Security Risk and Assurance Specialist

Bristol, Flexible, York, Norwich, London (UK)
salary up to £50,000
18 Mar 2021
17 Apr 2021
IT, Internet
Contract Type
Full Time

Aviva UK are now looking for a Security Risk and Assurance Specialist to join our Global CISO team. This CISO Governance Risk and Compliance (GRC) team have a recent mandate to provide a centre of excellence for all Cyber Governance, Risk, Assurance and Standards & Controls disciplines across Aviva globally.

This specialist position is required to specifically provide technical support to the CISO Risk & Assurance Lead with day-to-day information risk consultancy, advice and guidance. They will also support the Cyber Portfolio in relation to prioritisation of risk mitigation activities, tracking of risk tolerance and reporting - while supporting the design, implementation and maintenance of control assurance frameworks.

Aviva introduced "smart-working" in 2020, and the person in this role can be based anywhere in the UK, as long as they are comfortable regularly travelling to our Bristol (preferred), Norwich, London or York offices.

The role's duties & responsibilities:

  • Providing robust security control assurance expertise into the Global CISO function, specifically with regards to management of cyber and technology related risks and controls, operation of the enterprise risk frameworks and risk management tooling
  • Generating security assurance reporting, based on empirical data and SME analysis to provide independent oversight of control operational efficiency and design adequacy
  • Supporting the adoption of an end-to-end risk lifecycle and providing the necessary support and mentorship to facilitate this within the organisation
  • Handling information-security issues and providing advice, support and direction
  • Supporting development & maintenance of our Security Risk framework and associated documentation in accordance with the operational risk and controls management (ORCM) framework
  • Driving consistency in approach to risk assessment, management and reporting on Cyber Risk across CISO and associated specialist functions
  • Actively engaging in the implementation of a control assurance model, seeking to provide qualitative and quantitative validation of control design and efficiency

Skills & experiences required:

  • Proven working knowledge of Cyber Risk Management, IT Risk Management or Information Security
  • Robust experience working with security controls frameworks (ISO/ISF/NIST) and their application within a financial services/insurance environment
  • Broad experience of security management concepts built up over time in dedicated technical, security, risk, assurance or control testing roles
  • Experience of working independently to solve problems, design solutions and motivate change
  • Track record of working with and presenting to senior partners
  • Industry relevant qualifications (CISM, CRISC, CISSP, ISO 27001 Lead Implementer) are desirable

What will you get for this role?

  • A salary up to £50,000 depending on location, skills, experience and qualifications
  • Generous defined contribution pension scheme
  • Annual performance related bonus and pay review
  • Holiday allowance of 29 days plus bank holidays and the option to buy/sell up to 5 additional days
  • Up to 40% discount for some Aviva products through "My Aviva Extras" plus discounts for Friends and Family (some exclusions apply)
  • Excellent range of flexible benefits to include a matching share save scheme

Working at Aviva

At Aviva, we're people with a purpose. To be with you today, for a better tomorrow.

We bring this to life by ensuring managing risk is at the heart of the way we all work. We love people who do the right thing for our customers, and our colleagues. We want people who speak up, who take ownership, and who make good decisions.

The way we do this is important too, we're all about our people - that's you - so we can be pretty flexible. If you want to work from home some of the time or change your hours so you can pick up your kids or care for someone in your family, we're very open to that. In fact, we don't advertise roles as either part or full time, because we know each person has different needs, just as each business area has different needs. So, it's up to you to discuss working hours during your interview.

We care deeply about being inclusive and that means we encourage applications from people with diverse backgrounds and experiences. We want our employees to bring their whole self to work and that starts with you.

We interview every disabled applicant* that meets the minimum criteria for the job. Once you've applied, please send us a separate email stating that you have a disclosed disability and we'll make sure we interview you.

We'd love it if you could submit your application online. If you require an alternative method of applying, please give Daniel Hopchet a call on 0121 234 7625 or send an email to .

*As defined in The Equality Act 2010. By 'minimum criteria' we mean you should provide us with evidence which demonstrates that you generally meet the level of competence required and have the qualifications, skills or experience defined as essential to perform the role.