Security Control Assessment Specialist

  • IAG
  • National, Nati
  • 15/08/2019

Job Description

#Closer #Braver #Faster

The Role

IAG’s strategy is to build our digital DNA and create the best digital insurance and ancillary company globally by moving towards more open systems and connecting with partners. In doing this IAG needs to ensure that our uplift in Digital capability is matched with a major uplift in our information security capability.  The purpose of this role is to help protect IAG’s digital and information assets by ensuring continued operation of assessment solutions as well as validation of required cyber controls through security certification / assessment. A major sophisticated cyber-attack against IAG could have a catastrophic impact on the business, and this team is one of the main lines of defence against such an attack. This role will see you utilise your passion for cyber security.

Key Responsibilities

  • Remediation Management: active tracking and monitoring of vulnerabilities detected via automated security scanning tools and manual security testing processes and working with Vulnerability Owners to define treatment plans and implement remediation solutions in accordance with Cyber Security standards.
  • ‘Secure@Build’ is a certification process that involves assessing the security of solutions at the build stage, to verify alignment of the as-built controls with those specified in the upstream architecture and detailed designs.
  • Third Party Security Assessment: ensure that third parties comply with legislative, regulatory and internal security requirements by conducting assessments of systems and/or processes.
  • Rogue IT Detection: identify and manage instances of Shadow IT and work with the Cyber Strategy & Governance team to identify high risk implementations and ensure that treatment plans are created.
  • Reporting & analytics: update and maintain Assessment dashboards and assist the Cyber Security Assessment team to develop and implement regular reports that showcase how Assessment positively affects the overall risk profile.
  • Process Improvement: identify practical improvements to processes and automation opportunities that would improve agility and allow greater utilisation of self-service capabilities.

Skills & Experience

  • A tertiary degree in Engineering, Computer Science or related discipline is essential.
  • 3+ years’ experience working in corporate environments.
  • Thorough understanding of Cloud and other Security Standards / Frameworks e.g. CSA CCM, NIST CSF, ISO 27001, PCI-DSS
  • Proven experience working with Vulnerability Management technologies such as Tenable and Qualys, and with designing and operating processes around vulnerability remediation and management.
  • Proven experience designing manual and automated test procedures to validate whether a range of security controls are operating effectively, including identity & access management, logging, incident response integration, system hardening and disaster recovery.
  • Proven experience working with ticketing and orchestration solutions such as ServiceNow and JIRA.
  • Experience designing and testing security control operating effectiveness in AWS or Azure highly regarded.

About Us

At IAG, we believe that everyone has a unique point of view to share, shaped by their life experiences, cultures & passions. We celebrate and commit to:

#Proud to be me – we value difference, not sameness

#Together – harnessing our collective wisdom enables us to be our best for our customers & each other

#No boxes – it’s not about labels, boxes or categories. It’s about building a diverse and inclusive mindset into everything we do

IAG is the largest general insurance group in Australia and New Zealand. IAG owns some of the region’s most trusted brands, including NRMA Insurance, CGU, SGIO, SGIC and WFI.

Let’s Talk

Start your career journey with us and click ‘Apply’!

In addition to a diverse and inclusive culture, some of our benefits include 13% superannuation, 50% insurance discounts, flexible work and leave options, generous parental leave and return to work program, recognition and reward program, and various corporate partner discounts.

We encourage Aboriginal and Torres Strait Islanders to apply for this position.