Our client, is known for solving complex risks. For mid-sized companies, multinationals and even some inspirational individuals we don't just provide re/insurance, we reinvent it.
How? By combining a strong and efficient capital platform, data-driven insights, leading technology, and the best talent in an agile and inclusive workspace, empowered to deliver top client service across all our lines of business − property, casualty, professional, financial lines and specialty.
With an innovative and flexible approach to risk solutions, we partner with those who move the world forward.
There are three roles that includes working multiple with subject matter expert on a wide variety of topics to determine if temporary exceptions to the Information Security Policy are acceptable. Strong communication skills are a must as the candidate will be working with colleagues globally.
ExcelPowerPointWord
The specialist will work under the responsibility of the Head of IS Services and Risk Management and will report to the Project Tollgates Team Lead. The responsibilities of the role will include the following:
- Review submission of IS Criticality Assessment (ISCA) questionnaire (ISCA Dashboard)
- Determine high level security requirements and project criticality, based on standard project activities and data classification from DP pre-screening
- Work with assigned architect to ensure security requirements are finalized in design (High Level Design), review with Enterprise Architecture, Solutions Architecture, Cyber Security and Cyber Assurance
- Review of all security requirements and evidence provided by the project manager to support closure of each requirement:
o Review and feedback on ISCA questionnaire
o Review and feedback on High Level Design (HLD)
o Present at ISCA Project Technical Review
o Attend and obtain HLD sign-off at Technical Design Authority, Solutions Design Authority (SDA) and Data Intelligence and Analytics (DIA)
o Obtain Business Partner Risk Evaluation Platform (BPREP) scorecard for TP SaaS solutions from Security Contracts team
o Obtain Identity & Access Management (IAM) assessment signoff from IAM Team.
o Obtain Minimum Technical Security Baseline compliance reporting from QualysGuard
o Obtain Cloud Permit from Enterprise Architecture
o Obtain Code Review and Analysis - in house solutions only from SCD
o Self-serve vulnerability assessment compliance report of assets in scope
o Liaise with Cyber Assurance on penetration testing of solution and obtain sign off
o Obtain Digital Hub registration for external facing solutions from Cyber Assurance
o Produce Project Security Assessment closure report
- Perform a final review of all open security requirements and their status before any stage gate approval can be provided (effectively the Production Go/No-go decision). Ensure SDLC agile, waterfall and infra waterfall processes are followed
- Store all evidence in IS projects shared area
- Update the project register daily to ensure project status is maintained and update the Project Security Assessment (PSA) template as a record of activity. Submit PSA for sign off to complete risk assessment
- Manage project RAG status ensuring activities trending amber and red are highlighted to management and the project manager
- Liaise with project manager to support the development of the risk acceptance (PM is responsible) where needed
- Attend meetings with project manager, stakeholders, ISCA technical review, architectural design authorities and pen testing reviews. Challenge design decisions not compliant with security, escalate issues when they become known, offer options to resolve
All deliverables are subject to an internal quality assurance and peer reviews will be conducted by the Information Security team.
MUST
- Information Security and /or Information Technology industry certification (CISSP, CISM, CRISC, GIAC, CISSP or equivalent)
- Bachelor's degree in computer science, Engineering, or related field with a minimum of 10 years of professional experience
- Strong knowledge of performing project risk assessments
- Experience in performing Information Security technical risk assessments > 10 years
- Proficient in information security risk and governance frameworks (ISO 27005, EBIOS)
- Expert analytical and reporting skills
- Expert in Microsoft Office (Word, Excel, PowerPoint, Access)
- Ability to effectively communicate and positively influence diverse stakeholders and team members
- Excellent attention to detail and the ability to create clear, concise, and engaging presentations
- Experience in articulating IS risks in business language and advising on the appropriate risk management action > 5 years
- Experience in information security management reporting and related methodologies > 5-10 years
- Experience in multinational companies
Luxoft Poland
Wrocław
2000Luxoft, a DXC Technology Company, is a global digital strategy and software engineering firm with about 18,000 international employees within its 44 offices in 21 countries. It is headquartered in Zug, Switzerland.
In January 2019, Luxoft was acquired by U.S. company DXC Technology. Luxoft partnered with LG Electronics to create a next-generation Autonomous Mobility concept vehicle that integrates consumers' personalized digital lifestyles into a driving experience. Luxoft enabled Switzerland's first Blockchain based e-vote platform with the City of Zug and Hochschule Luzern's Blockchain Lab.
Luxoft, a DXC Technology Company is a world-renowned company. It has been present on the Polish market for over 11 years. We have offices in Krakow, Warsaw, Wroclaw, and Tri-City. We employ almost 2,500 experienced experts carrying out projects for over 40 clients from the financial, automotive, medical, tourist industries, etc. We work for many international clients, including the USA, Great Britain, and Switzerland.
So far, Luxoft Poland has made a name for itself as a company that offers work on innovative projects, we offer various experiences in the field of IT, opportunities for rapid development, an extensive training program, and attractive benefits for employees.
At present, 62% of Luxoft Poland employees come from Poland, and 38% from around 50 countries, including Ukraine, Brazil, India, Turkey, Spain, Portugal, Italy, Romania, USA, etc.
At Luxoft, a DXC Technology Company, as much as 85 percent of employees are experts with the "Senior" experience level, with at least five years of experience. We care about our employees, so every day we try to provide them with the best possible conditions for work and development.
Technology is our passion! We focus on top engineering talent means that you will be working with the best industry professionals from around the world. Because of that, Luxoft is a global family with an epic atmosphere – we love what we do!