Technology Risk Consultant

The role

What we are looking for:

At Direct Line Group, we continue to unleash the power of technology to disrupt the insurance market and our Information Security, Risk and Assurance team is at the heart of this! Working to provide the kind of experience and services that wow our customers, we are delivering a set of ambitious plans to transform our technology for the future, evolving the systems, platforms and infrastructure that our people use day-to-day.

Do you have a background in technology risk/information security/IT Audit? We are hiring for a Technology Risk Consultant to be our IT Risk SME for the CISO and Technology Services functions, conducting IT risk assessments across multiple technology areas and recommending and facilitating appropriate responses.

If you possess strong analytical skills with experience in undertaking risk assessments, identification, modelling and reporting in a technology environment, then we would love to hear from you!

Who youll be working with:

Working alongside the Technology Risk Analysts, Technology Risk Consultants and Technology Risk Managers, you will sit within the Technology Resilience and Risk Squad within the Security and Resilience Chapter.

We are moving into Agile ways of working. This comes with immense potential to learn, develop your skills as you initially see us through a very exciting time of change. You will be valued and looked to for inspiration, with clear goals and autonomy as well as leadership focus being part of your daily role.

What you'll be doing:

Identify and draw out emerging and operational technology risks through discussions, workshops, relevant meetings, thematic reviews and engagement with projects and programmes

Undertake technology risk assessments and manage technology risks, master action plans and events in the group Risk Management System

Modelling and continuous improvement of the risk profile, through the development of quantitative risk measurement methodologies

Engage with the Enterprise Risk team (2LoD), Internal Audit and senior stakeholders across the business to ensure Technology Services and Information Security functions operate within the defined risk appetite and issues are remediated within the specified timelines

Ensure agility and continuous integration/deployment by embedding risk management and regulatory compliance into operating environment and organisational culture

What you'll need:

Solid grasp of security technologies and processes, including network and application firewalls, host and network intrusion prevention, anti-virus, advanced endpoint protection, cryptography, public key infrastructure and identity management and federation

Experience in infrastructure, application and cyber security architecture, technical risk and vulnerability assessments and/or managing issues identified from penetration testing

Experience of working within a cloud environment and Agile/DevOps methodologies

What well give you:

Come join us and youll find yourself in the middle of one of the most on-the-go teams in the business, with autonomy and exposure to industry leaders on huge household brand names. Were always encouraging internal development and youll have access to loads of learning opportunities, events and conferences to build your industry knowledge.