Information Security Engineer

Role Title: Privileged Access

What is this job really like?

The Security Engineer reports to the Head of Cyber Engineering and Operations within the Intact Insurance UK CISO team. The role will play a key part in ensuring Security configurations and controls are secure and in line with risk appetite.

This role forms a critical part of our Cyber Defence and will work closely with key functions across CISO and CIO, including our Core Technology and Operations, Cloud Centre of Excellence (CCoE) teams, DevOps and our Attack Surface Management, SOC/Incident response, Threat Intelligence and Security Engineering teams. The role will be accountable for ensuring that security controls and platforms are secured and protected in line with policy and standards. Ensuring measures are in place are that are ensuring compliance and delivery of security over these platforms.

As part of the Cyber Engineering and Operations team within Intact Insurance UK, you will be experienced in managing services and enabling delivery with experience across a broad range of domains:

1. Excellent knowledge of securing It Security Engineering and operations in a variety of environments including physical and cloud;
2. Experience in working across a range of internal and external third-party delivery teams;
3. Solid understanding of SDLC, including Agile methodologies.
4. Act as conduit between CIO and CISO, with responsibility to ensure designs are compliant with security standards, policies and strategy.

Jobholders are typically responsible for?

1. Ensure privilege is secure and controlled.
2. Ensure full coverage of privileged controls across both physical and cloud environments
3. Working directly with internal and third-party providers to ensure new solutions meet security standards and are covered by required controls
4. Ensure metrics for PAM are defined, maintained, and measured for accountable services and platforms.
5. Providing guidance on Privileged Access Management.

This job will typically be measured with the following KPIs

1. PAM Service coverage, reliability and effectiveness.
2. Reduction in attempts to bypass PAM controls and services
3. Major programmes and projects compliant with PAM control requirements as part of their deliverables.
4. Reduction in the volume of incidents relating to the inappropriate use of privilege on platforms and services.

Jobholder Requirements:

1. Excellent knowledge of IT Infrastructure
2. Excellent knowledge of securing privilege across hybrid environments
3. Excellent knowledge of Security principles
4. Good knowledge of security CIS principles and standards
5. Experience in managing third parties including MSSPs
6. Relevant security qualifications or experience (e.g. CISSP, CSSP, etc)
7. Excellent documentation and presentation skills

Regulatory Requirements:

1. Industry codes of practice
2. Relevant legislative and regulatory requirements including DPA/GDPR, PCI-DSS, NI52-109 and FCA guidance.

A good contributor in this role will typically be able to demonstrate

Core Skills and Knowledge

1. Influencing others Advanced
2. Building Effective Relationships Advanced
3. Making Change Happen Intermediate
4. Planning Advanced
5. Understanding IT / IS Advanced
6. Using Judgement Advanced
7. Leading People Intermediate
8. Communicating Effectively (written / verbal) Advanced
9. Presentation skills Intermediate
10. Able to report on risks and issues to less technical stakeholders.
11. Positive can-do attitude and strong attention to detail.
12. Motivated by engaging with modern cyber attacks.

Functional Skills and Knowledge

1. Infrastructure security Advanced
2. IT Risk / IT Audit / IT Controls Intermediate
3. Financial Services experience
4. Knowledge of emerging technologies

Track Record

1. Preferably 3 years of experience within Financial Services actively working with cyber security tooling
2. Experience in delivering threat intelligence services within large organisations