Lead IT Security Manager

Lead IT Security Manager

Department: IT Operations

Employment Type: Permanent - Full Time

Location: London

Reporting To: Dax Grant

Description

As CFC's IT Security Manager, you will be part of the technology team, providing bespoke systems that give CFC its competitive advantage in this dynamic marketplace.

As the Security Manager, you will liaise with security incident response experts, working with our infrastructure and development teams to ensure that our systems are appropriately secure, compliant, and resilient while keeping up to date with industry changes. You will also be expected to continuously educate people across the business in security matters and threats.

About the role

As the Security Manager, you will be accountable for setting standards, ensuring that all people across the business understand their own responsibilities in relation to IT security. You will have a clear understanding of how to navigate the inevitable tension between security concerns and business delivery drivers.

You will be responsible for the following:

1. Accountability for creating and maintaining standards and their implementation
2. Work with stakeholders and staff to nurture a culture where security is always in mind and seen as a critical part of everyone's responsibility
3. Creation of training materials and assisting with the continual upskilling of the whole company in relation to security matters relevant to their roles
4. Provide day-to-day advice in security matters across the business
5. Carry out business impact analysis activities relating to new changes and capabilities
6. Working with our SOC to ensure that their incident detection models and alert response processes are kept appropriate and up to date
7. Coordinating with our MSSP for the scoping and execution of vulnerability scanning and penetration testing
8. Curation of security standards for development and infrastructure delivery and operations
9. Facilitate internal/external IT security audits
10. Working with development teams during the design phase of architectural changes to ensure that security is considered
11. Running tabletop security exercises to test our response plans and capabilities
12. Satisfying security-related compliance and due diligence requests from capacity providers and auditors
13. Scheduling and coordination of DR test exercises

About you

You will be someone that has exposure to environments where infrastructure management is heavily automated. You will have experience in working with suppliers to negotiate and manage the service they provide. Insurance experience would be advantageous, but not essential. You will be someone that has experience with:

1. Defining and implementing IT security policies within a financial services organization and with a demonstrable understanding of associated risk management
2. Knowledge of security in a cloud-hosted environment, especially using cloud-native technologies in Azure
3. Knowledge of secure development practices and relevant tooling
4. Experience training others in security matters at all levels
5. Great communication skills and the ability to influence others
6. Experience running security testing processes such as tabletop exercises, phishing campaigns, etc.
7. Knowledge of security audit requirements in financial services organizations and a proven track record working with auditors on such matters

Core Values

Love what you do:
We show up each day ready to take on the world. Our passion and intensity set us apart and make the difference to our colleagues, customers, brokers, and carriers.

Challenge everything:
We're never afraid to question the way that things are done and we constantly challenge ourselves and others to make things better.

Have fun, be good:
Insurance is a serious business, but we don't take ourselves too seriously. We make it fun to work at CFC, we welcome all viewpoints, and we treat everyone how we would expect to be treated.