The Information & Cyber Security Manager will support the Head of Cyber & Data Security / Data Protection Officer in executing the organisation's cybersecurity and data protection strategies. This role involves managing day-to-day cybersecurity operations, implementing security measures, and ensuring the protection of information assets. The incumbent will play a critical role in detecting, responding to, and mitigating security threats and is responsible for protecting SBG from cyber threats. They will execute SBG’s Cyber Security strategy to ensure the organisation's security posture keeps pace with ever-changing cyber threats, overseeing the day-to-day operations of the Cyber
Security Team to ensure SBG’s Cyber Security controls are operating effectively.
Responsibilities
• Oversight of the Security Operations Center (SOC) to ensure continuous monitoring and detection of security incidents.
• Oversight of security technology, including firewalls, intrusions detection and encryption.
• Execute SBG’s Cyber Security strategy to ensure SBG’s Cyber Security controls are matured and adequately designed to meet present and future cyber threats.
• Build a SBG culture of ‘zero trust’, to ensure SBG’s systems are always built with security in mind.
• Develop and enforce SBG’s Cyber Security policies, processes, procedures and standards
• Prioritise the backlog of Cyber Security change required to mature SBG’s security posture.
• Promote a culture of security awareness, be the authority point for SBG’s ‘Security Fundamentals’ which should be adhered to for all IT change.
• Develop and deliver cybersecurity awareness programs and training sessions for employees.
• Conduct regular vulnerability assessments and penetration testing. Coordinate with IT teams to remediate identified vulnerabilities in a timely manner. Track and report on the status of vulnerabilities and remediation efforts.
• Horizon scan for future Cyber Threats and create roadmaps for their mitigation.
• Supplier owner of SBG’s Cyber Security system suppliers
• Lead Cyber Security testing of SBG’s IT Estate
• Assist in identifying, assessing, and prioritising cybersecurity risks. Implement risk mitigation strategies and track the effectiveness of security measures by conducting regular security risk assessments and audits.
• Attend Cyber Security forums with IT and customers
• Promote good Cyber Security practices with our customers.
• Member of the Aviva Security Risk Forum
• Provide continual service improvement of all SBG’s Cyber Security systems.
• Issue phishing scenario tests to our colleagues to provide information security culture insights at SBG
• Provide independent advice and oversight of the first line IT department’s procedures and system changes.
• Provide support and guidance in relation to information security matters.
• Provide Information security requirements and guidance on any SBG projects and initiatives.
• Monitor legal and regulatory developments in Information Security and report relevant developments to the business.
• Develop and implement procedures to maintain security and protect systems from unauthorised use and acts of abuse.
• Undertake ad hoc projects and duties as and when required, to support the needs of the business or to achieve departmental objectives.
Critical skills required
• Good communicator at all levels, customer, team, executive, board
• The ability to build a culture ‘zero trust’ within the team and our customers.
• Strong stakeholder management & collaborating skills to build and maintain effective working relationships with stakeholders in different disciplines, geographies and our parent company, Aviva.
• Data collection and analytics, interpretation, and presentation.
• Able to communicate complex technical information clearly, both verbally and in writing
• Perform multiple tasks concurrently and respond to emergency situations effectively.
Critical knowledge required
• Good understanding of Cybersecurity standards and frameworks, e.g.: ISO 27001 and 27002, NIST, CIS, OSA, OWASP, SANS, COBIT
• Good Understanding of computing technologies and how to interpret them.
• Understanding of Microsoft Azure and its technologies
Critical behaviours required
Competency |
Level |
Communication |
B |
Technical |
B |
Managing & leading yourself & others |
B |
Developing yourself & others |
B |
Service excellence |
B |
Commercially focused |
B |
Embracing Change |
B |
Teamwork |
B |
Personal profile
Qualifications required Essential
• At least one Professional qualification in Cyber Security i.e., CISSP, CISM
Desirable
• CISSP
• CISM
• CySA+
• CEH
• CCSP
Experience required Essential
• Ability to write and enforce Policies, Processes & Procedures
• Experience of working with cloud technologies
Desirable
• Previous experience of working at a technical level with cloud technologies
Our Expectations
Our Approach to Risk Management
• You will require an awareness of operational and regulatory risk, which may impact on SBG. You will be responsible for reporting to their line manager any risk which may impact on the business.
Three Lines of Defence Risk Management Model
• You will be required to deliver your role competently and comply with the relevant standards and procedures, ensuring that SBG deliver a service where suitable advice is given to the end consumer, which is adequately recorded and ultimately promotes good customer outcomes. This can either be through direct influence or in a support services capacity.
The Consumer Duty Principle
• You will be required to highlight to your line manager procedures and processes that may impact on SBG’s ability to deliver good outcomes for retail customers and/or may lead to foreseeable harm. Where possible and relevant to your department, put forward suggestions that could positively impact the outcomes achieved by retail customers.
Information Security
• You will need to be aware of all information security principles, policies and procedures and ensure these are followed on a day-to-day basis. You will be required to remain vigilant at all times and report any security concerns, suspicions and/or breaches in a timely manner.
SBG’s 6 Star Service Delivery
• You will need to demonstrate an understanding of what 6-star service delivery means in your role. This will be evidenced through your day-to-day behaviours and performance measured against your team’s 6-star service objectives.