Information Security Manager - Admiral Pioneer
Cardiff
- Full time
About the job
This vacancy has now expired. Please see similar roles below...
"About Admiral
Admiral Group is a FTSE100 Financial Services company with a presence in eight countries. The company was set up in 1993 as a car insurance specialist, but since then the Group has expanded in other countries and other insurance verticals such as household and travel insurance, in loans, price comparison platforms, and has developed innovative products.
The Group has 7 million customers worldwide and employs over 11,000 people across its operations. Admiral is a growth story with an enviable track record of strong financial performances, ROE consistently over 50%, a turnover of £3.5 bn, and a profit before tax of £520 m in 2019.
Admiral’s philosophy is that ‘people who like what they do, do it better’ and Admiral is proud to offer an open culture where achievement is rewarded and recognised and where coming to work is exciting every day. In 2019, Admiral received a special award from ‘Best Companies to Work For’ as the only company to feature within their rankings since they began 20 years ago: a true testament to the Group’s culture.
About Admiral Pioneer
Admiral Pioneer is a new entity within the Admiral Group with the objective of seeding, launching, and scaling new businesses in areas of increasing societal importance. We are focusing on three significant domains:
- Mobility
- Future of Work
- Live to 101
These domains are long term growth areas for Admiral. We anchor around meeting customer needs and are focused on experimenting and proving new products, business models, and partnerships, through a discovery-driven approach.
We aren’t an incubator, we are building a dynamic and energizing environment where we will provide all the excitement and freedom of a start-up, with the support and stability of an established organization.
We are now looking to recruit an experienced, highly skilled Information Security Manager, with a strong technical background.
About the Role
We want to build a security-first organisation where everyone understands and considers our business and our customer's security seriously. The successful candidate will establish the security culture and support our team to deliver this. The role will be responsible for all aspects of security and our technical environments. This will be at the level of stakeholder management and strategy, down to the technical detail of implementations. You will be someone willing to get their hands dirty when needed, but with a strong outcomes-based motivation in this highly critical area of the business.
We want to ensure that Pioneer is:
- Compliant with the group, internal, and regulatory standards
- Following best practice in IT and for the insurance industry
- GDPR compliant as necessary (allowing for Brexit) and then local country-specific rules
- Taking a sensible balance of security vs. convenience
- Tracking global security threats and risks and taking mitigating steps
- Managing risks: vulnerabilities, boundary defences, data protection/access, phishing, viruses, worms, malware, network, devices/BYOD, etc.
- In the event of a breach, able to manage the crisis, and have a single point of reporting and single point of contact
- Supporting and educating any individuals who are subject to an attack
- Following legal requirements for reporting in the event of a breach, working with the ICO as needed
- Maintaining a current asset and software license database
- Matrixed into the group security community
- Able to respond quickly, tactically, and strategically to identified potential threats
- Able to identify and implement quick security wins
- Implementing and defining security basics and ensuring everyone gets training
- Managing staff entry and exit properly, so that access is given only as needed and removed quickly
- Keeping the security team lean but growing in line with the business
- Backing-up data and maintaining active ransomware mitigations
Defining and Agreeing:
- Security strategy providing a holistic approach to security that works for infrastructure, applications, and development
- Detailed security guidelines for architecture and engineering
- Detailed guidelines for how to set up windows and network engineering
- What we need to run in-house and where we should use vendors
- KPIs for information security and implementing dashboards
- Implementation of ongoing training for personnel
- Necessary security skills and leadership
Ongoing:
- Advising architects and engineers on security and ensuring secure solutions
- Reporting to management on overall security status, threats, issues, and resolutions
- Logging monitoring and mining to find potential threats
- Threat detection, management, and reporting
- All identified risks are mitigated and new risks and issues are discovered as pro-actively as possible
- Ensuring the asset list is updated through primarily automated means
- Ensuring the software license list is updating through primarily automated means
- Managing suppliers and internal team members through the technical detail of implementing the security strategy
- Refining the security strategy in line with ongoing learnings
- Monitoring security software for threats, breaches, and staff non-compliance
- Implementing security policy and any agreed changes
- Managing remediation of any audit reports
- Cooperating with any audits openly
- Building relevant, high-quality vendor relationships to acquire the specialist services we need
- Providing security input for people responsible for assessing vendors
Periodically:
- Disaster recovery testing and managing remediation of any issues
- Running security-focused AWS game days to test and develop skills of AWS developers
- Running red team events as deemed necessary
- Perform internal ‘soft’ audits to assess issues
- Run ethical hacking (with a specialist provider) to pro-actively find and remediate issues
- Re-training to account for changes in the security guidelines
About You
You are probably leading a security function in a scale-up or successful corporate. You recognize that security and speed of implementation are not mutually exclusive and get a kick out of working with small and focused delivery teams.
|Experience
- Sourcing, agreeing, and managing a range of vendor software providers/security services
- Security architecture including AWS and Windows Networking
- Able to work with engineering teams to advise on security aspects
- Experience setting up secure AWS landing zones
- Have been responsible (for at least 2 years) for security in a scale-up (circa 20-50 employees) or a bigger organisation
- Defining, building buy-in, and implementing security policies, guidelines, and rules
- Managing security breaches
- Knowledge of security practices, tools, and threats
- Familiarity with CIS, NIST, and related guidelines
- Secure infrastructure and secure development practices
- Guiding development teams on security architecture
Additional Information
The Information Security Manager will report to the Chief Technology Officer for Admiral Pioneer, and they will have a remit that covers the Admiral Pioneer portfolio of businesses.
Salary, Benefits and Work-Life Balance
We do not have a set salary for this position, as it will be dependent on the successful candidate’s experience. We are happy to see CVs from all candidates who meet the requirements and will be happy to discuss the remuneration package.
At Admiral, we are proud to be a diverse business where we put our people and customers first. We have great benefits to ensure employees have a great work-life balance; it's one of the reasons we're voted no. 1 in the 2019 Sunday Times Best Big Companies to Work For in the UK. We want you to have an element of freedom to define a working lifestyle that supports this, so accommodate flexible hours wherever possible.
If you have any queries about this position, please the Admiral Pioneer Recruitment Officer - Jessica.SUTTON2@admiralgroup.co.uk.
#LI-LP1
Find out what it is like,
working at Admiral
Find out your time
to travel to work
You
Related jobs
Salary
Location
Hybrid
Job Type
Full time
Location
Hybrid
Department
Veygo
Office address
Capital Tower, Greyfriars Road, Cardiff, CF10 3AZ
Description
We are currently hiring for a Data Analyst to join Veygo on a permanent basis! Why Veygo? Veygo was founded 6 years ago as part of a pioneering incubation venture ‘Admiral Pioneer’ - created to
Reference
8517
Expiry Date
01/01/0001
Vacancy managed by
Isobel Morgan-DaviesVacancy managed by
Isobel Morgan-DaviesSalary
Location
Hybrid
Job Type
Full time
Location
Hybrid
Department
Admiral Pioneer
Office address
Capital Tower, Greyfriars Road, Cardiff, CF10 3AZ
Description
We are currently hiring for a SME Underwriter to join the recently launched, Admiral Business! About Admiral Pioneer Admiral Pioneer is a new entity within Admiral Group with the objective of se
Reference
8687
Expiry Date
01/01/0001
Vacancy managed by
Heledd JonesVacancy managed by
Heledd JonesSalary
Location
Cardiff
Job Type
Full time
Location
Cardiff
Department
Admiral Pioneer
Office address
Capital Tower, Greyfriars Road, Cardiff, CF10 3AZ
Description
About Admiral Pioneer Admiral Pioneer is a new entity within Admiral Group with the objective of seeding, launching and scaling new businesses in areas of increasing societal importance. We are foc
Reference
8849
Expiry Date
01/01/0001
Vacancy managed by
Isobel Morgan-DaviesVacancy managed by
Isobel Morgan-DaviesRelated posts
Teaser
Admiral TechContent Type
BlogPublish date
25/10/2022
Summary
After deciding to switch careers and enter the Tech industry, Zoe completed the Code First Girls nanodegree and landed a Software Engineer role in Veygo. With just an interest in coding and no
by
Carter Campbell
Teaser
Admiral PioneerContent Type
BlogPublish date
27/05/2021
Summary
We caught up with Riccardo, a Service Designer at Admiral Pioneer whose role is almost as varied as his background. He’s Brazilian by birth, but has lived in both America and Australia, giving
by
Andrew Smith
Teaser
Admiral PioneerContent Type
BlogPublish date
26/05/2021
Summary
Georgina joined Admiral back in November 2015, fresh out of Sixth Form with no real idea of where she was heading. Fast forward to May 2021, she is now steadily on her way to becoming a fully
by
Allison Martin
Teaser
Admiral PioneerContent Type
BlogPublish date
21/04/2021
Summary
Ever wanted to work at a start-up, but don’t know where to start? What if you could be part of a start-up, enjoying the culture and pace, but have access to the security and resources of a FTSE
by
Allison Martin
Teaser
Admiral PioneerContent Type
BlogPublish date
26/03/2021
Summary
For me, part time working boils down to a simple philosophy: attaining balance in different areas improves performance in all areas – Gunnar Peters, CEO Veygo. So, who am I? I’m German, born
by
Allison Martin
Teaser
Admiral PioneerContent Type
BlogPublish date
20/08/2020
Summary
Prior to working at Veygo Simon worked at a mobile network called Giffgaff, based in West London. His primary role was running the handset financing operation and he was also responsible for FC
by
Allison Martin
Teaser
Admiral PioneerContent Type
BlogPublish date
15/07/2020
Summary
Louise began her career, as many of us do, in the call centre. In November 2015, she joined us a New Business call handler, which was her first job after graduating. I’d heard that Admiral wa
by
Allison Martin
Our Benefits
As one of our four pillars to our culture, Reward and Recognition is extremely important. We believe that happy staff make happy customers, so we have a huge range of great benefits to make sure everybody has something to smile about! Here are a few of our more popular ones.
Share
Schemes
Flexible
Working
Local
Discounts
Travel Season
Ticket loans
Groups
& Societies
Development
Opportunities