Full details of the job.
Vacancy Name: Information Security Manager
Vacancy No: VN212
Employment Type: Full-Time
Location: Borehamwood
About Us: Pinnacle Pet UK is a Top 5 UK Pet insurer with a clear ambition to be the leading Pet healthcare and insurance services partner in the UK.
We are part of the Pinnacle Pet Group (PPG) – a pan European fully integrated pet insurance and health services platform which was set up as a joint venture between JAB Holding Company and BNP Paribas Cardif. PPG’s ambition is to create the leading pet insurance and health services platform globally.
Over the last two years, through the success of our partnership strategy, which includes Sainsbury’s Bank, PDSA and Post Office, we’ve doubled the size of our business. We have ambitious growth plans through UK and European partnerships, and own brand and a clear vision for the development of our customer and partner proposition.
Not only do we have big ambitions for innovation, customer experience and growth, we also pride ourselves on being a great place to work. We know not everyone works best confined to the four walls of the office, which is why we embrace hybrid working. Our teams come together to collaborate in the office when needed, but we also have the space and the freedom to work from home. We believe people should have the best of both worlds to foster creativity, social connections, shared learning autonomy and productivity. It helps support a good work-life balance, and it’s the way we want to be.
We are an equal opportunities employer, committed to eliminating discrimination in the workplace and to promoting equal opportunities for all staff. We are proud of our diversity, which is one of our core strengths. We want all of our people to thrive in an environment where bringing a different perspective is welcomed. We reflect the broad diversity of the customers we serve and we embrace an inclusive working environment.
If you want to work as part of a team, building and delivering something exceptional which will make a difference to pet owners and their pets and if you want to have fun in the process, we would love to hear from you.
As Information Security Manager, you will be working alongside the CISO to deliver the Pinnacle IT Security Framework and uphold security governance, risk, and compliance requirements. You will be managing a team of 2 staff to support you with meeting these goals. As a subject matter expert, you will support business functions by demonstrating a deep understanding of Security domains including:
* Leading security standards and frameworks: ISO27001:2022, NIST CSF, NIST SP 800-53, Zero Trust, Secure by Design, Cloud Security models.
* Vulnerability Management.
* Malware Protection.
* Third Party Security.
* Authentication Mechanisms.
* Cybersecurity Management & Governance.
* Security Incidents Management.
* Business Continuity / Crisis Management.
* Cybersecurity Integration into projects / applications.
* Asset management.
* DDoS Protection.
* Logging and detection.
* Identity and Access Management (including Privileged Account Management).
* Network Security.
Key Responsibilities
* Daily management of the Security Operations Officer and Application Security Officer roles within the security team to achieve the following objectives;
* Managing, developing, implementing, monitoring, and reporting on the Pinnacle security framework and cyber improvement plan initiatives.
* Perform IT security maturity evaluations and track Pinnacle security posture.
* The ongoing delivery and improvement of the Pinnacle Cyber Security Program, ensuring the Cyber program is in line with the objectives of PPG, IT & Cyber risks mitigation.
* Provide input to Pinnacle CISO and wider PPG Security teams and partners where applicable.
* Working with a team of SMEs across the entire security and IT landscape, you will advise on and deliver projects to meet and improve on global security compliance within the organisation.
* Identifying, analysing, and formalising cyber security risks, including reporting to relevant stakeholders.
* Identify and advise on exhaustive action plans to respond to cyber security risks, ensuring the follow-up of progress, and regularly updating the status of each cyber security risks in corresponding logs.
* Conducting internal and external security assurance reviews against standards-based compliance requirements referring to best practice Security and Governance frameworks.
* Scheduling and Co-ordinating Penetration testing.
* Vulnerability Management including review and validation of scope, conducting vulnerability scans, and coordinating remediation efforts.
* Infrastructure monitoring (including Compliance).
* Security incident analysis and management.
* Managing security recommendations.
* Organize and manage the various IT Security committees.
* Preparing and managing IT Security documentation (procedures, reports, analysis).
* Conducting or Participation in both internal and external audits and assessment.
* Preparing and conducting security training and awareness campaigns.
* Assisting and advising the wider business on topics related to security.
* To act to deliver good outcomes for retail customers whilst delivering a higher standard of customer care and enabling consumers to make effective decisions in their interests.
Successful Candidates Will Have
* Strong experience and understanding of security governance, risk, and compliance. This should include experience assessing, monitoring, remediating, and improving security and risk posture, aligned to leading security standards and frameworks: ISO27001:2022, NIST CSF, NIST SP 800-53, Zero Trust, Secure by Design, Cloud Security models.
* Strong cloud security expertise. This should include an ability to interact with leading cloud security tooling and configuration, as well as experience applying cloud security principles to an operational environment: Cloud security posture tracking, cloud security controls, cloud security management, cloud security architecture.
* Strong security leadership and assurance abilities. This should include experience leading and developing security teams. Experience acting as the face of security for strategic projects, business updates and assurance activities will be a key skill for this role.
* Effective stakeholder management. This role will require active engagement with critical suppliers, business partners, wider Pinnacle teams, PPG Group, managed services, and project resources. Impactful, organised, and timely communications will be required.
Person Specification
Key Skills
* Strong experience and understanding of security governance, risk, and compliance. This should include experience assessing, monitoring, remediating, and improving security and risk posture, aligned to leading security standards and frameworks: ISO27001:2022, NIST CSF, NIST SP 800-53, Zero Trust, Secure by Design, Cloud Security models.
* Strong cloud security expertise. This should include an ability to interact with leading cloud security tooling and configuration, as well as experience applying cloud security principles to an operational environment: Cloud security posture tracking, cloud security controls, cloud security management, cloud security architecture.
* Strong security leadership and assurance abilities. This should include experience leading and developing security teams. Experience acting as the face of security for strategic projects, business updates and assurance activities will be a key skill for this role.
* Effective stakeholder management. This role will require active engagement with critical suppliers, business partners, wider Pinnacle teams, PPG Group, managed services, and project resources. Impactful, organised, and timely communications will be required.
Required Skills and Work Experience
Essential
* Prioritisation and time management skills.
* Effective communication and documentation skills.
* Experience with internal / external Security and Governance audits.
* Experience with the latest information security threats & vulnerabilities and appropriate counter measures.
* Experience with attack monitoring and Intrusion Prevention (IDS/IPS), SIEM, Anti-Virus, WAF, Firewalls, Identity and Access Management (IAM), patch management, and encryption.
* Experience with, and in-depth understanding of security vulnerability tools, techniques, and standards used to conduct penetration testing.
* An understanding of best practices for Incident handling, security investigation processes and techniques.
* Exceptional interpersonal, stakeholder engagement and influencing skills.
* Detailed security governance, risk, and compliance skills, including supplier and third-party assurance.
* Strong cloud security expertise.
* Strong security standards and frameworks expertise.
Desirable
* An understanding of designing and implementing security management systems.
* Knowledge of regulations and frameworks related to Privacy.
* Experience Risk Management.
* A background of working on security awareness campaigns.
Required Qualifications Essential
* Security related degree or relevant industry qualifications such as: CISSP, CISA, CISM, CEH and OSCP, CIS20, or equivalent.
* Experience working in an equivalent security related role.
* Evidencable understanding of NIST CSF, ISO27001:2022 and security GRC best practice.
* Evidencable understanding of cloud security principles and controls.
Desirable
* Technical cloud security configuration, optimisation skills and qualification.
* Deep Risk Management experience and qualification.
* ISO27001:2022 Lead auditor and Implementor.
* Microsoft Azure and E5 Security Suite Technical Certifications.
#J-18808-Ljbffr