Information Security & Cyber Risk Consultant

£45,000 - £60,000 + On Target Bonus 16% up to 32% + Pension & Flexible Benefits

Remote – Flexible Location / Working from Home

(Occasional travel to Edinburgh, Wythall and Telford sites)

Did you know the Phoenix Group is consistently listed as one of the UK’s top employers? Our people uphold our values of responsibility, courage, difference, growth and passion and are at the very heart of the success of our business.  Together, we’ll shape a better future.

We’re currently recruiting for an Information Security & Cyber Risk Consultant to join the Information Security & Cyber Risk team in Group Risk with a base location in our Telford Office, providing Line 2 oversight and challenge to the business and to support the Information Security & Cyber Risk Manager in delivering against the Group Risk Management Framework and Strategy.  

This is a great opportunity to join a busy team providing Line 2 Information Security and Cyber Risk oversight and assurance capability for Phoenix Group, supporting oversight and challenge of the IT/EUC Policy, Controls and Security Standards covering IT, Information Security and Cyber risk.

We welcome discussion on how we can work flexibly to enable you to thrive in your role. 

Key Responsibilities

• Support the Information Security & Cyber Risk Manager in the execution of their duties and appropriately represent them within the business in providing effective guidance, challenge, assurance and oversight
• Report and deliver Information Security & Cyber risk assurance/review activity consulting with management to formulate and agree effective solutions to any identified shortfalls
• Provide input to the continuous development and improvement of the risk review methodology and approach
• IT, Information Security and Cyber Risk oversight of the Phoenix Group through the attendance of meetings and engagement with subject matter experts
• Produce quality management information and reporting
• Provide risk-based, accurate, practical and sound guidance, opinion and support to operational and strategic change initiatives, BAU activity, projects and breach and incident remediation plans
• Effectively analyse breaches, incidents, internal and external audit, compliance monitoring and other review findings to determine Information Security and Cyber risk implications, consideration of regulatory notification to the FCA, ICO or other relevant regulators. Report notifiable events to the relevant Approved Person and liaise with the Phoenix Group SMEs in relation to remediation, root cause and prevention activities as appropriate
• Identify and analyse relevant IT/EUC, Information Security and Cyber related regulatory changes and themes which impact the Phoenix Group.  Ensure details of changes/themes are communicated appropriately and oversee the timely implementation of all necessary actions
• Review relevant customer processes and systems where there are changes and provide guidance, recommendations and challenge to business owners on areas for development/improvement
• Challenging the business to ensure that the established information security control framework is (and remains) aligned with industry best practice, using the ISO / IEC 27000 series standards (or equivalents) as a benchmark
• Challenging the business to ensure that the Information Security Control Framework meets the requirements of current and emerging legislation and regulation, including the guidelines and expectations of our regulators
• Continuously developing existing expert technical knowledge and applying this in conjunction with significant business awareness in order to give accurate and timely advice when these are constantly evolving
• Conduct Line 2 Information Security and Cyber Risk oversight and assurance activities which adds value to the business, ensuring delivery via a multi-site team in a consistent manner to a high level of quality
• As a member of the Information Security & Cyber Risk team in Group Risk, working proactively across the various teams in the function to ensure that we deliver fully against the Group Risk Framework
• Maintain knowledge of technology, systems, processes, data and interfaces deployed across the Phoenix Group
• Deputise for Information Security & Cyber Risk Manager as required

What We’re Looking For

• Relevant IT/EUC, Information Security and Cyber technical experience, including knowledge and awareness of the regulatory environment and relevant legislation
• Proven knowledge and experience of IT tools, capabilities and controls.
• Knowledge of Security Testing tools and techniques e.g. Penetration Testing, Infrastructure Scanning, Static Code Review and Web App Scanning tools.
• Proven knowledge and experience in Industry Standards and best practice including the ISO/IEC 27000 series, NIST Cybersecurity Framework, ITIL etc.
• IT Security and Risk experience in one or more of the following areas:
  • “First Line” role - either as IT, IT Security or Risk technician or Manager
  • “2nd Line” role - providing IT Security Management or IT Security or Risk support, or review and challenge to an IT functional area
  • “3rd Line” role – IT Security or IT auditing of an IT functional area

Essential

• One or more Information/Cyber Security Certification/Qualification e.g. Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Cloud Security Professional (CCSP), CompTIA Security+ etc.

Desirable

• One or more Risk Management Certification/Qualification e.g. Certified in Risk and Information Systems Control (CRISC), an Institute of Risk Management qualification etc.
• ISO 27001 Lead Auditor
• Certified Information Systems Auditor (CISA)
• ITIL Foundation
• Undergraduate Degree or equivalent

What We Offer

Bring your ‘whole self’, skills and dedication to the Phoenix Group and we’ll recognise your effort, support your development and help to drive your ambition. We’ll ensure you’re rewarded for your contribution with a competitive package that includes an attractive pension, annual bonus potential, private medical insurance, generous holiday entitlement, enhanced maternity and adoption leave and a range of other financial services and lifestyle flexible benefits. 

Join us and you join a unique organisation. It’s not just the 14 million policyholders we serve, or the £300 billion of assets we look after. Or that we’re a FTSE 100 company that has been listed as one of the UK's Top Employers for nine years running.  It’s our talented, inclusive and diverse workforce that makes us a success.  We offer flexible working opportunities ensuring we attract and retain the very best of talent. Find out about more about our people’s stories, our values and our commitment to diversity.

Online Interviews and Onboarding

All our interviews, onboarding and new joiners are now managed remotely. We have in place a strong virtual support network to ensure new colleagues are supported and developed as they navigate their first few months with us.

About Us

Phoenix Group is a member of the FTSE 100 index and is the UK’s largest long-term savings and retirement business. We specialise in the acquisition and management of Heritage life insurance and pension funds. We’ve businesses in the UK, Germany and Ireland and hold a broad range of both Heritage and Open products split across three key business segments: UK Heritage, UK Open and Europe.  Our open business manufactures and underwrites new products and policies to support people saving for their future in areas such as workplace pensions and SIPPs, primary under the Standard Life brand. And we market corporate pension trustee services and manufacture products to be sold under other brands. Did you know Phoenix Life manufactures SunLife’s market leading Guaranteed Over 50’s plan?

We value diversity in our workforce and welcome enquiries from everyone.

Closing Date; 20^th October 2021.