We are currently recruiting for a Third-Party Assurance Specialist to be a part of our Third-Party Information Security Assurance Team (TPISA).
This position would be ideal for, if you are seeking a new and existing opportunity to apply your skills in a challenging and fast paced role. You will provide your subject matter expertise on all new supplier on-boarding activities including but not limited to due diligence testing, along with the completion of security assurance reviews on an agreed set of existing suppliers and acting as the single point of contact for TPISA related information.
Having an information security background and experience with third party assurance is significant for the role as you will manage and work with internal stakeholders, external consultants and Aviva suppliers to identify the key risks associated with existing supplies. Ensuring that all existing suppliers are assessed or on-boarded with appropriate due diligence or security maturity identification and assist with supporting activities including PMO functions and remediation.
Responsibilities in the role:
- Ability to lead information security related assessments independently
- Able to work collaboratively with teams from other disciplines within Aviva and with the suppliers
- Able to manage concurrent complex activities to short timescales
- Able to work under pressure to deliver good quality assessment reports
- Perform on-site and/or remote third-party security assessment of critical suppliers across Aviva business units that transmit, process or store Aviva related data
- Work with existing and new suppliers to confirm exit strategy, data retention and data return measures
- Own the back-office functions and activities including TPSA scheduling, PMO, reporting and remediation management for agreed supplier(s)
- Assist the team in a continuous improvement regime
- Go-to TPISA resource for a defined set of suppliers whilst working as part of a global team to provide supplier data security advice and guidance
- Be prepared to travel for assessments (includes UK & international) – between 50-60%
Skills and experience we’re looking for:
- Experience of conducting information security assessments, deep dive multi-day assessments or audits
- Ability to produce high quality audit or assessment reports
- Good knowledge of all domains within security e.g. cloud, security management, BCM, physical, GDPR/data protection
- Good communication and influencing and negotiation skills
- Experience in similar role for a complex global organisation (insurance or financial services sector preferred but not essential)
- Ability to explain technical complex concepts to non-technical stakeholders and suppliers
- A recognised security certification such as CISSP, CISA, CISM, ISO/IEC 27001 Lead Auditor, CCSK or CCSP is desirable but not essential
What will you get for this role?
- Competitive salary depending on skills, experience and qualifications
- Generous defined contribution pension scheme
- Annual performance related bonus and pay review
- Holiday allowance of 29 days plus bank holidays and the option to buy/sell up to 5 additional days
- Up to 40% discount for some Aviva products through “My Aviva Extras” plus discounts for Friends and Family (some exclusions apply)
- Excellent range of flexible benefits to include a matching share save scheme
Working at Aviva
At Aviva, we’re people with a purpose. To be with you today, for a better tomorrow.
We bring this to life by ensuring managing risk is at the heart of the way we all work. We love people who do the right thing for our customers, and our colleagues. We want people who speak up, who take ownership, and who make good decisions.
The way we do this is important too, we’re all about our people – that’s you – so we can be pretty flexible. If you want to work from home some of the time or change your hours so you can pick up your kids or care for someone in your family, we’re very open to that. In fact, we don’t advertise roles as either part or full time, because we know each person has different needs, just as each business area has different needs. So, it’s up to you to discuss working hours during your interview.
We care deeply about being inclusive and that means we encourage applications from people with diverse backgrounds and experiences. We want our employees to bring their whole self to work and that starts with you.
We interview every disabled applicant* that meets the minimum criteria for the job. Once you’ve applied, please send us a separate email stating that you have a disclosed disability and we’ll make sure we interview you.
We’d love it if you could submit your application online. If you require an alternative method of applying, please give Lacey Lane a call on 0207 255 0884 or send an email to [email protected]
*As defined in The Equality Act 2010*. By ‘minimum criteria’ we mean you should provide us with evidence which demonstrates that you generally meet the level of competence required and have the qualifications, skills or experience defined as essential to perform the role.
To apply for this job please visit www.cybersecurityjobsite.com.