Secure information management will drive business value for Lloyd's of London and its customers by delivering effective and efficient services that embrace innovation for competitive advantage;
whilst we seek to standardise global solutions and integrate platforms that enhanced protection afford to the highest value assets.
As the Lloyd's corporation relies more on Digital ways of working, the information security boundaries blur and the threat landscape expands.
This specialist role within the Chief Information Security Office has an integral part to play in contributing to Lloyd's Strategy and Future of Lloyd's and will contribute to : Lloyd's becoming a brand that is globally admired and recognised and respected for its reputation as the world's specialist centre for (re)insurance.
Lloyd's will be known around the world for its integrity and will be a place where talented, diverse and socially responsible employees feel proud to work.
This role will practice and promote the principles of inclusiveness and respect the value of diversity.
The Information Security Specialist provides oversight and assurance across the Information Security Framework, to help Lloyd's risk owners to improve their security controls and governance.
Ensuring proper governance, risk management and compliance management of all information security processes that support business operations.
What Will You Do?
The role will be expected to deliver on the following :
Support the Information Security Management System including maintenance of the current NIST controls framework and strategic expansion across the corporation.
Support the management of information security governance for the corporation, ensuring adherence to group policies and standards.
In collaboration with the CISO, ensure key information security risks and issues are identified, addressed and resolved in a timely manner.
Work closely with the Group Technology team; assist the CISO in providing oversight and challenge to the Information Security team.
In collaboration with the Second Line of Defence. ensure that risk management principles are upheld to drive down information risk.
Assist with updating the Third-Party Risk management framework including policy, procedures, due diligence questionnaires and the monitoring of third parties' adherence to information security and data privacy obligations.
Classification : Confidential
Assist with the client management aspects of the Information Security team, including client and potential client questionnaires;
help design a more effective process including a self-service process and a library of standard responses.
Develop relevant dashboards / metrics, analyse data, identify trends and help drive improvements to the control environment.
Assist the CISO in Governance, Risk and Compliance (GRC) and general information security issues as required, including interaction with the Information Security team, Technology teams and business leaders.
Assist in the formulation of and monitoring the application of system security policies, embedding information security best practice in business operations, assessing / auditing third party security, managing breaches of security and ensuring that the department complies with relevant legislation and standards
Skills & Knowledge
The job-holder will be required to have a high level of skills, relating to the Information Security including;
Expert knowledge in threat and vulnerability management
Knowledge of the current and emerging threat landscapes
Ability to design and test solutions which maintain the confidentiality, availability, integrity and compliance of Lloyds data;
or data entrusted to the corporation.
Investigative, architectural and analytical experience
Team-working & influencing skills to ensure that security is effectively implemented
Good understanding of Cyber Security and aspects of Information Security
Ability to take the lead, operate under own initiative and deliver quality solutions
Identify & progress security initiatives, optimise & propose improvements to the control set (process, people and technology)
A focus on delivery will be key along with great attention to detail and the ability to prioritise tasks according to business priorities
Ability to manage own performance, complete tasks reliably and act effectively addressing business issues
The ability to work well within a team but also as an individual as required
Excellent documentation and presentation skills are a must
Ability to take ownership for incidents and maintain integrity when dealing with incidents.
Should have a minimum of 5 years' experience in an information security function, with at least 3 year focused in Information Security Governance, Risk and Compliance.
More specifically security risk assessments, threat modelling, cyber security incident management, education and awareness.
Experience of working with experienced technical subject matter experts, often with different motivations
Working experience dealing with significant incident and reducing the threat landscape.