Application Security Lead

Job Title: Application Security LeadReporting to: BISOPosition Type: Permanent, Mon-Fri, 9-5Hybrid Working: 3 days a week onsite

 

Why Tokio Marine HCC?

Standing still is not an option in the current world of Insurance. TMHCC are one of the world’s leading Speciality Insurers. With deep expertise in our chosen lines of business, our unparalleled track record and a solid balance sheet, TMHCC evaluates and manages risk like no one else in the industry. Looking beyond profit, empowering our people and delivering on our commitments are at the core of our customer values, and so is a desire to grow and provide creative and innovative solutions to our clients. We have doubled our gross written premiums in the past 3 years and our plan is to do so again in the next 3 years. To support this desire, we need to be forward-thinking and innovative in every respect. That means continually improving our customer-focused business, it means providing systems, solutions and technology to enable seamless growth and business innovation, and it means having the best people capability to apply to these challenges.

Part of our evolution involves growing our team, and bringing in a range of views, perspectives and backgrounds that will allow us to deliver this forward-looking culture, that relies upon open and trusting relationships, and a shared vision for that continual improvement. We aspire to build an environment where new perspectives are encouraged, where resilience, fresh ideas and different opinions are valued.

About the Opportunity

TMHCC International have recently undergone an exciting IT transformation and is the process of recruiting and developing a broad range of suitably qualified, skilled and experienced people. Reporting into the Business Information Security Officer (BISO) for TMHCC International, the Application Security Lead is part of a new BISO function established within in the CIO organisation of the International division at TMHCC. You'll join the IT team as someone who is passionate about Application Security and Application Vulnerability Management.

Under the guidance of the BISO, you will work closely with TMHCC International IT teams and Enterprise Security to establish an application security capability for TMHCC International. The established function will have oversight of the application security posture and work with application owners to ensure that that security controls and technologies are deployed across the application estate.

You will be experienced in cyber vulnerability detection, remediation and reporting processes. You will be responsible for triaging and prioritising detected application vulnerabilities as well as coordinating and driving remediation activity to reduce our cyber risk profile.

Key to your role will be maturing MI reporting for onward communication to the board and executive.

Core Responsibilities

• Ensure in-depth knowledge and understanding of application threat and vulnerability management practices as you prioritise and coordinate remediation of vulnerabilities across our estate.
• Establish and maintain strong relationships with stakeholders in the International IT teams as well as Enterprise Security.
• Track application security tool coverage, risk and performance metrics against established thresholds.
• Collaborate with Enterprise Security and development teams to ensure the deployment of application scanning technologies and reporting.
• Collaborate with Enterprise Security teams, as you monitor and understand impacting risks of existing and emerging application vulnerabilities.
• Coordinate with the IT stakeholders and Enterprise Security to ensure all application vulnerability scanning solutions are deployed and operating across the IT organisation.
• Ensure exceptions to application security policies are managed in accordance with Enterprise security policy exception processes.
• Critically evaluate information gathered from multiple sources, reconcile conflicts, abstract up from low-level information to create a clear understanding of cyber risks.
• Support the BISO in providing metrics and SME insights into the Divisional IT Risk Reporting and Dashboards.
• Escalate significant cyber risks and issues as they emerge, to the BISO and IT Leadership for action or information.

 

Skills and Requirements:

Essential:

• 5-10 years of experience in a technical cyber role (e.g. application security analyst, threat and vulnerability analyst, application security engineer, penetration tester).
• Experience working in a developer role with proficiency in scripting languages and experience working with Azure Devops stack.
• Application security testing (DAST, penetration testing) practices and tooling, including experience in driving remediation of identified vulnerabilities.
• Extensive experience of implementing SAST scanning tools in CI/CD pipelines and driving resolution of identified vulnerabilities.
• Understanding of OWASP framework and secure coding practices and experience promoting them within development teams.
• Practical experience in triage and remediation of vulnerabilities across including collaboration with application teams to remediate application layer vulnerabilities.
• Deep understanding of and ability to articulate the risk associated with application security vulnerabilities.
• Ability to coordinate and chair regular meetings and workshops with multiple stakeholders to provide guidance, collaboration, and oversight of vulnerability remediation initiatives.
• Excellent verbal, written communication, and presentation skills, being able to explain complex items in a simple yet articulate manner.
• Confidence in presenting information and acting as a source of SME knowledge and guidance.
• Analytical, conceptual thinking, planning and execution skills.
• Ability to drive improvements and take charge of initiatives, backed with excellent coordination strength as well as assertiveness.
• Result orientated and able to manage to measurable targets and desired outcomes.
• A passion to champion a cyber security culture and continuous learning of latest cyber threat trends.

Desirable:

• Experience of the Specialty and Lloyd’s/Companies market insurance industry
• Relevant industry qualifications preferable (e.g. CISSP, CSSLP)
• Relevant degree or similar qualification (e.g., BSc Computer Science or other related fields of study)

 

 

 The Tokio Marine HCC Group of Companies offers a competitive salary and employee benefit package. We are a successful, dynamic organization experiencing rapid growth and are seeking energetic and confident individuals to join our team of professionals. The Tokio Marine HCC Group of companies is an equal opportunity employer. Please visit www.tmhcc.com for more information about our companies. The Tokio Marine HCC Group of companies is an equal opportunity employer.  Please visit www.tmhcc.com for more information about our companies.   #LI-LH1