Job Description
We are currently working with a Large Insurance Business looking for a Technical Information Security Expert.

The role would be to deliver information risk management and advisory services as well as being a lead technical security contact for the Security Risk and Governance team. You will with new IT and business initiatives to ensure that information risk is effectively. As well as this you will work on improving the risk assessment and treatment processes to reduce the business' cyber risk exposure to agreed and acceptable levels.
The Responsibilities:

• Ensure that information about technical vulnerabilities of information systems is readily available, the organisation's exposure to such vulnerabilities evaluated and appropriate measures taken to reduce the associated risk.
• Analyse information security risks associated with new IT and business initiatives, including potential impact and likelihood as well as identifying effective mitigating controls.
• Perform a security lead role in Agile Tribes in IT and other projects to ensure effective and appropriate information security engagement.
• Maintain a high level of technical expertise to be applied to the evaluation and selection of mitigating controls.
• Ensure that integration is in place between the risk management, operational and incident response processes, such that knowledge gained from analysing and resolving information security incidents can be used to reduce the likelihood and/or impact of future incidents.
• Risk assessment reports, threat modelling and risk treatment recommendations delivered in a timely and repeatable manner.

The Requirements:

Knowledge and experience of using at least one risk methodology.

Strong technical background, e.g. knowledge of IT controls implementation and management

Degree in a technical discipline

CRISC, CISM or CISSP

Strong experience across multiple Cloud environments.