Information Security Manager - Governance Risk and Compliance
We have an exciting opportunity to join Allianz as Information Security Manager - Governance Risk & Compliance based in the UK Head Office in Guildford. You will report to the UK Information Security Officer and will manage a team of information security analysts, delivering a range of security outcomes across Allianz UK business units and locations.
Key Responsibilities and Duties
- Build effective working relationships with business and technology teams (across UK and Group as well as offshore and outsourced partners) in order to deliver the following:
- Support the UK Information Security Officer in developing and delivering the Information Security strategy
- Risk Management - oversee information security risk management framework, working with the Enterprise Risk team to ensure risk management activities contribute to measurement of risk appetite.
- Assurance - Plan, deliver and report an annual internal key-controls validation and ongoing security assurance monitoring programme (including supply chain security assurance). Support internal and external audits on information security topics.
- Compliance - Manage the relationship with the Allianz's external certification bodies and maintenance of the PCI DSS and Cyber Essentials certifications, as well as compliance with Corporate Partner contractual requirements. Ensure ongoing evidence base to demonstrate compliance.
- Security Architecture - work with and advise the Architecture team to ensure appropriate methodologies, templates, patterns and frameworks are developed that adhere to security policies and threat profiles.
- Awareness - plan, deliver and measure company wide information security awareness and training activities.
- Champion process simplification in Information Security ways of working, specifically with internal stakeholders, delivery partners and AZ Technology, whilst ensuring ongoing and improved information security performance
- Lead, motivate and inspire your team and create a culture of innovation, technical excellence customer centricity and continuous improvement that reflects our Purpose, People Attributes and Values, to make the team a great place for people to work.
The role is based in Guildford, and will require occasional travel within the UK and internationally.
Skills and Experience:
To be a success in this role, you will be an experienced Information Security Manager with strong people management skills, as well as the following:
* Good understanding of Information Security and other IT governance frameworks, including ISO27001, PCI DSS, COBIT5
* Working collaboratively with outsourced IT providers to ensure and evidence ongoing information security performance and compliance
* Strong understanding of people, process and technological information security controls, and demonstrable experience in how to test the design and effectiveness of these controls.
* Ability to lead and motivate a multi-skilled team, planning budgeting and deliver a range of security services simultaneously
* Good understanding of the role that enterprise security architecture plays in reducing information risk.
* Ability to understand business drivers and risk appetite and to align information security compliance accordingly
* Desirable - Experience of human factors relating to information security, and how to drive behavioural change through this.
* Desirable - Certification such as CISSP, CISM, CISA, CCP, CRISC, ISO27001 Lead Implementer/Auditor or willingness to work towards these