Job description
job description:
The Technology organisation comprises a Corporate Centre team and five business-aligned Technology teams partnering with our federated businesses. Our retail technology teams partner with the UK, Europe and US business units. Our ‘big ticket’ technology teams’ partner with the London Market and Re & ILS businesses. Corporate Centre consists of Group & Enterprise Services, IT Services and Information Security. Each team is led by a Technology Director who reports into the CIO. Collectively the goal of the Technology organisation is to put Technology at the heart of the business.
The role
As a Security Operations Analyst, you'll help the Finance Systems team implement a number of security policies and standards as well as contributing to root cause analysis on security incidents and events. Where required you will also conduct Risk analysis and threat scenario planning to prepare for and anticipate future events and be accountable for ensuring that adequate response plans, procedures and playbooks to increase consistency and effectiveness of response capability are created and maintained for the team.
- Analyse InfoSec Policies, Standards and Controls to determine which elements apply to the Finance Systems Platform and define an implementation plan to ensure we are compliant
- To provide SME knowledge to ensure that information security controls are implemented, enforced, and monitored on Finance Systems applications and infrastructure
- Identify process gaps and define new Information Security processes, ensure they are approved by Finance System Owners and Operations team to provide a repeatable process that adhere to maintaining compliance to Information Security policies
- Work with Finance System Application owners and Operations team to review and update Standard Operating Procedures to incorporate Security Standards and Controls
- To work collaboratively with the Infrastructure Solution Architects, Information Security Teams, Finance Systems Team to provide advice and guidance on all Information Security Risks
- Conduct Risk analysis and inform risk owners and project managers to allow effective decision making
- Develop mitigation and remediation plans to close the gaps identified from either risk management activities, Security compliance or Audit findings for Finance Systems applications
- Act as a first line security event analyst monitoring any alarms; provide initial analysis of logs and make security event determinations on alarm severity, escalation, and response
- Recommend changes to enhance systems security and prevent unauthorised access
- Research security trends, new methods and techniques used in unauthorised access of data and work with InfoSec to pre-emptively eliminate the possibility of system breach
- Support the effective governance of external partners and internal teams to deliver and assure Security Operations services
Technical Skills
- A University degree, or equivalent, in Information Security or Computer Science; related experience and/or training in the field of IT security monitoring and analysis, cyber threat analysis, IT Risk Management and vulnerability analysis
- Knowledge of security event logging, monitoring, detection, and response on one or more of the leading cloud platforms
- Understanding or proven experience in securing Windows, Cloud and VM platforms
- An understanding and knowledge of common industry cyber security frameworks, standards, and methodologies, for example CIS, ISO 27001, NIST, PCI DSS, UK Cyber Essentials
- Knowledge of Privacy regulations for example GDPR, DPA
- Understanding or proven experience in securing Windows, Cloud and VM platforms
- Familiarity with monitoring tools
- Demonstrate strong analytical thinking and the ability to solve complex technical problems across multi-tiered enterprise applications
- To expertly critique the high-level and low-level designs within projects. Taking ownership of delivering Information Security throughout their life cycle to ensure changes implemented on Finance System Applications meets Hiscox Security compliance and regulatory requirements
- A good understanding of Risk Management, IT Controls and Audit within Financial Services
- To take ownership ensure that risk assessments are completed where Business change risk are transferred from a project into BAU risk management
- Comfortable interacting with senior management and stakeholders on a day-to-day basis. This includes representatives of other IT teams, business units, and external 3rd-party service providers
- Possesses excellent written and verbal communication skills, with an emphasis on the ability to translate complex technical issues into language easily understandable to business stakeholders
- The ability to act as an escalation point for third party IT teams and business stakeholders alike
Behavioural
- Intellect and gravitas to influence and gain credibility with stakeholders
- Excellent written and verbal communication skills
- Creative, proactive, logical, and innovative – you do not accept the status quo
- Highly results driven, with the energy and determination to succeed in a fast-paced environment
- Demonstrate a commitment to quality, service, and personal ownership
- Deal well with ambiguity and enable a consensus to be reached
- An inquisitive mind-set and desire to understand both data and business requirements
- Continuous self-improvement and learning
- Willingness to learn new skills and be self-motivated
- Ability to work in a team environment, to work under pressure and show flexibility
Diversity & Benefits
At Hiscox we care about our people. We hire the best people for the job and we’re committed to diversity and creating a truly inclusive culture, which we believe drives success.
Working life doesn’t always have to be in the office, so we have introduced hybrid working to encourage a healthy work life balance. This hybrid working model is set by the team rather than the business to enable you to manage your own personal work-life balance.
We see it as the best of both worlds; structure and sociability on one hand, and independence and flexibility on the other.
Our benefits package includes a bonus, contributory pension, 25 days annual leave plus 2 Hiscox days and a 4 week paid sabbatical with every 5 years’ worth of service, private medical for all the family and much more.
#LI-EB1 #LI-HBRID
person specification: