IT Security Governance Specialist

at  TOWER Insurance

WHY YOU’LL LOVE WORKING WITH TOWER

At Tower, we put our people first and pride ourselves on creating a diverse and inclusive space that provides opportunities for everyone to thrive. As a uniquely Kiwi and Pacific insurer operating for almost 150 years, with roots all the way back to Dunedin, we embrace and encourage our people to bring their whole selves to work.
We celebrate all ages, genders, sexual orientations, races, religions, and anything else that helps to make our people special. We are proud holders of the Rainbow Tick which is an important symbol for us.

WHAT YOU’LL NEED

We are looking for an individual with the ability to learn and evolve and is ready to be part of a transformative journey for our information security team.

To be successful in this role, you will also be able to demonstrate the following:

• 3-5 years’ experience in information security or IT risk related role.
• Any of the following Certifications CISM; CISSP; CRISC & other security vendor training certifications
• Experience and demonstrable understanding of security risk management and compliance frameworks
• Good understanding of IT security technologies, products, and processes
• Demonstrated understanding of information security concepts and industry standards (e.g., ISO, PCI, NIST)
• Have a technical understanding of operational toolsets including SIEM, Email & Web content-filtering, WAF, Endpoint Detection & Response, Vulnerability Scanning, CASB, Threat Emulation, Penetration Testing and Microsoft 365 stack
• Experience in managing the risks around adopting/consuming IaaS/PaaS/SaaS services

Our commitment is to create an inclusive workplace where our people come first, we feel valued, safe and respected. If you feel comfortable doing so, please let us know early in the process if there are any diversity needs, we can meet or make reasonable adjustments to enable you to shine. If you would like to note which pronouns you use at any point in the application or interview process, please let us know.

WHAT WILL YOU BE DOING?

As the IT Security Governance Specialist, you are considered an information security expert within your group and the wider organisation. You will provide advice to others and contribute to improving the security of systems, providing input to other projects, and assisting other security personnel.
In this busy and varied role, you will identify new cyber, IT, and Information risks, lead the mitigation plan and resolution activities and lead compliance reporting for internal and external audits. Additionally, you will conduct cyber risk assessments on new vendors and services that Tower introduces.

To be successful in this role, you will also be able to demonstrate the following:

• 3-5 years’ experience in information security or IT risk related role.
• Any of the following Certifications CISM; CISSP; CRISC & other security vendor training certifications
• Experience and demonstrable understanding of security risk management and compliance frameworks
• Good understanding of IT security technologies, products, and processes
• Demonstrated understanding of information security concepts and industry standards (e.g., ISO, PCI, NIST)
• Have a technical understanding of operational toolsets including SIEM, Email & Web content-filtering, WAF, Endpoint Detection & Response, Vulnerability Scanning, CASB, Threat Emulation, Penetration Testing and Microsoft 365 stack
• Experience in managing the risks around adopting/consuming IaaS/PaaS/SaaS service