This role will be supporting the Life & Annuity business in the US.The incumbent will be proficient in all aspects of Information Security. The Senior Analysts primary purpose is to lead efforts pertaining to compliance with company policy including security risk assessments (identify risk and design solutions to remediate), penetration testing, security awareness, and privacy/DLP initiatives.
Responsibilities also include reviewing and assisting staff level analysts with risk analysis and evaluating and implementing new data security technologies. The function is responsible for ensuring an effective balance between the cost of security controls and the value of the information being protected.This job exists to ensure security risks are identified and mitigated based on Aviva’s risk appetite and accepted standards.
Provide leadership to a team of senior and staff level analysts.
Be the technical lead on information security related projects related to DLP/protection of confidential data.
Develop and implement information security policies and procedures and actively contribute to the strategic planning process in this.
Work with management to improve the risk assessment process related to projects, external service providers, suppliers, etc.
Work with internal audit and outside consultants as appropriate for independent security audits.
Provide the expertise to the market as it pertains to business protection topics: information security, and champion best practices related to these items as appropriate for each function and discipline.
Participate in IT and Business Unit projects to ensure security policies and standards are adhered to. Conducting or overseeing technical RAs within the BU for new projects or major changes to existing technology and ensuring sign-off of all identified risks.
Tracking IS risks and issues and assisting with the implementation of action plans that ensure timely remediation of the risks/issues. Escalating excessive BU IS risks in accordance with the Group and BU risk management frameworks.
Address daily requests from IT and Business Units on security related matters and take ownership of incidents where applicable and provide summaries and reports to the Information Security Manager.
Develop and disseminate security training and awareness interventions to the market
Development, interpretation and implementation of security policies and procedures
Experience performing software development and maintenance, as well as infrastructure-related information risk assessments, which would include assessing information security risks covering confidentiality, integrity and availability.
Knowledge needed for this activity: SDLC phase knowledge (requirements gathering, coding and unit testing, other testing methodologies, code versioning, elevation and deployment), network , server, database technologies and processes (hardening, patching, configuration management, logging and monitoring, vulnerability management), Application and system architecture, Backup and recovery technologies, Problem and incident management, Business Continuity/Disaster Recovery, Project Management, Identity and Access Management (authentication mechanisms)
Experience leading and managing audits, risk assessment, planning, audit execution and issue/report writing
Proven effective leadership competencies including team player, good communication skills, change agent, strategic thinker, good interpersonal and relationship skills, and ability to work with minimum supervision.
An understanding of risk management as it applies to security, information technology, and general business environment
PCI/SOX/HIPAA knowledge EXPERIENCE:
University degree (4 year Bachelor’s)
Hold or work towards industry recognized certification (CISA, CISM, CISSP)
Insurance industry specific background would be an asset
Experience in financial services and/or security sector
Experience of security architecture design and implementation, wireless security, network security, system monitoring, vulnerability detection and remediation, DLP, and Windows/Unix/Linux security knowledge an asset.
Experience in web application security including secure application development (security in SDLC phases) and architecture an asset.
Experience with implementing industry security frameworks including ISO17799/27001, CoBit and Sarbanes Oxley an asset.
The candidate will have at least 5 years experience in information security.
Experience with policy compliance tools and control processes. Aviva is an Equal Opportunity Employer. We do not discriminate on the basis of race, color, religion, sex, national origin, age, disability, marital status, sexual orientation, or veteran status or any other status protected by federal, state or local law.
Aviva - 20 months ago