The Information & Cyber Security Manager will support the Head of Cyber & Data Security / Data Protection Officer in executing the organisation's cybersecurity and data protection strategies. This role involves managing day-to-day cybersecurity operations, implementing security measures, and ensuring the protection of information assets. The incumbent will play a critical role in detecting, responding to, and mitigating security threats and is responsible for protecting SBG from cyber threats. They will execute SBG’s Cyber Security strategy to ensure the organisation's security posture keeps pace with ever-changing cyber threats, overseeing the day-to-day operations of the Cyber Security Team to ensure SBG’s Cyber Security controls are operating effectively.
Responsibilities
• Oversight of the Security Operations Center (SOC) to ensure continuous monitoring and detection of security incidents.
• Oversight of security technology, including firewalls, intrusions detection and encryption.
• Execute SBG’s Cyber Security strategy to ensure SBG’s Cyber Security controls are matured and adequately designed to meet present and future cyber threats.
• Build a SBG culture of ‘zero trust’, to ensure SBG’s systems are always built with security in mind.
• Develop and enforce SBG’s Cyber Security policies, processes, procedures and standards
• Prioritise the backlog of Cyber Security change required to mature SBG’s security posture.
• Promote a culture of security awareness, be the authority point for SBG’s ‘Security Fundamentals’ which should be adhered to for all IT change.
• Develop and deliver cybersecurity awareness programs and training sessions for employees.
• Conduct regular vulnerability assessments and penetration testing. Coordinate with IT teams to remediate identified vulnerabilities in a timely manner. Track and report on the status of vulnerabilities and remediation efforts.
• Horizon scan for future Cyber Threats and create roadmaps for their mitigation.
• Supplier owner of SBG’s Cyber Security system suppliers
• Lead Cyber Security testing of SBG’s IT Estate
• Assist in identifying, assessing, and prioritising cybersecurity risks. Implement risk mitigation strategies and track the effectiveness of security measures by conducting regular security risk assessments and audits.
• Attend Cyber Security forums with IT and customers
• Promote good Cyber Security practices with our customers.
• Member of the Aviva Security Risk Forum
• Provide continual service improvement of all SBG’s Cyber Security systems.
• Issue phishing scenario tests to our colleagues to provide information security culture insights at SBG
• Provide independent advice and oversight of the first line IT department’s procedures and system changes.
• Provide support and guidance in relation to information security matters.
• Provide Information security requirements and guidance on any SBG projects and initiatives.
• Monitor legal and regulatory developments in Information Security and report relevant developments to the business.
• Develop and implement procedures to maintain security and protect systems from unauthorised use and acts of abuse.
• Lead and manage a team of information security analysts based off-shore in India.
• Undertake ad hoc projects and duties as and when required, to support the needs of the business or to achieve departmental objectives.
Critical skills required
• Good communicator at all levels, customer, team, executive, board
• The ability to build a culture ‘zero trust’ within the team and our customers.
• Strong stakeholder management & collaborating skills to build and maintain effective working relationships with stakeholders in different disciplines, geographies and our parent company, Aviva.
• Data collection and analytics, interpretation, and presentation.
• Able to communicate complex technical information clearly, both verbally and in writing
• Ability to manage a high performing team.
• Perform multiple tasks concurrently and respond to emergency situations effectively.
Critical knowledge required
• Good understanding of Cybersecurity standards and frameworks, e.g.: ISO 27001 and 27002, NIST, CIS, OSA, OWASP, SANS, COBIT
• Good Understanding of computing technologies and how to interpret them.
• Understanding of Microsoft Azure and its technologies
Critical behaviours required
Competency |
Level |
Communication |
B |
Technical |
B |
Managing & leading yourself & others |
B |
Developing yourself & others |
B |
Service excellence |
B |
Commercially focused |
B |
Embracing Change |
B |
Teamwork |
B |
Personal profile
Qualifications required
Essential
• At least one Professional qualification in Cyber Security i.e., CISSP, CISM
Desirable
• CISSP
• CISM
• CySA+
• CEH
• CCSP
Experience required
Essential
• Ability to write and enforce Policies, Processes & Procedures
• Experience of working with cloud technologies
Desirable
• Previous experience of working at a technical level with cloud technologies
Our Expectations
Our Approach to Risk Management
• You will require an awareness of operational and regulatory risk, which may impact on SBG. You will be responsible for reporting to their line manager any risk which may impact on the business.
Three Lines of Defence Risk Management Model
• You will be required to deliver your role competently and comply with the relevant standards and procedures, ensuring that SBG deliver a service where suitable advice is given to the end consumer, which is adequately recorded and ultimately promotes good customer outcomes. This can either be through direct influence or in a support services capacity.
The Consumer Duty Principle
• You will be required to highlight to your line manager procedures and processes that may impact on SBG’s ability to deliver good outcomes for retail customers and/or may lead to foreseeable harm. Where possible and relevant to your department, put forward suggestions that could positively impact the outcomes achieved by retail customers.
• You will be required to ensure that the Consumer Duty principle is embedded into the team’s culture, departmental procedures and practices and that management controls and MI are in place to monitor performance against the Consumer Duty principle, where these are required by the business.
Information Security
• You will need to be aware of all information security principles, policies and procedures and ensure these are followed on a day-to-day basis. You will be required to remain vigilant at all times and report any security concerns, suspicions and/or breaches in a timely manner.
• You are required to promote information security in your department, encouraging best practice by ensuring your staff comply with the information security principles, policies and procedures. You will need to monitor workplace practice in line with these policies and procedures and deal firmly with any instances of non-compliance.
SBG’s 6 Star Service Delivery
• You will need to demonstrate an understanding of what 6-star service delivery means in your role. This will be evidenced through your day-to-day behaviours and performance measured against your team’s 6-star service objectives.
• You will need to achieve 6-star service delivery through embedding the 6-star service objectives into to the team culture. You will be required to encourage and exhibit the behaviours that fit within the SBG service charters, leading the team to ensure a clear vision of what 6-star service means for the team, ensuring that service is at the forefront of decision-making processes.
As an SBG People Manager you will be accountable to:
• Set clear personal objectives that are SMART and challenging, review objectives and provide feedback regularly in one to ones and formally through the Performance Evaluation Process (appraisal), within the set timescales.
• Manage performance across the team to ensure the achievement of service delivery outcomes.
• Manage any sensitive issues in line with SBG Policies and procedures, including attendance and performance issues.
• Coach and develop your team to ensure they perform at a high level, strive for excellence and maintain appropriate knowledge of the Group’s propositions in line with the SBG values and competency framework.
• Address any training and development needs, ensuring direct reports have a personal development plan.
• Motivate and reward the team to encourage behaviours within the department, which supports the values of SBG.
• Be committed to group corporate citizenship in line with SBG’s CSR policy. Promote and advocate social interaction and encourage support within own department for nominated charities and corporate activities within the community.