Information Security Risk & Consulting Lead

BELONG. There’s no place like Principality.

Our home is your home. So, when you decide to join the team, we’ll go further to bring you the warmest of welcomes. From a friendly and inviting environment to a flexible benefit package designed around you – when it comes to belonging, there really is no place like Principality. We keep it flexible wherever possible; we encourage you to look after yourself; we do our bit in the communities we serve and support you in doing the same, and we promise to get better together.

Some reasons you may want to consider working with us; we have an award-winning flexible/hybrid working policy, we’re a 2022 winner of UK Best Large Workplaces for Women, we have a refurbished hi-tech office in the centre of Cardiff designed around colleague feedback, we ranked number 6 for wellbeing in 2022,  we have an extensive financial and well-being benefits package ‘’Belong’’ designed to put our people first, we have consistent colleague engagement scores of over 85% and a caring community of supportive Networks. But that’s not all, discover why there’s really no place like Principality; https://www.principality.co.uk/careers

Our Information Security team are hiring an Information Security Risk & Consulting Lead. Reporting directly to the Information Security Manager, the role will be to provide specialist information security risk management advisory and oversight.

The Information Security Risk & Consulting Lead will engage with internal and external stakeholders to ensure information, application, cyber security, threats, and risks are identified and treated through the implementation of an appropriate controls, which align to business and regulatory requirements, which supports operational and change initiatives.

Responsibilities:

• Providing first line oversight and challenge of application and secure development change requests.
• Reviewing and updating information security policies, standards, procedures, governance requirements and risk assessments.
• Being a Subject Matter Expert (SME) support in relation to the development of, Cloud and Application Security.
• Reviewing high level and key design decisions, architectural and infrastructure security solutions, in relation to but not limited to, AI, mobile and system Applications.
• Collaborate with multiple teams to advocate secure systems development lifecycle (SSDLC) practices, secure by design principles, with alignment to DevSecOps security patterns and use cases.
• Drive improvements in security within the change process.
• Providing scoping, and scheduling of Penetration testing, via internal SME’s and External trusted providers.
• Preparing security risk/impact assessments, reports, measurement indicators (MI), presentations and high-level summaries for key stakeholders.
• Perform frequent research and attend industry events to maintain a good understanding of current security guidelines, frameworks and trends.

Essential Criteria:

• The ability to communicate effectively across all areas of the business and levels of management.
• Ability to write reports and implement policy, procedure and guidelines, in alignment with Regulatory and good practise requirements.
• Conduct and write reports in relation Cyber risk assessments, which follow frameworks such as CSF.
• Interpret and advise on current standards and guidance such as, but not limited to NCSC, OWASP and NIST.
• Good analytical skills and ability to demonstrate discretion and confidentiality in highly sensitive situations.
• The ability to work independently and as part of the Information Security team.

If you have any questions in relation to this role, please contact the recruitment team at -recruitment@principality.co.uk

‘’We are passionate about creating an inclusive workplace where diversity is celebrated and where colleagues feel a sense of belonging’’ Daniel Priest, Inclusion Manager. But don’t just take our word for it, see what our colleagues say about working here too; Careers (principality.co.uk)