Information Security Consultant
Information Security Consultant
As an Information Security Consultant within the Global Assessment Team, reporting to the Information Security Governance, you will work with local, regional and Group IT functions, IT Service Providers and Zurich business functions to manage Compliance, Information Security and IT Risk to support the Business objectives of the Group.
Your main focus will be providing subject matter expert consultancy to projects and business initiatives; supporting them in the successful delivery of solutions aligned with company standards and recognised best practice. You will work with our key vendors to assess their IT controls, commitment to their compliance and security obligations, and manage next steps. You will work with our security, compliance, legal, risk and procurement professionals to enforce compliance and escalate issues.
You will have the opportunity to drive process improvement and support the ongoing development of less experienced staff through coaching and knowledge sharing.
Assist with complex projects to identify business and technical security requirements, design security controls and test their effectiveness
Provide consultancy to major projects and services on effective mitigation of risks, and control implementation
Review and support requests for vendor security due diligence assessments
Maintain, manage and monitor compliance to the internal control frameworks such as the IT Risk Standards / CITCC, ICF / RMC and regulatory / legal and other obligations / requirements
Apply and support IT security, risk and compliance technologies. Provide support of policy / standards exceptions, report status to management and advice on corrective actions
Assess operational risks and perform tactical risk assessments within the organization
Assist coordination and implementation of appropriate IT governance, metrics collection, and reporting capabilities for vendors and across Group IT
Provide consultancy for analysis and identification of broader systemic issues within the organization based on results of security metrics information
Provide guidance on implementing IT compliance control objectives and provide/ support gap analysis
Track timely closure of identified control gaps and actively support action owners during issue remediation
Provide input to improve efficiency and effectiveness of IT Security Governance Services and Group Information Security (GIS) processes
Partner with regional stakeholders, e.g Group IT functions, Group Risk Management, Group Compliance, Group Audit and business leaders
Requires occasional travel to; Corporate Center (Zurich), the business division headquarters (Schaumburg, Los Angeles, Swindon, etc depending on role location); travel will typically not exceed 5%.
Bachelor’s Degree or equivalent in Business, Computer Science or a related field
Minimum 5 years professional experience including 2+ years IT security / cyber
- Experience with Security Assessments
Strong knowledge of information security concepts and current information sourcing and security trends and practices
Knowledge of control frameworks such as NIST, SANS CIS and ISO 2700x
Ability to understand and interpret architectural diagrams
Experience of implementing and auditing ISMS
Experience of assessing Cloud infrastructure
Certification such as CISSP, CISM, CISA, ITIL, etc. are preferred
Experience with working across business unit and geographical boundaries to engage team members required
- Strong communication skills
Strategic orientation with the ability to act tactically as required
- Ability to build strong working relationships
- Ability to work independently
Knowledge of GRC automation tools such as RSA/Archer Suite or similar products and tools.
We offer an excellent lifestyle benefits package which includes –
- Industry leading Defined Contribution Pension scheme where employer contributions are 12 % of base salary
- 25 days holiday per year, plus an additional 3 volunteering days
- Full private medical cover
- Annual company bonus
- Company car/car allowance
- Discounted gym membership
- Discounted gadget insurance
- Discounted technology offers
- Virtual GP appointments
- Free flu jab
- Discounted will writing service
- Home workers allowance
- Plus many more!
With about 55,000 employees serving customers in more than 170 countries we aspire to become the best global insurer as measured by our shareholders, customers and employees. If you're interested in working in a dynamic and challenging environment for a company that recognises and rewards your creativity, initiatives and contributions - then Zurich could be just the place for you. The success of our business is built on the contributions of our highly talented employees - people who work every day to position us at the forefront of the insurance industry. We therefore look to hire great people and we encourage those people to give their best.
You’ll feel the support of being part of a strong and stable company. A long-standing player in the insurance industry, we make every effort to address the career development needs and plans of our employees to ensure their success in the future.
At Zurich, we aim to have a diverse mix of employees that reflects our customers and the communities in which we live and work. Zurich is a workplace that values different opinions, respects personal needs, and provides equal opportunities for all, regardless of age, gender, race, religion, disability, marital status, gender identity, pregnancy/maternity status and sexual orientation. Our approach ensures that Zurich is a place that values different opinions, respects personal needs, and provides equal opportunities for all. We are committed to continuous improvement and we offer access to a comprehensive range of training and development opportunities. Zurich is passionate about supporting employees to help others by getting involved in volunteering, charitable and community activity through the Zurich Community Trust.
So make a difference. Be challenged. Be inspired. Be supported, Love what you do. Work for us.