to Cloud and helping to ensure Admiral have the right technology, people and process, to enable and make “safe” our use of Cloud at scale. The scope of Cloud includes public, private, hybrid and SaaS.

This role is new for Admiral, and we are looking for a self-starter, who is able to own and develop it.

Job Purpose

• Serve as a thought leader for all security matters relating to Cloud, a trusted advisor to the CISO and other senior leaders in the organisation (working across different departments)
• Contribute to the creation of the Cloud Security Strategy and associated roadmaps.
• Define what awesome looks like, measure against that goal and drive getting there.
• Help to drive cloud security in delivery (agile and waterfall)– working closely with security leadership and security architecture teams to highlight constraints/risks.
• Be an active member of committees and forums, providing cloud security expertise as needed
• Work with senior stakeholders to help build operational resilience in Cloud from a security perspective, security defence in depth.
• Assist in the creation of a security governance framework for Cloud, to ensure it is being appropriately managed and monitored from a security controls perspective.
• Work closely with teams within Information security and cloud platform team to identify improvements in operational processes that relate to Cloud to help increase security posture
• Identify security improvements, that drives efficiency and makes it easier to achieve “security by design”.
• Provide appropriate challenge to the “status quo” and bring a fresh perspective to Cloud security, helping to drive the safe adoption of it.
• Helping to ensure security best practice is automated by default, reducing scope for errors (DevSecOps), working with a range of teams and stakeholders.

Accountabilities & Responsibilities

• Ensuring that Admiral has appropriate technology, people, and process to implement security by design when using Cloud
• Accountable for ensuring Cloud security KPI’s and KRI’s are relevant, providing a unified view of Cloud security health across the estate.
• Ensuring the cloud security strategy is fit for purpose and serves current and flexible enough for near/medium term future
• Ensuring cloud security tooling is delivering the security value / reducing security risk and has the right people, process and metrics to prove it is working and is effective.
• Ensuring cloud security standards are up to date and serve intended purpose
• Reviewing cloud security risk registers to ensure it is up to date and being managed properly
• Making sure any Post Incident Review actions, Audit findings / similar are followed up, helping to remove any blockers that would stop their completion
• Responsible for ensuring the CISO is well informed of any material issues that may arise in cloud, providing early warning to pre-emptive action can be taken
• Responsible for ensuring security governance is being applied in a proportionate and timely manner across cloud change portfolio.

Experience and Skills

Leadership and Industry

• Senior technology leadership experience with a focus on Cloud security, CI/CD and  Software Security.
• Ideally experience operating within heavily regulated environments including external regulated consumer products and service offerings
• Experience of matrix management and using internal and external delivery teams
• Excellent communicator with ability to negotiate, influence and explain, particularly to large business teams and geographically distant area
• Experienced leader able to lead calmly through periods of high pressure whilst inspiring people and teams to achieve excellence and grow their skills
• Experienced budget management skills
• Drive, enthusiasm, and a can-do attitude
• Practical knowledge of the industry and professional standards

Technical/Role Based

• Proven track record enabling the use of Cloud in highly regulated business environments
• Extensive knowledge and experience of cloud security, across all major cloud providers (i.e Azure, AWS, GCP),  and its associated secure CI/CD standards and practices, providing defence in depth and agility.
• Experience of using niche / 3^rd party products to resolve security gaps that cloud native controls do not offer.
• Experience of working with Cloud security controls in hybrid environments, where shared responsibility may be further sub-contracted.
• Thorough and broad understanding of security technology from Cloud infrastructure to application
• Ability to plan and adapt cloud security standards and tools in line with current trends and techniques in the service of achieving outcomes faster
• Extensive knowledge and experience with 3^rd party service providers including facilitation of RFP, onboarding, and performance management (design of SLA and overall KPI)
• Experience and awareness of IT architectural governance, standards, and methodology
• Experience and awareness of CISO governance frameworks, standards, and controls for technology solutions currently within product backlogs

Location

We are open to discussion around remote working possibilities (UK only)

Our Commitment to You

At Admiral, we are committed to being a diverse and inclusive workplace. Admiral is proud to be an equal opportunities employer and does not discriminate on the basis of race, sex (including pregnancy, childbirth, reproductive health decisions, or related medical conditions), national origin, gender, gender identity, sexual orientation, disability, age, or any other legally protected status.

All qualified applicants will receive equal consideration for employment.

Salary, Benefits and Work-Life Balance

We do not have a set salary for this position, as it will be dependent on the successful candidate’s experience. We are happy to see CVs from all candidates who meet the requirements and will be happy to discuss the remuneration package.

At Admiral, we are proud to be a diverse business where we put our people and customers first. We have great benefits to ensure employees have a great work-life balance; it's one of the reasons we’re consistently voted one of the Sunday Times Best Big Companies to Work For in the UK. We want you to have an element of freedom to define a working lifestyle that supports this, so accommodate flexible hours wherever possible.

You can also view some of our other key benefits here; https://admiraljobs.co.uk/employee-benefits/.

#LI-NT1