Technical Information Security Manager in London

Location: Guernsey, Haywards Heath, Home Office (Remote) or Manchester

Salary: up to £80,000 - depending on experience

Department: Technology and Data

We are First Central Insurance & Technology Group (First Central for short), an innovative, market-leading insurance company. We protect the things customers love so they can get on with what matters to them in life. Data drives us. It fuels our outstanding distribution, finance, technology and legal services. Our underwriting skills are built on data expertise; it creates the insights we need to give the right cover to the right customers at the right price. But, it’s the people inside and outside our business that power us. They make us stand out, help us succeed. We’re ambitious. We’re growing. We’ve won awards.

Are you ready to embark on an exciting new career adventure? If you have a strong Cyber background and are looking for a new challenge we’re on the hunt for a Technical Information Security Manager who will work as part of our Information Security governance and oversight team. This technically focused role includes delivering our Information Security services (such as consultancy, assurance reviews and risk management) and providing governance and oversight across the business to effectively manage Information Security and Cyber risk.

We’re big on working flexibly - you’ll spend most of your time working from home, with the occasional visit to the office, but of course, it’s your choice - if you prefer to be in the office more - that’s good with us too. We have offices located in Haywards Heath, West Sussex, Salford Quays, Manchester, and Guernsey; it’s your choice - or maybe you live further afield, we’re happy to accept applications for remote workers!

Core skills we’re looking for to succeed in the role:

• Technical Expertise: A strong understanding and background in cyber and IT technologies and controls, as well as how they are designed and operate to manage and reduce risk. Experience in Microsoft security technologies, including endpoint and Azure.
• Risk and Governance: Ability to take high-level frameworks and security standards and translate them into more detailed control requirements. Act as a partner to the business and provide oversight, assurance and governance to ensure controls are effectively implemented.
• Security Frameworks: Understanding of security frameworks such as ISO:27001 and PCI-DSS.
• Strong Communication Skills: Ability to communicate effectively to colleagues at all levels, both verbally and in writing, and translate complex technical information to non-technical audiences while building strong relationships with key stakeholders.

What’s involved:

• Implement and maintain established control frameworks such as ISO27001 and PCI-DSS and other relevant security frameworks, including the creation of policies, standards, and other documentation.
• Lead the governance, oversight, and assurance on technical security controls and technical design on both new and existing solutions in FCG’s network and application portfolio.
• Act as an Information Security consultant to the rest of the business and represent Information Security in key forums to ensure that technical security standards are met and adhered to.
• Work with stakeholders to ensure that technical security patterns, standards, and sub-standards are developed and maintained.
• Lead and further develop and mature our extensive Pen testing & other testing programmes.
• Undertake assurance reviews and assessments, including 3rd Parties, new technical solutions and processes, producing relevant recommendations and reporting.
• Understand the business and information risk context, proactively working with teams to develop architectures and countermeasures which mitigate risks to an acceptable level.
• Perform information security risk assessments for change, processes and new solutions, producing recommendations and reporting. Contribute to the running of the Information Security risk processes.
• Ongoing identification of emerging security threats through regular engagement with control and risk owners, coupled with external security trends, horizon scanning and analysis.
• Assist in developing the Information & Cyber Security maturity across the business.
• Contribute to and deliver appropriate security awareness activities and promote good security practice to improve Security culture across the business.
• Promote the benefits of a robust and secure IT environment ensuring a pragmatic approach to deliver solutions within short timeframes.
• Be available as part of the Information Security Incident response team when required.
• Produce other metrics and reporting as required.
• Ensure compliance with company and other relevant standards/regulations at all times.

Experience & Knowledge:

• Extensive Information & IT Cyber Security experience.
• Experience of maturing extensive Pen test & other testing programmes.
• Proficiency in technical security controls and frameworks, including experience and proficiency in cloud security.
• Experience and expertise in Azure environment security, vulnerability management, and associated processes.
• Detailed knowledge of Information Security frameworks and standards, particularly PCI-DSS, ISO27001, and other cyber frameworks.
• Experience of managing Information Security in an Agile Change Environment.
• Proven track record of undertaking control assurance reviews against best practice standards and identifying gaps.

Skills and Qualifications:

• Excellent communication and interpersonal skills, both verbal and written.
• Excellent analytical skills.
• Excellent organisational skills.

Behaviours:

• Able to demonstrate governance and oversight thinking and behaviours.
• Willingness to continually develop and learn new Information Security and soft skills.
• Self-motivated and enthusiastic with the desire to meet or exceed targets.
• An organised and pro-active approach to Information Security.
• A flexible approach and positive attitude.
• Emphasis on attention to detail and accuracy.
• Strives to drive business improvements to contribute to the success of the business.

This is just the start. Imagine where you could end up! The journey’s yours.

What can we do for you?

People first. Always. We’re passionate about our colleagues and know the best people deserve an extraordinary working environment. We owe it to them so that’s what we offer. Our workplaces are energetic, inspirational, supportive.