Technical Information Security Manager

Location:
Guernsey, Haywards Heath, Home Office (Remote) or Manchester
Salary:
up to £80,000 - depending on experience
Department:
Technology and Data
Apply for this job

We’re First Central Insurance & Technology Group (First Central for short), an innovative, market-leading insurance company. We protect the things customers love so they can get on with what matters to them in life. 

Data drives us. It fuels our outstanding distribution, finance, technology and legal services. Our underwriting skills are built on data expertise; it creates the insights we need to give the right cover to the right customers at the right price. But, it’s the people inside and outside our business that power us. They make us stand out, help us succeed. We’re ambitious. We’re growing. We’ve won awards.   

Are you ready to embark on an exciting new career adventure? If you’ve a strong Cyber background and are looking for a new challenge we’re on the hunt for a Technical Information Security Manager who’ll work as part of our Information Security governance and oversight team. 

This technically focused role includes delivering our Information Security services (such as consultancy, assurance reviews and risk management) and providing governance and oversight across the business to effectively manage Information Security and Cyber risk.

We're big on working flexibly - you'll spend most of your time working from home, with the occasional visit to the office, but of course, it’s your choice - if you prefer to be in the office more - that's good with us too.  We've offices located in Haywards Heath, West Sussex, Salford Quays, Manchester, and Guernsey it’s your choice - or maybe you live further afield, we’re happy to accept applications for remote workers! 

Core skills we’re looking for to succeed in the role:

  • Technical Expertise: To succeed in this role, you’ll possess a strong understanding and background in cyber and IT technologies and controls, as well as how they are designed and operate in order to manage and reduce risk.  You’ll have experience in Microsoft security technologies, including endpoint and Azure.
  • Risk and Governance:  You’ll possess the ability to take high level frameworks and security standards and translate them into more detailed control requirements.  You’ll act as a partner to the business and provide oversight, assurance and governance to ensure controls are effectively implemented.
  • Security Frameworks:  You’ll have an understanding of security frameworks such as ISO:27001 and PCI-DSS.
  • Strong communication and interpersonal skills:  You’ll have the ability to communicate effectively to colleagues at all levels, both verbally and in writing and will be able to translate complex technical information to non-technical audiences and build strong relationships with key stakeholders. 

Keeping us on the right track. Together

What’s involved:

  • You’ll play a key part in the implementation and maintenance of established control frameworks such as ISO27001 and PCI-DSS and other relevant security frameworks, including the creation of policies standards and other documentation.
  • You’ll lead the governance, oversight and assurance on technical security controls and technical design on both new and existing solutions in FCG’s network and application portfolio.
  • You’ll act as an Information Security consultant to the rest of the business and represent Information Security in key forums, e.g. Project teams, Technical Design Authority, Agile Scrum teams, to ensure that technical security standards are met and adhered to.
  • You’ll work with stakeholders to ensure that technical security patterns, standards and sub-standards are developed and maintained.
  • You’ll lead and further develop and mature our extensive Pen testing & other testing programmes.
  • You’ll undertake assurance reviews and assessments, including 3rd Parties, new technical solutions and processes and produce relevant recommendations and reporting.
  • You’ll understand the business and information risk context, proactively work with teams to develop architectures and countermeasures which mitigate risks to an acceptable level.
  • You’ll perform information security risk assessments for change, processes and new solutions, etc, producing recommendations and reporting. Contribute to the running of the Information Security risk processes.
  • Ongoing identification of emerging security threats through regular engagement with control and risk owners, coupled with external security trends, horizon scanning and analysis.
  • You’ll assist in developing the Information & Cyber Security maturity across the business.
  • You’ll contribute to and deliver appropriate security awareness activities and promote good security practice in order to improve Security culture across the business.
  • You’ll promote the benefits of a robust and secure IT environment ensuring a pragmatic approach to deliver solutions within short timeframes.
  • You’ll be available as part of the Information Security Incident response team when required.
  • You’ll produce other metrics and reporting as required.
  • You’ll ensure compliance with company and other relevant standards/regulations at all times.

Experience & knowledge

  • Extensive Information & IT Cyber Security experience.
  • Experience of maturing extensive Pen test & other testing programmes.
  • Proficiency in technical security controls and frameworks, including experience and proficiency in cloud security.
  • Experience and expertise in Azure environment security, vulnerability management and associated processes.
  • Detailed knowledge of Information Security frameworks and standards, in particular PCI-DSS, ISO27001 and other cyber frameworks
  • Experience of managing Information Security in an Agile Change Environment
  • Proven track record of undertaking control assurance reviews against best practice standards and identifying gaps.

Skills and Qualifications

  • Suitable qualifications, e.g. CRISC, CISM, CISSP
  • Excellent communication and interpersonal skills, both verbal and written.
  • Excellent stakeholder management skills.
  • Excellent analytical skills
  • Excellent organisational skills.

Behaviours

  • Able to demonstrate governance and oversight thinking and behaviours.
  • Willingness to continually develop and learn new Information Security and soft skills.
  • Self-motivated and enthusiastic with the desire to meet or exceed targets.
  • An organised and pro-active approach to Information Security.
  • A flexible approach and positive attitude.
  • Emphasis on attention to detail and accuracy.
  • Strives to drive business improvements to contribute to the success of the business.

This is just the start. Imagine where you could end up! The journey’s yours.

What can we do for you?

People first. Always. We’re passionate about our colleagues and know the best people deserve an extraordinary working environment. We owe it to them so that’s what we offer. Our workplaces are energetic, inspirational, supportive. To get a taste of the advantages you’ll enjoy, take a look at all our perks in full here. 

Intrigued? Our Talent team can tell you everything you need to know about what we want and what we’re offering, so feel free to get in touch.

Apply for this job

glassdoor

86% of people would recommend a friend to work at First Central

Based on 164 Glassdoor reviews (March 2022)

Benefits

View all benefits >

Simply Health Cash Plan

Simply Health Cash plan. Reclaim the cost of your eye tests, dental appts, physiotherapy and more

Flexible Bank Holidays

Eight flexible bank holidays; you can choose which festivals you observe

Volunteering

We’re passionate about it. Everyone gets a paid day off annually to volunteer

Electric Car Scheme

Plug into our Electric Car Scheme for a deal with insurance, road tax and servicing

Flexible Working

We’re flexible; most roles let you mix office and home working. We work fluidly around core hours

Your Time in Need

Your Time in Need: five days’ leave so you can deal with life stuff. We’ll support you