Information Security Risk Consultant

Overview
This is a role for an information security risk management expert who will take ownership of risk management processes, as part of the Security Risk and Governance team, reporting to the Governance and Controls Manager.

The Consultant is expected to deliver risk management and advisory services as well as being a lead contact for the Security Risk and Governance team.

The role includes operating and improving the risk management processes to reduce Admiral’s cyber risk exposure to acceptable levels.

The Consultant will engage with IT and business stakeholders to ensure that information risk is effectively quantified and mitigated through the identification and implementation of technical and non-technical controls.

Main Duties

The Consultant will:

• Be responsible for operating and enhancing the risk assessment and risk management processes. They will establish and maintain information security risk criteria, including risk treatment approaches in line with agreed risk tolerances 
• Apply the information security risk assessment process to identify risks within the scope of the information security management system and engage with risk owners
• Analyse information security risks associated with existing IT and business systems and processes, including potential impact and likelihood
•  Provide recommendations for minimum baseline controls to be implemented and ensure non-conformities are documented and that remediation plans are agreed with risk owners to timelines
• Produce security documentation as required, including security standards and guidelines
• Promote continued integration between the risk management, operational and incident response processes, such that knowledge gained from analysing and resolving information security incidents can be used to reduce the likelihood and/or impact of future incidents.
• Provide consistent and timely engagement with IT and business functions
• Support the Information Security Culture Team with providing focussed and risk-based training and awareness activities
•  Act as a champion for information security initiatives and maintain high standards of customer service, integrity and professionalism
• Maintain a high level of expertise within risk management, governance and compliance with regulatory requirements to be applied to the evaluation and selection of mitigating controls through ongoing training, conferences, seminars etc
• Deliver risk assessment reports and risk treatment recommendations in a timely and repeatable manner
• Produce operational and strategic MI, including KRIs, as required
• Contribute to and maintain an effective risk management mechanism to ensure that Admiral has as accurate and current a view of information risk exposure as possible

Experience and Qualifications Required

The Risk Consultant will have a strong grounding in information security risk management with a strong technical knowledge which includes requirements for cloud-based solutions. A degree education is preferred. A CISA, CRISC, CISSP or similar qualification is highly desirable. A general understanding of security control assessment, risk assessment, risk management and controls is required. Further role specific skills will be developed during employment.

Essential skills

• Drive to implement improvements and take ownership of issues as they arise
• Knowledge and experience of using common risk methodologies and information security frameworks
• Strong technical background, e.g. knowledge of IT controls implementation and management
• Strong communication skills, verbal as well as written
•  Previous information security risk management experience

Desirable

•  CISA, CRISC, CISM or CISSP

Location

Although this role can be performed remotely (UK only), it is highly desirable that the candidate is able to travel to Cardiff on occasion for on-site training, meetings etc.

About Admiral

We're Wales’ only FTSE 100 company. We have forward-thinking approaches and provide endless opportunities to test, learn and grow. There's a reason we've been named a Best Place to Work: our progressive culture, core values, and commitment to diversity and inclusion have created a working environment where people share ideas, aren’t afraid to speak up and change things, and above all, feel valued.

Admiral has grown from being a small start-up into a multi-national organisation. The company is constantly investigating new products, services and markets and is now present in eight countries with a diverse product portfolio.

Our success goes hand-in-hand with having a strong culture where we put our people and customers first. Our philosophy is simple yet effective: people who like what they do, do it better, and this, in turn, means that our customers receive the level of service and products that they deserve. Our culture is honest, open and wholeheartedly focused on four key areas: Communication, Equality, Reward & Recognition, and Fun.

Salary, Benefits and Work-Life Balance

We do not have a set salary for this position, as it will be dependent on the successful candidate’s experience. We are happy to see CVs from all candidates who meet the requirements and will be happy to discuss the remuneration package.

At Admiral, we are proud to be a diverse business where we put our people and customers first. We have great benefits to ensure employees have a great work-life balance; it's one of the reasons we're voted no. 1 in the 2019 Sunday Times Best Big Companies to Work For in the UK. We want you to have an element of freedom to define a working lifestyle that supports this, so accommodate flexible hours wherever possible.

You can also view some of our other key benefits here; https://admiraljobs.co.uk/employee-benefits/.

If you think this role is for you and would like to be considered for this opportunity, please click “apply now” to complete an online application form.

#LI-LP1