Cyber Protection Technical Specialist

Lloyd’s is the world’s leading insurance and reinsurance marketplace. We share the collective intelligence and risk sharing expertise of the market’s brightest minds, working together for a braver world. 

Our role is to inspire courage, so tomorrow’s progress isn’t limited by today’s risks.  

Our shared values: we are brave; we are stronger together; we do the right thing; guide what we do and how we act. If you share our values and our passion to build a future that’s more sustainable, resilient and inclusive, you’ll find a home at Lloyd’s – build a braver future with us. 

Lloyd’s are currently seeking to recruit a Cyber Protection Technical Specialist you will protect Lloyd’s through setting of security standards for how to protect ourselves against cyber security threats, drive improvements in technical security capabilities and provide technical security expertise across all team processes, this role will support the Head of GRC and Cyber Protect

Principal Responsibilities and Accountabilities

Provide technical security input and expertise to all capabilities across the Governance, Risk and Compliance and Cyber Protect team

Support technical security oversight and assurance of cyber security remediation programme activities

Support the development of actions to address RED team, risk review, internal audit and external audit observations and findings

Own and overhaul the technical security standards across Lloyd’s

Lead on and manage driving improvements in Lloyd’s Privileged Access Management capability

Support driving improvements in all technical security capabilities including Identity Security, Endpoint Security, Network Security, Application Security and Certificate / Key Management

Collaborating with other members of the security team and cross-functional teams to improve the overall security posture of the organisation

Skills, Knowledge, and Experience

Deep knowledge of standard enterprise computer systems, networks, and security protocols

Deep knowledge of enterprise-level technical IT security controls

Good working knowledge of industry good practice frameworks such as NIST Cyber Security

Framework, Centre for Internet Security (CIS) Critical Security Controls (CSC), ISO 27001, MITRE ATT&CK (Adversaries Tactics, Techniques & Common Knowledge), Cyber Kill Chain, etc.

Deep knowledge of how different risks can materialise across the layers of defence and framework of managing risks

Passionate about staying abreast of the threat landscape, attacker tools, techniques and procedures, and latest defence strategies

Knowledge of financial services and governance processes

Experience of implementing security controls within enterprise-level IT systems and networks

Experience of overseeing and assurance the delivery of security controls in IT systems by third parties

Extensive knowledge of assessing and improving processes and procedures with a continuous improvement and risk focussed mindset

Experience of influencing stakeholders internally and externally to an organisation leading to impact both in and outside own function

Experience in effectively communicating security topics at a senior level in a large organisation.

Working knowledge within a regulated business/operational environment, ideally gained in the Financial Services industry would be beneficial

Ability to provide technical security input into disparate projects and to non-IT technical audiences / stakeholders

Proven ability to appropriately challenge IT and security technical delivery / output and influence stakeholders internally and externally to an organisation in order to achieve a desired outcome and impact both in and outside own function

Ability to learn and absorb new detailed technical information quickly and recognise how that links to initiatives being delivered.

Ability to assess and improve (security) processes and procedures with a continuous improvement and risk focussed mindset

Ability to author technical documents

Security certifications such as CISM, CISSP, M.Inst.ISP, CISA by a recognised professional body are desirable

We recognise that there are many people with strong ethical hacking skills who did not follow a traditional education route. We encourage those who have the skills to apply

Diversity and inclusion are a focus for us – Lloyd’s aim is to build a diverse, inclusive environment that reflects the global markets we work in.  One where everyone is treated with dignity and respect to achieve their full potential. In practice, this means we are positive and inclusive about making workplace adjustments, we offer regular health and wellbeing programmes, diversity and inclusion training, employee networks, mentoring and volunteering opportunities as well as investment into your professional development. You can read more about diversity and inclusion on our website. 

We understand that our work/life balance is important to us all and that a hybrid of working from the office and home can offer a great level of flexibility.  Flexible working forms part of a total reward approach which offers a host of other benefits over and above the standard offering (generous pension, healthcare, wellbeing etc).  These include financial support for training, education & development, a benefit allowance (to spend on our flexible benefits such as gym membership, dental insurance, extra holiday or to partake in our cycle to work scheme), employee recognition scheme and various employee discount schemes.  

By choosing Lloyd's, you'll be part of a team that brings together the best minds in the industry, and together with our underwriters and brokers, we create innovative, responsive solutions allowing us to share risk and solve complex problems. 

Should you require any additional support with your application, or any adjustments, please click the following link;

https://cleartalents.com/apply/lloyds-msa1645695881

Please note, clicking on this link does not register your application for the vacancy