What we're looking for:
At Direct Line Group, we continue to unleash the power of technology to disrupt the insurance market and our Information Security, Risk and Assurance team is at the heart of this! Working to provide the kind of experience and services that wow our customers, we are delivering a set of ambitious plans to transform our technology for the future, evolving the systems, platforms and infrastructure that our people use day-to-day.
Are you a Cyber Security Compliance professional with a background in Information Security? We’re hiring for a Cyber Security Compliance Manager to join us here at DLG on a 12 month Fixed-Term Contract.
Whether you have insurance background or not, we are more interested in your experience of managing and delivering within PCI compliant environments. What’s important is that you are a critical thinker with a curious mind who enjoys challenging the status-quo. If you meet this profile then we would love to hear from you!
Who you'll be working with:
A member of the Cyber Oversight Squad which sits within the Security & Resilience CoE, you will report directly to the Product Owner. You’ll be responsible for ensuring on going Cyber Security compliance and facilitation of the annual Payment Card Industry (PCI) Data Security Standard (DSS) assessment. The role will entail interaction with key third-party suppliers and business functions to ensure capabilities are aligned with existing requirements and being aware of forthcoming changes.
We are moving into Agile ways of working. This comes with immense potential to learn, develop your skills as you initially see us through a very exciting time of change. You will be valued and looked to for inspiration, with clear goals and autonomy as well as leadership focus being part of your daily role.
What you'll be doing:
Collaborating across the enterprise and key third parties to ensure that they fulfil obligations and maintain required standards to enabling DLG’s on-going Cyber Security compliance. This will include managing the relationship and interaction with third party Qualified Security Assessors (QSA), Payment Application Qualified Security Assessors (PA-QSA) and ASV security experts.
Providing technical leadership on security technology and compliance standards and defining the principles and standards that guide decisions for the enterprise.
Supporting third parties, internal DLG governance and business functions as the key PCI DSS advisor including supporting third party due diligence processes to embed PCI DSS control requirements in new contracts and service agreements.
Providing status reports for consistent findings and proposed solutions.
Defining Key Performance Indicators (KPIs)/Key Risk Indicators (KRIs) and reporting to the Product Owner
What we’ll give you:
Come join us and you’ll find yourself in the middle of one of the most on-the-go teams in the business, with autonomy and exposure to industry leaders on huge household brand names. We are always encouraging internal development and you’ll have access to loads of learning opportunities, events and conferences to build your industry knowledge.