Career Opportunities at OUTsurance -(2 Positions)

Job Description
Responsibilities

As the Cyber Defence Team Manager, you will be responsible for but not limited to the below:

• Responsible for overseeing all security incident investigations to ensure that incidents are thoroughly & timeously investigated.
• Facilitate and/or oversee the implementation of countermeasures to mitigate any identified deficiencies.
• Deployment or assist with deployment of technical solutions for detecting & preventing potential threats.
• Ensure all relevant hosts & sources are monitored across the environment, including cloud and on premise.
• Ensure that all new critical security log sources are ingested into the relevant SIEM.
• Ensure adequate activity log retention on all critical systems, apps & infrastructure appliances for investigation purposes in the event of a breach.
• Identify important elements of threats (behaviours, tools, targeting, etc.) and use this knowledge to build detections.
• Fine tune existing IoCs to reduce false positives.
• Mature the company’s Cyber Incident response plan & processes.
• Take ownership of incident response playbooks.
• Initiate the incorporation of the Mitre ATT&CK framework into relevant processes and procedures.
• Facilitate/coordinate regular cyber breach simulations with internal teams & EXCO.
• Monitor and report on effectiveness of key security countermeasures.
• Run regular phishing simulations using the company’s security awareness solution.
• Develop a Cyber Security awareness program and implement a Cyber Security Awareness solution to support the program

Competencies

The successful individual would need to demonstrate the below listed competencies at an advanced level:

• 'Can do' attitude, comfortable dealing with ambiguity, resilient, strong team player, committed to continuous improvement
• Very strong interpersonal skills and the ability to build relationships
• Problem-solving with strong decision-making mind-set
• Takes initiative and works under own direction
• Engages professionally
• Adapts and responds positively to change
• The ability to multitask and handle stress to meet project deadlines
• Enthusiasm, energy, determination and a passion for improving client experience through digital platforms
• Works meticulously always demonstrating a very high level of attention to detail
• The ability to multitask and handle stress
• Strong problem solving skills and willingness to roll up one’s sleeves to get the job
• Excellent written and verbal communication skills
• Ability to communicate effectively with management

Qualifications
Qualifications and experience

• 7 years’ experience in an information security role.
• 3 years’ experience as a Team manager or similar position in Cyber security.
• Experience with malware analysis, vulnerability exploitation, network exploitation, network attacks, network traffic analysis and social engineering.
• Experience in using a variety of tools, e.g. EDR, PassiveTotal, Wireshark, Joe Sandbox.
• Familiarity and understanding of basic SQL and KQL queries.
• Proven knowledge of security fundamentals across Microsoft platforms (client, server and cloud).
• Strong knowledge of networking principles and standard protocols.
• Strong knowledge of Windows and Linux.
• At least one of the following technical security accreditations: CISSP, CEH, OSCP, GIAC.

go to method of application »

Job Description
Responsibilities

As the Head of Information Security, you will be responsible for but not limited to the below:

• Leadership, management and mentoring of the Information security area and its respective teams.
• The maintenance and maturing of the security operating model and its underpinning processes and practices.
• Responsible for defining, prioritising and driving the overarching yearly Cyber Security plan as well as the supporting plans, e.g. security pen test and security awareness programs.
• Driving the operational effectiveness and application of the Group Cyber Security framework for OUTsurance.
• The development and maintenance of security standards, guidance and playbooks.
• Accountable for the effective and reliable identification, detection and resolution of Cyber security incidents.
• Accountable for preparation of the quarterly Cyber Security Forum presentations as well as chairing the Forum.
• Working together with the relevant teams to complete questionnaires, assessments and impact studies related to requests from e.g. the Regulator & Group Cyber benchmarking assessments.
• Responsible for managing and monitoring third parties supplying Cyber security solutions and services.
• The measurement and reporting on the efficiency and effectiveness of cyber security controls.
• The identification and monitoring of environmental, threat, and technology trends to optimise the effective short- and medium-term deployment of cyber security controls, contributing to the strategic security roadmap.

Competencies

The successful individual would need to demonstrate the below listed competencies at an advanced level:

• 'Can do' attitude, comfortable dealing with ambiguity, resilient, strong team player, committed to continuous improvement
• Very strong interpersonal skills and the ability to build relationships
• Problem-solving with strong decision-making mind-set
• Takes initiative and works under own direction
• Engages professionally
• Adapts and responds positively to change
• The ability to multitask and handle stress to meet project deadlines
• Enthusiasm, energy, determination and a passion for improving client experience through digital platforms
• Works meticulously always demonstrating a very high level of attention to detail
• The ability to multitask and handle stress
• Strong problem solving skills and willingness to roll up one’s sleeves to get the job
• Excellent written and verbal communication skills
• Ability to communicate effectively with executive management

Qualifications

• 9 years’ experience in  Cyber Security of which at least 5 years should’ve been in leading technical and operational security functions and teams.
• Strong security and technical background.
• Practical experience to implement industry best practices and frameworks.
• Strong people skills and experience of building, managing and upskilling teams of specialists to meet the objectives of the Cyber security plan.
• Work closely with the IT Risk Team to ensure Cyber risks are captured & maintained in line with the Group Risk Management framework. 
• Relevant security accreditation and certifications, e.g. CISSP, CISM, CISA, CCSP. 
• Your technical background should cover a wide spectrum of security engineering and operational security skill sets. This must include but is not limited to experience (preferably hands on and technical experience) in the following areas:
• Cyber Engineering: including gateway firewalls, Web Application Firewalls (WAFs), MFA, Internet proxies and security architecture & design.
• Offensive Security: Infrastructure, internal, external, web, mobile, API and cloud pen testing.
• Application Security: Secure coding solutions, training and awareness on secure coding best practices.
• Defensive Security: Cyber incident response & management, including incident breach simulations.
• Cyber Operations: Endpoint security (e.g. security client maintenance & endpoint hardening), Vulnerability management, EDR management, log retention strategy & implementation.  
• Cyber Governance: Data loss prevention, maintain & expand Cyber security metrics, 3rd party security assessments, drafting new & expanding existing cyber policies & procedures.