Lockton is the largest independently owned global insurance broker and has seen sustained growth year on year.
We consider our people to be our most valuable asset and have some great initiatives in place around areas including employee wellbeing, charity and community support and an internal network group for younger associates, (Lockton Young Professional Network).
The purpose of this role is to improve Lockton’s ability to protect data and systems we need to improve our capability within the cyber security function. In the fast changing world of cyber threats, Lockton needs to implement processes and frameworks that enables continuous monitoring, assessment and improvement. The role will aim to provide assurance in security operation and engineering as well as staying current to potential threats.
Key accountabilities within the role include:
- Discover (through a mix of research and practical exploration) vulnerabilities in a system.
Key controls assessment and assurance:
- Controls such as Anti Malware, encryption, Network security devices. Ensuring that the controls in place are effective, properly maintained and updated.
Other duties include:
- Performing health check and see through any reconfiguration change required.
- Analyse and evaluate security threats and hazards to a system or service or processes.
- Be aware of and demonstrate use of relevant external sources of threat intelligence or advice (e.g. CERT UK).
- Combine different sources to create an enriched view.
- Research and investigate some common attack techniques and recommend how to defend against them.
- Be aware of and demonstrate use of relevant external sources of vulnerabilities (e.g. OWASP).
- Third party Risk Assessment process – Schedule assessment, identify risks and follow up.
- Provide operation support for Vulnerability Management – Infrastructure, network, application and web application scanning.
- Scan scope - Ensure that the correct scopes are scanned and identify new discovered devices. Troubleshoot fail scan on assets.
- Support asset owners (e.g. Infrastructure or Development team) on assessment and remediation of vulnerabilities.
- Assign vulnerability to owners, track and report on progress.
- Pen Test coordination with vendors and all stakeholders.
- Provide Cyber Incident Response support
- Assist with maintenance and update of Playbook, assist with testing, deployment and maintenance of new security solutions e.g. PAM, NAC, and DLP.
- Compile various security reports from different teams in corporate services for management review.
- Identify and maintain asset inventory (information and physical assets).
Desirable skills / Personal qualities:
- Logical and creative thinking skills
- Analytical and problem solving skills
- Ability to work independently and to take responsibility
- Can use own initiative
- A thorough and organised approach
- Ability to work with a range of internal and external people
- Ability to communicate effectively in a variety of situations
- Maintain productive, professional and secure working environment
- Excellent verbal and written communication skills with the ability to effectively articulate complex technical terms to both technical and non-technical audiences
- You should hold either an IT apprenticeship Level 3 qualifications
- A Levels/BTEC Extended Diploma in ICT
9:30am - 5:30pm, 5 days per week.
- Private Medical Insurance
- Company Pension
- 25 days' annual leave
- Interest free season ticket loan
- 4x Salary Death in Service
- Plus additional flexible benefits and retail discounts
QA’s apprenticeships are funded by the Education & Skills Funding Agency (ESFA), an executive agency of the Department for Education.
To be eligible for a Government funded apprenticeship you must have lived in the UK or European Economic Area (EEA) for the last 3 consecutive years.