Cyber Assurance Manager

Job Type:

Build a brilliant future with Hiscox
 

Position: Cyber Assurance Manager

Reporting to: Head of Cyber Assurance

Location: London or York, UK

Type: Permanent

Band: II

Company description

Hiscox is a diversified international insurance group with a powerful brand, strong balance sheet and plenty of room to grow. Listed on the London Stock Exchange and headquartered in Bermuda (with the bulk of group leadership sitting in London), Hiscox has over 3,000 staff across 14 countries and 34 offices. Structured by geography and product, Hiscox’s long-held business strategy has helped them grow from a niche Lloyd’s underwriter to an international insurance group with a powerful and trusted consumer brand.

The Role

The Cyber Assurance Manager is primarily responsible for ensuring our overall security position is aligned to our business objectives and risk appetites, and gathering the evidence needed to support this. You will plan and co-ordinate assurance activities across our business, ensuring we are engaged early and consistently in the risk management lifecycle. You will need to be familiar with cybersecurity governance and risk management frameworks, and have an excellence understanding of industry recognised security standards such as ISO27001 and NIST CSF. You will also work closely with various stakeholders across our business to gather and analyse data on our Key Risk Indicators (KRIs), track risks throughout the management lifecycle and escalate issues when needed. You will need to be able create detailed risk management plans, recommend risk management options and identify trends in our risk assessment data. You will need to promote a culture of risk management and best practice security standards, and offer expert advice to help our risk owners make informed decisions. You will also plan and deliver a rolling programme of control testing, third party assurance reviews and internal compliance audits against our policies and standards. You will need to work closely with 2 nd line colleagues in Group Risk and Audit, and support the Head of Assurance in the development and maintenance of our security policy framework. The role works in our Office of the CISO and reports to our Head of Cyber Assurance. The role is a permanent position, and will be based in London or York (UK).

Key Responsibilities

• Plan, co-ordinate and deliver a rolling programme of control testing and compliance audits. • Identify and analyse cybersecurity risks to our business using quantitative and qualitative methods.

• Ensure that security risks are being accurately identified and managed within acceptable levels throughout their entire lifecycle.

• Develop risk management plans that effectively balance usability, cost and risk in the design and development of controls.

• Advise risk owners on risk management options and decision making.

• Support the maintenance of our security accreditations and attestations.

• Perform third party security risk assessments and compliance audits.

• Gather risk management data to track and manage changes in our KRIs.

• Support the delivery of all regulatory compliance, risk and board reporting.

• Provide cybersecurity risk consulting to delivery programmes and projects.

• Advise on implementation of security policies and standards, and how to maintain compliance.

• Communicate and report on security risks, issues and initiatives to our senior stakeholders.

• Support the continuous improvement lifecycle of our security policies and standards.

• Support the delivery of our corporate security awareness programme and associated initiatives.

• Coach and mentor risk analysts, and provide day-to-day oversight of their activity and output.

Candidate Profile

• 3 to 5+ years experience in a cybersecurity governance, risk and compliance role.

• Excellent knowledge of security frameworks, standards, and best practices (e.g., NIST, ISO, CIS, etc.).

• Excellent knowledge of risk management principles and practices for cybersecurity.

• Excellent knowledge of audit processes and procedures.

• Good working knowledge of security technologies, tools, and methodologies • Good working knowledge of financial services statutory and regulatory requirements.

• Good analytical and problem-solving skills.

• Good communication and stakeholder management skills.

• BSc or MSc in Cybersecurity, Computer Science or Risk Management is desirable.

• Industry recognised qualifications such as CISA, CRISC and ISO27001 Lead Auditor are desirable.

Diversity & Benefits

At Hiscox we care about our people. We hire the best people for the job and we’re committed to diversity and creating a truly inclusive culture, which we believe drives success.  Working life doesn’t always have to be in the office, so we have introduced hybrid working to encourage a healthy work life balance.  This hybrid working model is set by the team rather than the business to enable you to manage your own personal work-life balance.  We see it as the best of both worlds; structure and sociability on one hand, and independence and flexibility on the other.  Our benefits package includes a bonus, contributory pension, 25 days annual leave plus 2 Hiscox days and a 4 week paid sabbatical with every 5 years’ worth of service, private medical for all the family and much more.

Work with amazing people and be part of a unique culture