We’re First Central Insurance & Technology Group (First Central for short), an award-winning innovative insurance and technology organisation, delivering market-leading motor insurance, underwriting, distribution, finance, technology and legal services.
Are you looking for a new career with a fast-growing, dynamic company? Well look no further! We need an Information Security Manager to join our Technology and Data team in either Salford Quays, Manchester, Haywards Heath, West Sussex, or our offices in Guernsey.
Want to work at a business that understands Information Security is a key business risk? You’ve come to the right place!
We are expanding our Information Security team to help us deliver the InfoSec strategy and vision and to ensure that our assets and data have the level of protection they deserve. You will become part of a dynamic and flexible team that has set some ambitious goals and are looking for an Information Security Manager to join us in our quest for glory. You might wonder what the job entails? Well, you’ll be expected to work across multiple workstreams – from certifications, assurance reviews, risk management, identifying emerging threats, collaborating with our Technology team, supporting new architectural development all the way to improving Information Security awareness and getting your hands dirty with technical reviews. You will not be bored, guaranteed. There are enough opportunities and challenges to keep you growing for years to come.
We are also very supportive of flexible working – our focus is on outcomes and delivering on promises.
To be successful in this role, you’ll need:
- Detailed knowledge of Information Security frameworks and standards such as ISO27001, PCI-DSS and Cyber Essentials +.
- Be experienced in managing Information Security in an Agile Change environment.
- Possess excellent communication, interpersonal and stakeholder management skills.
- Willing to learn and develop new Information Security and soft skills.
- To be self-motivated and enthusiastic with the desire to meet or exceed targets.
As part of the Information Security second line of defence team, and working with stakeholders across the business, deliver our Information Security services (such as consultancy, assurance reviews and risk management) and provide governance and oversight across the business to effectively manage Information Security and Cyber risk.
- Play a key part in the implementation and maintenance of established control frameworks such as ISO27001 and PCI-DSS and other relevant security frameworks, including the creation of policies standards and other documentation.
- Act as an Information Security consultant to the rest of the business and represent Information Security in key forums, e.g. Project teams, Technical Design Authority, Agile Scrum teams, etc.
- Undertake assurance reviews and assessments, including 3rd Parties, new technical solutions and processes and produce relevant recommendations and reporting.
- Understand the business and information risk context, proactively work with teams to develop architectures and countermeasures which mitigate risks to an acceptable level.
- Performing information security risk assessments for change, processes and new solutions, etc, producing recommendations and reporting. Contribute to the running of the Information Security risk processes.
- Ongoing identification of emerging security threats through regular engagement with control and risk owners, coupled with external security trends, horizon scanning and analysis.
- Assist in developing the Information & Cyber Security maturity across the business.
- Contribute to and deliver appropriate security awareness activities and promote good security practice in order to improve Security culture across the business.
- Promote the benefits of a robust and secure IT environment ensuring a pragmatic approach to deliver solutions within short timeframes.
- Be available as part of the Information Security Incident response team when required.
- Produce other metrics and reporting as required.
- Comply with the requirements, and act in accordance with, the Group Code of Conduct and Fitness and Propriety policies at all times.
- Ensure compliance with Company Policies, Values and guidelines and other relevant standards/ regulations at all times.
- Any other reasonable duties as required.
Experience & knowledge
- Extensive Information & Cyber Security experience.
- Detailed knowledge of Information Security frameworks and standards, in particular PCI-DSS, ISO27001 and Cyber Essentials +
- Experience of managing Information Security in an Agile Change Environment an advantage.
- Proven track record of undertaking control assurance reviews against best practice standards and identifying gaps.
Skills and Qualifications
- Suitable qualifications, e.g. CRISC, CISM.
- Excellent communication and interpersonal skills, both verbal and written.
- Excellent stakeholder management skills.
- Excellent analytical skills.
- Excellent organisational skills.
- Able to demonstrate 2nd Line of Defence thinking and behaviours.
- Willingness to continually develop and learn new Information Security and soft skills.
- Self-motivated and enthusiastic with the desire to meet or exceed targets.
- An organised and pro-active approach to Information Security.
- A flexible approach and positive attitude.
- Emphasis on attention to detail and accuracy.
- Strives to drive business improvements to contribute to the success of the business.
What can we do for you?
We believe we can offer you a great working environment as we’re so passionate about our people. Here are just some of the benefits and perks that we offer…
- Fantastic training and development opportunities
- Employee benefit packages to suit your lifestyle
- Flexible working
- YOUday – we give you an extra day off to celebrate a special day
- The opportunity to take a paid day off each year to do charity work
- A health cash plan
- Help with travel expenses
- The opportunity to buy additional holiday
- Company pension scheme
- Group life assurance
- Enhanced maternity and paternity pay
- Professional subscription fees paid
Employee wellbeing is high on the agenda here too. We provide a weekly free fruit delivery, discounted membership at a local health club and access to an Employee Assistance Programme, which promotes physical and emotional wellbeing at work and at home. In addition, we provide wellbeing events throughout the year to support physical and mental health.
For further information on what we can offer and to learn more about this role, feel free to contact our dedicated Recruitment team.