Technical Security Consultant - Halifax, Canada - Admiral Insurance

Description

Note:
This is a work from home position in Nova Scotia. Intended for Nova Scotia residents working remotely with access to our Halifax office.

• Technology is at the heart of driving Admiral's business._

About Admiral Tech
With a history of innovation, UK financial services leader Admiral Group are expanding their world-class Tech department to Canada.

From Cloud through to DevOps, our Technology department consists of over 600 people and is an exciting and fast-paced environment to work in.

If you're looking for a technically challenging and rewarding role, with outstanding support and opportunities for progression, you've come to the right place.

About Admiral Canada

• We're more than you think._

One of the UK's most recognizable insurance and financial service providers, Admiral offers insurance, loans, and various other products to over 9.1 million international customers.

In 2007, Admiral launched its Canadian office in Halifax with a small group of 20 staff. Today, we employ 500 people throughout Nova Scotia who support our UK customers with home and motor insurance policies.

We've been recognized as one of Canada's Great Places to Work every year since 2010 and named one of Nova Scotia's and Atlantic Canada's Top Employers annually since 2015.

In 2023, the Great Place to Work Institute ranked Admiral as the 2nd Best Workplace in Canada.

The next chapter in the Admiral Canada's success story is bringing Admiral Tech to Canada. This role is an exceptional opportunity to be the architect of Admiral Tech in Canada and influence its foundation.


About the Job

We are looking for a consultant to work as part of our Security Consultancy team to support the delivery of business change as we move capabilities to the cloud in a scaled agile environment with a strong and evolving DevSecOps approach.

Work to support fast-paced change in an exciting and growing business as Admiral continues to develop its offerings placing the customer at the centre of everything we do.

Responsibilities & Duties:

• Understand the Strategic Business Objectives, actively contribute to achieving them.
• Provide technical security consultancy to the change delivery functions agile & waterfall.
• Assess and improve security posture in CI/CD pipelines.
• Support the Security Champions Programme and DevSecOps.
• Liaise with technical stakeholders within Agile Tribes, Projects, and Programmes.
• Assess changes for technical vulnerabilities, threat models, assess security risk exposure, and identify appropriate controls to bring the risk within tolerance.
• Engage effectively with specialists in Security Architecture, Security Operations, Security Culture, Security Delivery, and Security Risk and Governance teams to ensure completeness and consistency of the advice provided to delivery functions.
• Ensure advice provided is of a high standard and based on best practice, supported by Security Leadership and within the cost and risk tolerance of the organisation.
• Work closely with specialists in Security Operations to build operational use cases for detect and respond capabilities, ensuring logging and monitoring, incident response, and threat intelligence are considered, tested, implemented, and validated in security requirements.
• Following the analysis and resolution of security incidents, work closely with all areas of Infosec to continuously improve recommendations to minimize the likelihood and/or impact of future incidents.
• Act as a champion for information security initiatives and maintain high standards of integrity and professionalism.
• Delivering risk assessment reports, threat modelling, and risk treatment recommendations in a timely and repeatable manner.
• Contribute to, and maintain, an effective risk management mechanism to ensure that system owners have an accurate and current view of information risk exposure.
• Meeting the InfoSec strategic objectives.
• Continuously develop technical security skills and capabilities in line with the organisation's strategic objectives.

Experience and Qualifications Required

Essential skills

• Technical background, with knowledge of one or more of the following, Development, IT support, Data Science, networking or system administration.
• Understanding of Cloud migration and Application Security development lifecycle and DevSepOps principles, automation, and familiarity with security architecture modelling.
• Knowledge and experience of securing Azure and/or Google Cloud Platforms.
• Knowledge and experience of using at least one risk methodology.
• Security Software as a Service implementations.
• Strong stakeholder management and communication skills and a proven track record of working with businesses to meet strategic objectives.

Desirable

• Experience of threat modelling, risk/posture assessments, and control implementation.
• Educated to degree level related to information security risk management.
• Experi