Information Security Manager (Fixed Term Contract)

About The Role

We’re excited to announce an opportunity for an Information Security Manager to join our dynamic Digital Services team at ARAG UK on a 12 month fixed-term contract basis.

As a member of the Digital Services team this role will be at the forefront of ARAG UK’s security strategy, ensuring the confidentiality, integrity and availability of ARAG’s information and information systems. The successful candidate will hold accountability for ensuring our ISO27001 accreditation is adhered to and successfully renewed, as well as assessing the information risk and facilitate remediation of identified vulnerabilities within the company’s network, systems and applications. In addition, you'll look lead on the strategy, road mapping and planning of security in the organisation as well as the management of the information security team

This is an excellent opportunity to report on findings and apply recommendations for corrective & preventative action, whilst identifying opportunities to reduce security risks. Key responsibilities will also include documenting remediation options regarding acceptance or mitigation of risk scenarios, as well as facilitating and monitoring performance of risk remediation tasks, changes related to risk mitigation & reporting on findings. This role will help the company understand security threats and help create strategies to protect ARAG’s assets and interests for multiple ARAG entities.

This is a strategic and hands-on work role, where you will manage a small team, whilst also supporting the Security & Governance Manager driving the IT Security strategy, leading projects, co-ordinating the team’s work and mentoring, coaching & developing them. There will also be a responsibility to work with others in Digital Services and the wider organisation to ensure appropriate leadership and accountability in the security space. The role-holder will engage with our parent company, ensuring our ISMS aligns with their prescribed standards and frameworks, as well as discussing, analysing, planning and executed any required changes and improvements in our Information Security Systems.

We are keen to hear from candidates that possess a high level of technical, organisational and communication skills to fulfil this role. You will also be accountable for contributing to audit responses, specifically in the InfoSec area, and establishing improvements in the response process and standardisation.

About You

We are keen to hear from candidates with a good understanding of information security frameworks, standards and security best practice (ISO27001, NIST CSF, Cyber Essentials, OWASP). You’ll have demonstrable knowledge and adherence to data protection legislation and regulatory requirements (e.g. GDPR, FCA SYSC, PCI DSS), as well as extensive experience and understanding of security analysis tools, defensive technologies and other security technologies (e.g. SIEM, VAS, IDS/IPS, Firewalls, IAM, NAC, patch management, anti-malware).

In addition, the ideal candidate will have:

• Solid understanding of security incident management and incident response processes and activities.

• Strong working knowledge of authentication technologies (e.g. two-factor, multifactor).

• Good knowledge of Zero trust principles (e.g. limiting access to confidential information, limiting remote access to applications, differentiating between corporate and personal devices, trusted endpoints).

• Knowledge of endpoint security solutions (e.g. HIDS, anti-malware, file integrity, DLP).

• AWS and cloud platforms (e.g. SaaS, IaaS, PaaS).

• System administration, supporting multiple platforms and applications.

• Skilled in conducting vulnerability scans and identifying vulnerabilities in systems.

• Good awareness of the current Threat Landscape.

• Good understanding of modern malware: execution methods, persistence, detection, delivery mechanisms and entry points.

• Experience delivering presentations and supporting messaging to leadership teams.

• At a minimum, intermediate level of expertise in IT risk management or a related discipline – for example, security, privacy, business continuity management or compliance.

As a team we are passionate and enthusiastic about what we do. Our people are encouraged to think independently and to take ownership of their work. In return for your commitment we will offer you generous remuneration and attractive benefits package which includes:

- 26 days holiday with the option to buy up to a further 5 days

- Company pension scheme with the option to increase contributions

- Group Income Protection for all employees

- Group Legal Protection for all employees

- A choice of either European Motor Assistance or Home Emergency Assistance

- Private Medical Insurance

- Salary sacrifice benefits including Cycle scheme

- A comprehensive wellbeing programme including free eye tests

- Access to our employee discounts hub offering exclusive discounts across thousands of retail partners, including discounted gym memberships at over 3,000 gyms across the UK

- The option to join our Sports and Social club which organises discounted events such as theatre visits, wine tasting and shopping trips

If you think you would be a good match for this role and can demonstrate some transferable experience please apply, regardless of whether you meet all the criteria listed above.

About The Company

ARAG UK has been helping businesses and individuals gain access to justice for over 40 years. It’s our founding principle to enable everybody, not just those who can afford it, to assert their legal rights.

Thousands of businesses and individuals defend or pursue legal action each year safe in the knowledge that ARAG are paying their legal bills. Our businesses include a legal expenses insurance company and a law firm with many opportunities in both areas.

We have always been aware that it’s the people that really make it happen; the quality of our people defines the quality of the company, the service we offer and the good outcomes for our customers, so we’re committed to creating a great place to work for our employees.

We believe it is an exciting time to join ARAG. You can expect an organisation that will challenge and develop you to progress your career.

By giving you every opportunity to develop yourself professionally and personally, we also pride ourselves on having an open, inclusive and high energy culture that encourages a fun working environment and places our customers at the very heart of everything we do.

If you are keen to become part of our exciting future then we would love to hear from you. In addition to the very genuine development opportunities we provide we also offer a generous reward and benefits package.