Penetration Test Manager
Aviva is an international insurer with over 33 million customers, and a leader in digital insurance.
To keep the firm and customers secure, Aviva operates a comprehensive security testing programme, covering key systems on a regular schedule and after major changes. Coordinating this internationally and at scale is a big undertaking and we are looking for a talented and enthusiastic technical security specialist to lead and develop our central services in this space. The work requires technical expertise, initiative, great people skills, and attention to detail.
In this role, you will lead on all aspects of the Aviva Penetration Testing Governance service operation and development. You will be working with colleagues across the global security community and our external partners to ensure Aviva delivers an appropriate level of technical testing in terms of coverage and quality in a cost-effective way. You will have an opportunity to actively influence the direction of the team, explore innovative ways to deliver technical assurance, and build your skills and professional network along the way.
Duties & Responsibilities
Leading on developing the central pentest service, finding opportunities to innovate and improve
Maintaining a central view of all pentests taking place in Aviva and their outcomes
Providing technical expertise and supporting international CISO colleagues with scoping tests and interpreting results
Managing the global preferred supplier list to ensure that our penetration testing partners provide good value for money, deliver work to an appropriate quality, and provide appropriate coverage of skills and regional presence
Collating existing leading practice documentation and developing central standards, methodologies, and guidance
Maintaining the infrastructure and automation tools for pentest related data and reporting
Key performance indicators
Delivery of key operational responsibilities
Measurable improvement in effectiveness of Aviva penetration testing processes
Positive feedback from key internal partners
Skills & Experience required
Understanding of the penetration testing value proposition, test engagement lifecycle, types of penetration tests and their operational requirements
Experience with leading operational security delivery and projects
Experience managing relationships with IT and business partners and vendors
Broad technical understanding of security controls and the ability to evaluate residual exposure to complex attack scenarios in specific control environments
Ability to deliver to a schedule, prioritise conflicting tasks, and service occasional time-critical requests as required
Excellent written and verbal communication skills, including technical communication
Awareness of the latest cyber security trends and developments
Experience with delivering and managing penetration tests a plus
Recognised technical security certifications and academic degrees desirable, but not essential (Information Security MSc, CREST, SANS, Offensive Security certifications)
What will you get for this role?
Salary depending on skills, experience and qualifications
Generous defined contribution pension scheme
Annual performance related bonus and pay review
Minimum holiday allowance of 29 days plus bank holidays and the option to buy/sell up to 5 additional days
Up to 30% discount for some Aviva products through “My Aviva Extras” plus discounts for Friends and Family
Excellent range of flexible benefits to include a matching share save scheme
Bring to Aviva what makes you different and we’ll support you to do the best work of your life. We encourage applications from everyone who wants to help us achieve our purpose of helping our customers to Defy Uncertainty.
One of Aviva’s core values is Care More, and this is brought to life through the flexible ways we like to work. This may include working from home some of the time, or flexible work schedules to accommodate parent and carer responsibilities, further studies and hobbies.
As a disability confident employer we guarantee to interview anyone with a disability, (As defined in the The Equality Act 2010) whose application meets the minimum criteria for the post. (By ‘minimum criteria’ we mean that you must provide us with evidence which demonstrates that you generally meet the level of competence required, as well as meeting any of the qualifications, skills or experience defined as essential). Please apply through the website. and then notify us that you meet the conditions for the guaranteed interview scheme.