Job Description
Role Title: Privileged Access
What is this job really like?
The Security Engineer reports to the Head of Cyber Engineering and Operations within the Intact Insurance UK CISO team. The role will play a key part in ensuring Security configurations and controls are secure and in line with risk appetite.
This role forms a critical part of our Cyber Defence and will work closely with key functions across CISO and CIO, including our Core Technology and Operations, Cloud Centre of Excellence (CCo E) teams, Dev Ops and our Attack Surface Management, SOC/Incident response, Threat Intelligence and Security Engineering teams. The role will be accountable for ensuring that security controls and platforms are secured and protected in line with policy and standards. Ensuring measures are in place are that are ensuring compliance and delivery of security over these platforms.
As part of the Cyber Engineering and Operations team within Intact Insurance UK, you will be experienced in managing services and enabling delivery with experience across a broad range of domains:
Excellent knowledge of securing It Security Engineering and operations in a variety of environments including physical and cloud;
Experience in working across a range of internal and external third-party delivery teams;
Solid understanding of SDLC, including Agile methodologies.
Act as conduit between CIO and CISO, with responsibility to ensure designs are compliant with security standards, policies and strategy.
Jobholders are typically responsible for?
Ensure privilege is secure and controlled.
Ensure full coverage of privileged controls across both physical and cloud environments
Working directly with internal and third-party providers to ensure new solutions meet security standards and are covered by required controls
Ensure metrics for PAM are defined, maintained, and measured for accountable services and platforms.
Providing guidance on Privileged Access Management.
This job will typically be measured with the following KPI’s
PAM Service coverage, reliability and effectiveness.
Reduction in attempts to ‘bypass’ PAM controls and services
Major programmes and projects compliant with PAM control requirements as part of their deliverables.
Reduction in the volume of incidents relating to the inappropriate use of privilege on platforms and services.
Jobholder Requirements:
Excellent knowledge of IT Infrastructure
Excellent knowledge of securing privilege across hybrid environments
Excellent knowledge of Security principles
Good knowledge of security CIS principles and standards
Experience in managing third parties including MSSPs
Relevant security qualifications or experience (e.g. CISSP, CSSP, etc)
Excellent documentation and presentation skills
Regulatory Requirements:
Industry codes of practice
Relevant legislative and regulatory requirements including DPA/GDPR, PCI-DSS, NI52-109 and FCA guidance.
A good contributor in this role will typically be able to demonstrate
Core Skills and Knowledge
Influencing others – Advanced
Building Effective Relationships – Advanced
Making Change Happen – Intermediate
Planning – Advanced
Understanding IT / IS – Advanced
Using Judgement – Advanced
Leading People – Intermediate
Communicating Effectively (written / verbal) – Advanced
Presentation skills – Intermediate
Able to report on risks and issues to less technical stakeholders.
Positive can-do attitude and strong attention to detail.
Motivated by engaging with modern cyber attacks.
Functional Skills and Knowledge
Infrastructure security – Advanced
IT Risk / IT Audit / IT Controls – Intermediate
Financial Services experience
Knowledge of emerging technologies
Track Record
Preferably 3 years of experience within Financial Services actively working with cyber security tooling
Experience in delivering threat intelligence services within large organisations
What is this job really like?
The Security Engineer reports to the Head of Cyber Engineering and Operations within the Intact Insurance UK CISO team. The role will play a key part in ensuring Security configurations and controls are secure and in line with risk appetite.
This role forms a critical part of our Cyber Defence and will work closely with key functions across CISO and CIO, including our Core Technology and Operations, Cloud Centre of Excellence (CCo E) teams, Dev Ops and our Attack Surface Management, SOC/Incident response, Threat Intelligence and Security Engineering teams. The role will be accountable for ensuring that security controls and platforms are secured and protected in line with policy and standards. Ensuring measures are in place are that are ensuring compliance and delivery of security over these platforms.
As part of the Cyber Engineering and Operations team within Intact Insurance UK, you will be experienced in managing services and enabling delivery with experience across a broad range of domains:
Excellent knowledge of securing It Security Engineering and operations in a variety of environments including physical and cloud;
Experience in working across a range of internal and external third-party delivery teams;
Solid understanding of SDLC, including Agile methodologies.
Act as conduit between CIO and CISO, with responsibility to ensure designs are compliant with security standards, policies and strategy.
Jobholders are typically responsible for?
Ensure privilege is secure and controlled.
Ensure full coverage of privileged controls across both physical and cloud environments
Working directly with internal and third-party providers to ensure new solutions meet security standards and are covered by required controls
Ensure metrics for PAM are defined, maintained, and measured for accountable services and platforms.
Providing guidance on Privileged Access Management.
This job will typically be measured with the following KPI’s
PAM Service coverage, reliability and effectiveness.
Reduction in attempts to ‘bypass’ PAM controls and services
Major programmes and projects compliant with PAM control requirements as part of their deliverables.
Reduction in the volume of incidents relating to the inappropriate use of privilege on platforms and services.
Jobholder Requirements:
Excellent knowledge of IT Infrastructure
Excellent knowledge of securing privilege across hybrid environments
Excellent knowledge of Security principles
Good knowledge of security CIS principles and standards
Experience in managing third parties including MSSPs
Relevant security qualifications or experience (e.g. CISSP, CSSP, etc)
Excellent documentation and presentation skills
Regulatory Requirements:
Industry codes of practice
Relevant legislative and regulatory requirements including DPA/GDPR, PCI-DSS, NI52-109 and FCA guidance.
A good contributor in this role will typically be able to demonstrate
Core Skills and Knowledge
Influencing others – Advanced
Building Effective Relationships – Advanced
Making Change Happen – Intermediate
Planning – Advanced
Understanding IT / IS – Advanced
Using Judgement – Advanced
Leading People – Intermediate
Communicating Effectively (written / verbal) – Advanced
Presentation skills – Intermediate
Able to report on risks and issues to less technical stakeholders.
Positive can-do attitude and strong attention to detail.
Motivated by engaging with modern cyber attacks.
Functional Skills and Knowledge
Infrastructure security – Advanced
IT Risk / IT Audit / IT Controls – Intermediate
Financial Services experience
Knowledge of emerging technologies
Track Record
Preferably 3 years of experience within Financial Services actively working with cyber security tooling
Experience in delivering threat intelligence services within large organisations
Apply for this Position
Ready to join ? Click the button below to submit your application.
Submit Application