Our opportunity
As an Information Security Consultant within Group Cyber and Security you will work with local, regional, and global IT, Service Providers and Zurich business functions to manage compliance, information security and IT risks to support the Business objectives of the Group.
As part of this role, you will provide subject matter expertise and consultancy to projects and initiatives of varying size and complexity, with a focus on embedding “security by design” whilst supporting innovation. You will also provide Information Security advisory and Information Risk based consultancy through multiple channels within Zurich.
Your role
As an Information Security Consultant your main responsibilities will involve:
1. Provide consultancy to major projects and services on effective mitigation of risks, and controls implementation.
2. Assist with complex projects to identify business and technical security requirements, design security controls and test their effectiveness.
3. Apply and support IT security, risk, and compliance technologies.
4. Carry out control assurance for IT Service providers.
5. Provide regional support and co-ordination for audit and other assurance processes.
6. Contribute to IT Security/IT risk frameworks that serve as a basis for regulatory compliance, internal control processes and management of IT Security and IT risk.
7. Initiate and maintain IT Security and IT risk management procedures.
8. Ensure compliance with IT related policies and regulatory requirements; develop plans to remediate compliance gaps.
9. Facilitate and take part in regular global IT Security and IT risk/control assessment initiatives.
10. Support security event monitoring and incident response processes
11. Work with the adoption of new Digital technologies and platforms across Zurich
Your Skills and Experience
As an Information Security Consultant your skills and qualifications will ideally include:
12. Bachelor’s Degree or equivalent in Computer Science or related subject
13. Understanding of security requirements for cloud environments (predominantly PaaS & SaaS); experience with O365, Azure & AWS would be an advantage.
14. Familiar with the concepts of Security by Design, DevSecOps and Infrastructure as Code
15. Experience with technical components of a network infrastructure
16. Good understanding of Information/IT governance and risk management
17. Excellent communication skills, being able to take part in meetings and provide expert advice.
18. Proven experience with common information security controls / management frameworks, such as the NIST Cyber Security Framework and ISO27000
Preferred Qualifications
19. Professional Security Qualification - CISSP, CCSP (or other similar cloud security qualification)
20. Knowledge & Experience of working with new digital technologies & platforms.
21. Experience as an Information/IT Security/Risk Consultant for International Companies
22. Familiar with Agile project management methodologies