Henry Nicholas are proud to be working with the UK’s most trusted, market leading Insurance organisation, in supporting the expansion of their internal Security function.

We are looking for 2 information security professionals to join the newly developed Security Controls team. The role involves working with internal stakeholders, external consultants and external suppliers to ensure that all suppliers are assessed or on-boarded with appropriate due diligence or security maturity identification.


This is a global suite of services provided as a front office function regarding everything supplier related  and would suit candidates with a strong Information Security GRC background/ Risk Assurance background.


The experience we need:

Essential:

• A recognised security certification such as CISSP, CISA or CISM is desirable.
• In depth experience in an information security related role    Experience of conducting TPSA’s (Third-party security assessments)
• Good knowledge of all domains within security e.g. BCM, Physical, GDPR/Data Protection, Cloud, Security Management.
• Ability to explain technical complex concepts to non-technical stakeholders and suppliers.
• Experience of conducting high level assessments and deep dive multi-day assessments or audits.
• Ability to produce high quality audit or assessment reports.
• Experience in similar role for a complex global organisation (insurance or financial services sector preferred).

Nice to have

Previous experience with Archer is advantageous but not essential.

The role

The role will form part of the existing company PMO function within the newly created Security Controls team. The role will focus on providing a clear line of sight between effective due diligence of a supplier and financial loss or reputational damage as a result of a data breach. National and international travel will be required to conduct assessments from time to time.



Key responsibilities:

• Working as part of a global team to provide supplier data security advice and mentorship.
• Providing subject matter expertise on all new supplier on-boarding activities including due diligence testing and security schedule contract negotiation.
• Performing on-site Third-Party Security Assessment (TPSA) assessments of all critical suppliers within the UK & Ireland, Europe and worldwide that transmit, process or store related data.
• Working with existing and new suppliers to confirm exit strategy, data retention and data return measures.
• Assisting with back-office functions and activities including TPSA scheduling, PMO, reporting and remediation tracking.
• Assisting the team in a continuous improvement regime.
• Working collaboratively with teams from other disciplines within the business and with the supplier.
• Leading concurrent complex activities to short timescales.
• Timeliness of responding to supplier queries.
• Delivering on new supplier on-boarding completion.
• Delivery of on-site TPSA reports.
• Delivering key MI to support the reporting function across markets.

What you’ll get in return



What will you get for this role?

• Competitive salary depending on skills, experience and qualifications.
• Generous defined contribution pension scheme.
• Annual performance related bonus and pay review.
• Holiday allowance of 29 days plus bank holidays and the option to buy/sell up to 5 additional days.
• Up to 40% discount for some company products through plus discounts for Friends and Family.
• Excellent range of flexible benefits to include a matching share save scheme.

If the opportunity appeals to you and you would like to learn more or be considered for the position, hit apply!