Security Risk and Assurance Specialist

Job Description

Aviva UK are now looking for a Security Risk and Assurance Specialist to join our Global CISO team. This CISO Governance Risk and Compliance (GRC) team have a recent mandate to provide a centre of excellence for all Cyber Governance, Risk, Assurance and Standards & Controls disciplines across Aviva globally.This specialist position is required to specifically provide technical support to the CISO Risk & Assurance Lead with day-to-day information risk consultancy, advice and guidance. They will also support the Cyber Portfolio in relation to prioritisation of risk mitigation activities, tracking of risk tolerance and reporting - while supporting the design, implementation and maintenance of control assurance frameworks.Aviva introduced "smart-working" in 2020, and the person in this role can be based anywhere in the UK, as long as they are comfortable regularly travelling to our Bristol (preferred), Norwich, London or York offices.The roles duties & responsibilities:Providing robust security control assurance expertise into the Global CISO function, specifically with regards to management of cyber and technology related risks and controls, operation of the enterprise risk frameworks and risk management toolingGenerating security assurance reporting, based on empirical data and SME analysis to provide independent oversight of control operational efficiency and design adequacySupporting the adoption of an end-to-end risk lifecycle and providing the necessary support and mentorship to facilitate this within the organisationHandling information-security issues and providing advice, support and directionSupporting development & maintenance of our Security Risk framework and associated documentation in accordance with the operational risk and controls management (ORCM) frameworkDriving consistency in approach to risk assessment, management and reporting on Cyber Risk across CISO and associated specialist functionsActively engaging in the implementation of a control assurance model, seeking to provide qualitative and quantitative validation of control design and efficiencySkills & experiences required: Proven working knowledge of Cyber Risk Management, IT Risk Management or Information SecurityRobust experience working with security controls frameworks (ISO/ISF/NIST) and their application within a financial services/insurance environmentBroad experience of security management concepts built up over time in dedicated technical, security, risk, assurance or control testing rolesExperience of working independently to solve problems, design solutions and motivate changeTrack record of working with and presenting to senior partnersIndustry relevant qualifications (CISM, CRISC, CISSP, ISO 27001 Lead Implementer) are desirableWhat will you get for this roleA salary up to £50,000 depending on location, skills, experience and qualificationsGenerous defined contribution pension schemeAnnual performance related bonus and pay reviewHoliday allowance of 29 days plus bank holidays and the option to buy/sell up to 5 additional daysUp to 40% discount for some Aviva products through "My Aviva Extras" plus discounts for Friends and Family (some exclusions apply)Excellent range of flexible benefits to include a matching share save schemeWorking at AvivaAt Aviva, were people with a purpose. To be with you today, for a better tomorrow.We bring this to life by ensuring managing risk is at the heart of the way we all work. We love people who do the right thing for our customers, and our colleagues. We want people who speak up, who take ownership, and who make good decisions.The way we do this is important too, were all about our people - thats you - so we can be pretty flexible. If you want to work from home some of the time or change your hours so you can pick up your kids or care for someone in your family, were very open to that. In fact, we dont advertise roles as either part or full time, because we know each person has different needs, just as each business area has different needs. So, its up to you to discuss working hours during your interview.We care deeply about being inclusive and that means we encourage applications from people with diverse backgrounds and experiences. We want our employees to bring their whole self to work and that starts with you.We interview every disabled applicant* that meets the minimum criteria for the job. Once youve applied, please send us a separate email stating that you have a disclosed disability and well make sure we interview you.Wed love it if you could submit your application online. If you require an alternative method of applying, please give Daniel Hopchet a call on or send an email to . *As defined in The Equality Act 2010. By minimum criteria we mean you should provide us with evidence which demonstrates that you generally meet the level of competence required and have the qualifications, skills or experience defined as essential to perform the role.