Job Type:
Permanent
Build a brilliant future with Hiscox
Position: Cyber Risk Analyst
Reporting to: Head of Cyber Assurance
Location: York
Type: Permanent
Band: I
Company description
Hiscox is a diversified international insurance group with a powerful brand, strong balance sheet and plenty of room to grow. Listed on the London Stock Exchange and headquartered in Bermuda (with the bulk of group leadership sitting in London), Hiscox has over 3,000 staff across 14 countries and 34 offices. Structured by geography and product, Hiscox's long-held business strategy has helped them grow from a niche Lloyd's underwriter to an international insurance group with a powerful and trusted consumer brand.
The Role
The Cyber Risk Analyst is primarily responsible for identifying and analysing the risks associated with cyber threats to our business. You will need to be familiar with cybersecurity risk management frameworks, and have a good grasp of industry recognised security standards such as ISO27001 and NIST CSF. You will also work closely with various stakeholders across our business to gather and analyse data on our Key Risk Indicators (KRIs), track risks throughout the management lifecycle and escalate issues when needed. You will need to be able to populate risk management plans, recommend risk management options and identify trends in our risk assessment data. You will need to promote a culture of risk management and best practice security standards, and your expert advice will help our risk owners to make informed decisions. You will also support with control testing, supply chain risk management and compliance audits against internal policies and standards. You will support other members of your team with the development and maintenance of our security policy framework, and assist with the delivery of security awareness training. The role works in our Office of the CISO and reports to our Head of Cyber Assurance. The role is a permanent position, and will be based in York (UK).
Key Responsibilities
1. Identify and analyse cybersecurity risks to our business using quantitative and qualitative methods.
2. Perform risk assessments, control tests and compliance audits in support of our assurance activities.
3. Ensure that security risks are being accurately identified and managed within acceptable levels throughout their entire lifecycle.
4. Develop risk management plans and implement measures to reduce risks where required.
5. Perform third party security risk assessments.
6. Gather risk management data to track and manage changes in our KRIs.
7. Support the delivery of all regulatory compliance, risk and board reporting.
8. Provide cybersecurity risk consulting to delivery programmes and projects.
9. Advise on implementation of security policies and standards, and how to maintain compliance.
10. Communicate and report on security risks, issues and initiatives to our stakeholders.
11. Support the continuous improvement lifecycle of our security policies and standards.
12. Support the delivery of our corporate security awareness programme and associated initiatives.
Candidate Profile
1. 1 to 3 years experience in a cybersecurity risk analyst role.
2. Good knowledge of security frameworks, standards, and best practices (e.g., NIST, ISO, CIS, etc.).
3. Working knowledge of risk management principles and practices for cybersecurity.
4. Working knowledge of security technologies, tools, and methodologies (e.g., firewalls, encryption, penetration testing, etc.).
5. Familiarity with financial services (preferably insurance) security standards and regulatory requirements.
6. Good analytical and problem-solving skills.
7. Good communication and stakeholder management skills.
8. BSc or MSc in Cybersecurity, Computer Science or Risk Management is desirable.
9. Industry recognised qualifications such as CISA and CRISC are desirable.
Diversity & Benefits
At Hiscox we care about our people. We hire the best people for the job and we're committed to diversity and creating a truly inclusive culture, which we believe drives success. Working life doesn't always have to be in the office, so we have introduced hybrid working to encourage a healthy work life balance. This hybrid working model is set by the team rather than the business to enable you to manage your own personal work-life balance. We see it as the best of both worlds; structure and sociability on one hand, and independence and flexibility on the other. Our benefits package includes a bonus, contributory pension, 25 days annual leave plus 2 Hiscox days and a 4 week paid sabbatical with every 5 years' worth of service, private medical for all the family and much more.
Work with amazing people and be part of a unique culture. #J-18808-Ljbffr