IT Policies | IT Governance | IT Processes | Security Awareness | IT Risk Assessement | Information Security
Ancileo is a fast growing, successful Insuretech firm, enjoying a large customer portfolio in travel insurance ecommerce.Beginning as a startup, we've signed a global technology contract with a leading insurer in 2017, our customers range from traveltech startup to airlines, online travel agents, financial institutions and leading mobile chat companies. We are currently in a growth and expansion phase, both in terms of new market share and in growing our team across the board.
The Technical Information Security Officer will work with the system development areas to ensure technology risks are addressed at each phase of the system development life cycle and provide proactive solutions to correct exposures or mitigate risk. TISO will also interpret security standards, procedures, and guidelines for multiple platforms and diverse environments in designing solutions and recommend enhancements.
· Conducts independent comprehensive assessments of the management, operational, and technical security controls and control enhancements employed within or inherited by an information technology (IT) system to determine the overall effectiveness of the controls.
· Ensures that the stakeholder security requirements necessary to protect the organization’s mission and business processes are adequately addressed in all aspects of enterprise architecture including reference models, segment and solution architectures, and the resulting systems supporting those missions and business processes.
· Plans, prepares, and executes tests of systems to evaluate results against specificationsand requirements as well as analyze/report test results.
· Designs, develops, tests, and evaluates information system security throughout the systems development life cycle.
Oversee and Govern:
· Develops and oversees privacy compliance program and privacy program staff, supporting privacy compliance, governance/policy, and incident response needs of privacy and security executives and their teams.
· Develops, plans, coordinates, and evaluates cyber training/education courses, methods, and techniques based on instructional needs.
· Develops and conducts training or education of personnel within cyber domain.
· Responsible for the cybersecurity of the organization.
· Develops and maintains cybersecurity plans, strategy, and policy to support and align with organizational cybersecurity initiatives and regulatory compliance.
· Conducts evaluations of IT programs or its individual components to determine compliance with published standards.
Protect and Defend:
· Uses data collected from a variety of cyber defense tools (e.g., IDS alerts, firewalls, network traffic logs) to analyze events that occur within their environments for the purposes of mitigating threats.
· Investigates, analyzes, and responds to cyber incidents within the network environment or enclave.
· Performs assessments of systems and networks within the network environment or enclave and identifies where those systems/networks deviate from acceptable configurations, enclave policy, or local policy. Measures effectiveness of defense-in-depth architecture against known vulnerabilities.
· Develops cyber indicators to maintain awareness of the status of the highly dynamic operating environment. Collects, processes, analyzes, and disseminates cyber threat/warning assessments.
· Collaborates to identify access and collection gaps that can be satisfied through cyber collection and/or preparation activities. Leverages all authorized resources and analytic techniques to penetrate targeted networks.
· Analyzes data/information from one or multiple sources to conduct preparation of the environment, respond to requests for information, and submit intelligence collection and production requirements in support of planning and operations.
· Develops assessment plans and measures of performance/effectiveness. Conducts strategic and operational effectiveness assessments as required for cyber events. Determines whether systems performed as expected and provides input to the determination of operational effectiveness.
· Identifies, collects, examines, and preserves evidence using controlled and documented analytical and investigative techniques.
· Conducts detailed investigations on computer-based crimes establishing documentary or physical evidence, to include digital media and logs associated with cyber intrusion incidents.
· Analyzes digital evidence and investigates computer security incidents to derive useful information in support of system/network vulnerability mitigation.
· BS/BE degree in Information Security/ Computer Science/Electronics and Engineering /Information Technology
· 5+ years of experience in Information Security area related to one or more of the areas: Security architecture, Security risk assessments, Security event management, ethical hacking, Secure Application Design and Development.
· Possess Security certifications such as CISSP, CSSLP, CCSP, OCSP etc.
· Must have a strong knowledge in Application Security, Cryptography, Key management, API Security, Cloud Security and Mainframe Security.
· Preferably have a good understanding of the insurance sector.
· Must be able to understand detailed technical procedures, functional requirements, Agile/Waterfall SDLC projects and Web Development Architecture, Ethical Hacking Processes.
· Strong risk management and risk articulation skills. Must be able to apply Risk management principles and balance IS priority
· Self-motivated with the ability to work independently and as a team member with minimal direction.
· Excellent written and verbal communication skills with the ability to effectively communicate with all levels.
· Ability to build and maintain positive working relationships across project and control teams
· Knowledge of AWS, certification is a plus
OVERVIEWAncileo empowers insurance distribution with B2B2C partnerships using 360Âº technology solutions for insurers, re-insurers and affinity partners. Our platform provides plug and play, secure and customizable technology solutions that enables efficient insurance distribution through digital partnerships.
We are constantly evolving to meet the needs of our clients. But some things will never change: our dedication to results and the will to make the impossible, possible.