Reporting to: Delivery Team Leader (Cyber Fusion Centre)
Location: York (UK) or Lisbon (Portugal)
Type: Permanent
Band: II
Company Description:
Hiscox is a diversified international insurance group with a powerful brand, strong balance sheet and plenty of room to grow. Listed on the London Stock Exchange and headquartered in Bermuda, Hiscox has over 3,000 staff across 14 countries and 34 offices.
Structured by geography and product, Hiscox’s long-held business strategy has helped them grow from a niche Lloyd’s underwriter to an international insurance group with a powerful and trusted consumer brand. For the financial year 2023, GWP grew to $4,598m with net premiums earned of $3,555m, returning a record pre-tax profit of £625.9M. Our corporate values are crucial to our success:
1. Courage; dare to take a risk
2. Human; clear, fair, and inclusive
3. Ownership; passionate, commercial, and accountable
4. Integrity; do the right thing, however hard
5. Connected; together, build something better
The Role:
The Cyber Security Architect works in our Cyber Fusion Centre, responsible for ensuring the safety and security of our business assets and interests. You will design, build, and implement security solutions to protect us against sophisticated cyber threats. You will translate business needs into security requirements, ensuring systems and data are protected from unauthorized access and potential breaches.
You will work closely with our Red and Blue Teams to identify vulnerabilities and control gaps, turning these into a pipeline of continuous improvement for our cyber defenses. You will collaborate with Cyber Security Engineers to design, build, implement, and maintain the security controls needed to manage our cyber risks within agreed appetites. You will also engage with project delivery teams across our business, providing expert security advice and guidance in support of their objectives. Experience with various architecture and delivery methods and a strong technical background in a high-paced operational environment are essential.
Key Responsibilities:
1. Gather, analyze, and prioritize requirements for security architecture and systems design.
2. Develop and maintain a robust roadmap of security controls based on agreed objectives and priorities.
3. Evaluate current security measures, analyze vulnerabilities and control gaps, and recommend improvements to mitigate risks.
4. Perform technical risk and control assessments in support of the overall risk management lifecycle.
5. Design and implement operational security capabilities, measuring the effectiveness of controls over their lifecycle.
6. Support the development and maintenance of technical security policies, standards, and processes.
7. Research emerging cyber security trends, threats, and technologies to improve our security posture.
8. Define and govern delivery pipelines and plans to ensure timely and budget-compliant controls.
9. Maintain documentation relating to security systems design, including traceability to requirements and control assurance evidence.
10. Ensure compliance with all relevant statutory and regulatory security commitments.
11. Support the incident response lifecycle with design and implementation measures to contain breach impacts and prevent future incidents.
12. Deliver education and training initiatives to raise cybersecurity awareness, fostering a secure by-design culture.
Candidate Profile:
1. 5+ years experience in a security architecture or security operations role.
2. Excellent knowledge of capability-oriented security architecture and design.
3. Excellent knowledge of Agile delivery methods, including DevSecOps models.
4. Excellent knowledge of requirements analysis and systems engineering.
5. Excellent analytical skills with the ability to work independently.
6. Proven experience in governing and delivering security projects.
7. Comprehensive knowledge of the latest tactics, techniques, and procedures for mitigation.
8. Comprehensive knowledge of commonly used security technologies.
9. Good presentation and technical design writing skills.
10. BSc or MSc in Cybersecurity is desirable.
11. Cybersecurity architecture qualifications from bodies such as SANS, CREST, and ISC2 are desirable.
12. Industry-recognized vendor certifications in security technologies are desirable.
Diversity & Benefits:
At Hiscox, we care about our people. We hire the best people for the job and are committed to diversity and creating an inclusive culture, which drives success. Our hybrid working model encourages a healthy work-life balance. Our benefits package includes a bonus, contributory pension, 25 days annual leave plus 2 Hiscox days, a 4-week paid sabbatical every 5 years, private medical for all the family, and more.
Work with amazing people and be part of a unique culture.
If you want to help build a brilliant future; work with amazing people; be part of a unique company culture; and enjoy great employee benefits that care for your mental and physical wellbeing, come and join us.
Get in touch:
If this is your first time visiting our career site and you wish to stay in touch, please select the 'Introduce yourself' button on the top right. This will allow us to contact you with suitable vacancies. If you are a returning prospect and wish to view our current vacancies, please search for jobs using the link on the top right.
About us:
We’re a global, specialist insurer headquartered in Bermuda and listed on the London Stock Exchange. With 3,000 employees and 32 offices in 12 countries, we offer many opportunities for talented individuals. If you want to build a great career with a company that prioritizes strong values – such as integrity and courage – where our people always pull together to do the right thing for each other and our customers, then we’d love to hear from you.
#J-18808-Ljbffr